diff options
| author | Richard Levitte <levitte@openssl.org> | 2002-10-31 23:16:37 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2002-10-31 23:16:37 +0000 |
| commit | 0b634339c68dda1a0189b67b9063c095795e2004 (patch) | |
| tree | daf6add7a54b660dd8d87842aa0591a45c06740e | |
| parent | 8895bae4061626942f9dd1f287ff424ec694a625 (diff) | |
| download | openssl-new-0b634339c68dda1a0189b67b9063c095795e2004.tar.gz | |
Recent changes from HEAD. The VMS procedures are probably broken, to
be fixed.
85 files changed, 1497 insertions, 2330 deletions
@@ -4,6 +4,29 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + *) Implement fast modular reduction for pseudo-Mersenne primes + used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). + EC_GROUP_new_curve_GFp() will now automatically use this + if applicable. + [Nils Larsch <nla@trustcenter.de>] + + *) Add new lock type (CRYPTO_LOCK_BN). + [Bodo Moeller] + + *) Change the ENGINE framework to automatically load engines + dynamically from specific directories unless they could be + found to already be built in or loaded. Move all the + current engines except for the cryptodev one to a new + directory engines/. + The engines in engines/ are built as shared libraries if + the "shared" options was given to ./Configure or ./config. + Otherwise, they are inserted in libcrypto.a. + /usr/local/ssl/engines is the default directory for dynamic + engines, but that can be overriden at configure time through + the usual use of --prefix and/or --openssldir, and at run + time with the environment variable OPENSSL_ENGINES. + [Geoff Thorpe and Richard Levitte] + *) Add Makefile.shared, a helper makefile to build shared libraries. Addapt Makefile.org. [Richard Levitte] @@ -1965,6 +1988,16 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half + the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently + doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be + the bitwise-OR of the two for use by the majority of applications + wanting this behaviour, and update the docs. The documented + behaviour and actual behaviour were inconsistent and had been + changing anyway, so this is more a bug-fix than a behavioural + change. + [Geoff Thorpe, diagnosed by Nadav Har'El] + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller] @@ -1122,6 +1122,11 @@ if ($no_shared) $cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags"; $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; } +else + { + $cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags"; + $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; + } if ($sys_id ne "") { diff --git a/Makefile.org b/Makefile.org index 4eb6708102..1b3be52906 100644 --- a/Makefile.org +++ b/Makefile.org @@ -464,7 +464,7 @@ install: all install_docs do \ if [ -d "$$i" ]; then \ (cd $$i; echo "installing $$i..."; \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \ fi; \ done @for i in $(LIBS) ;\ diff --git a/Makefile.shared b/Makefile.shared index 83e1bd89d6..e91804fcb0 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -67,7 +67,7 @@ CALC_VERSIONS= \ SHLIB_SOVER_NODOT=$$v \ SHLIB_SOVER=.$$v; \ if [ -n "$$prev" ]; then \ - SHLIB_COMPAT=$$SHLIB_COMPAT .$$prev; \ + SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \ fi; \ prev=$$v; \ done; \ @@ -81,7 +81,7 @@ LINK_SO= \ $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp ) SYMLINK_SO= \ prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ - if [ -n "$$SHLIB_COMPAT"]; then \ + if [ -n "$$SHLIB_COMPAT" ]; then \ for x in $$SHLIB_COMPAT; do \ ( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ @@ -110,33 +110,26 @@ DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ my_ld=`gcc -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 - -link_o.gnu: - @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so \ - SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive' \ - SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" \ - SHAREDCMD='$(CC)'; \ - $(LINK_SO_O) -link_a.gnu: - @ $(CALC_VERSIONS); \ +DO_GNU=$(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-Wl,--whole-archive' \ NOALLSYMSFLAGS='-Wl,--no-whole-archive' \ SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" \ - SHAREDCMD='$(CC)'; \ - $(LINK_SO_A) + SHAREDCMD='$(CC)' + +link_o.gnu: + @ $(DO_GNU); $(LINK_SO_O) +link_a.gnu: + @ $(DO_GNU); $(LINK_SO_A) # For Darwin AKA Mac OS/X (dyld) link_o.darwin: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME) \ SHLIB_SUFFIX=.dylib \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-all_load' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS="-dynamiclib" \ @@ -152,7 +145,7 @@ link_a.darwin: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME) \ SHLIB_SUFFIX=.dylib \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-all_load' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS="-dynamiclib" \ @@ -168,7 +161,7 @@ link_a.darwin: link_o.cygwin: @ SHLIB=cyg$(LIBNAME).dll \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_SOVER= \ ALLSYMSFLAGS='-Wl,--whole-archive' \ NOALLSYMSFLAGS='-Wl,--no-whole-archive' \ @@ -178,7 +171,7 @@ link_o.cygwin: link_a.cygwin: @ SHLIB=cyg$(LIBNAME).dll \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_SOVER= \ ALLSYMSFLAGS='-Wl,--whole-archive' \ NOALLSYMSFLAGS='-Wl,--no-whole-archive' \ @@ -188,16 +181,11 @@ link_a.cygwin: link_o.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -212,20 +200,15 @@ link_o.alpha-osf1: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -240,23 +223,18 @@ link_a.alpha-osf1: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_A); \ - fi + fi; \ + $(LINK_SO_A) # The difference between alpha-osf1-shared and tru64-shared is the `-msym' # option passed to the linker. link_o.tru64: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -271,20 +249,15 @@ link_o.tru64: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.tru64: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -299,23 +272,18 @@ link_a.tru64: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_A); \ - fi + fi; \ + $(LINK_SO_A) # The difference between tru64-shared and tru64-shared-rpath is the # -rpath ${LIBRPATH} passed to the linker. link_o.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -330,20 +298,15 @@ link_o.tru64-rpath: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ if [ -n "$$SHLIB_HIST" ]; then \ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ @@ -358,127 +321,97 @@ link_a.tru64-rpath: if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ - $(LINK_SO_A); \ - fi + fi; \ + $(LINK_SO_A) link_o.solaris: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-z allextract' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.solaris: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-z allextract' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_A); \ - fi + fi; \ + $(LINK_SO_A) # OpenServer 5 native compilers used # UnixWare 7 and OpenUNIX 8 native compilers used link_o.svr3: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-z allextract' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.svr3: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-z allextract' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_A_UNPACKED); \ - fi + fi; \ + $(LINK_SO_A_UNPACKED) link_o.irix: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-all' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_O); \ - fi + fi; \ + $(LINK_SO_O) link_a.irix: @ if ${DETECT_GNU_LD}; then \ - $(MAKE) -f $(SHARED_MAKEFILE) CC="$(CC)" LDFLAGS="$(LDFLAGS) \ - SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - LIBNAME="$(LIBNAME)" LIBEXTRAS="$(LIBEXTRAS)" \ - LIBVERSION="$(LIBVERSION)" - LIBCOMPATVERSIONS="$(LIBCOMPATVERSIONS)" \ - LIBDEPS="$(LIBDEPS)" link_o.gnu; \ + $(DO_GNU); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-all' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \ SHAREDCMD='$(CC)'; \ - $(LINK_SO_A); \ - fi + fi; \ + $(LINK_SO_A) # HP-UX includes the full pathname of libs we depend on, so we would get # ./libcrypto (with ./ as path information) compiled into libssl, hence @@ -544,7 +477,7 @@ link_o.aix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-bnogc' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE' \ @@ -554,7 +487,7 @@ link_a.aix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS='-bnogc' \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE' \ @@ -565,7 +498,7 @@ link_o.reliantunix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS= \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G' \ @@ -575,7 +508,7 @@ link_a.reliantunix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so \ SHLIB_SUFFIX= \ - LIBDEPS="$(LIBDEPS)" \ + LIBDEPS="$(LIBDEPS) -lc" \ ALLSYMSFLAGS= \ NOALLSYMSFLAGS='' \ SHAREDFLAGS='-G' \ diff --git a/apps/apps.c b/apps/apps.c index 5863b33850..be7a80acb8 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -114,9 +114,7 @@ #include <string.h> #include <sys/types.h> #include <sys/stat.h> -#define NON_MAIN -#include "apps.h" -#undef NON_MAIN +#include <ctype.h> #include <openssl/err.h> #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -136,6 +134,10 @@ # endif /* NO_STRINGS_H */ #endif +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN + #ifdef OPENSSL_SYS_WINDOWS # include "bss_file.c" #endif @@ -64,7 +64,6 @@ #include <ctype.h> #include <sys/types.h> #include <sys/stat.h> -#include "apps.h" #include <openssl/conf.h> #include <openssl/bio.h> #include <openssl/err.h> @@ -99,6 +98,8 @@ # endif #endif +#include "apps.h" + #ifndef W_OK # define F_OK 0 # define X_OK 1 @@ -3055,68 +3056,72 @@ X509_NAME *do_subject(char *subject, long chtype) int nid; if (!buf || !ne_types || !ne_values) - { + { BIO_printf(bio_err, "malloc error\n"); goto error; - } + } if (*subject != '/') - { + { BIO_printf(bio_err, "Subject does not start with '/'.\n"); goto error; - } + } sp++; /* skip leading / */ while (*sp) - { + { /* collect type */ ne_types[ne_num] = bp; while (*sp) - { + { if (*sp == '\\') /* is there anything to escape in the type...? */ + { if (*++sp) *bp++ = *sp++; - else - { + else + { BIO_printf(bio_err, "escape character at end of string\n"); goto error; - } + } + } else if (*sp == '=') - { + { sp++; *bp++ = '\0'; break; - } + } else *bp++ = *sp++; - } + } if (!*sp) - { + { BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); goto error; - } + } ne_values[ne_num] = bp; while (*sp) - { + { if (*sp == '\\') + { if (*++sp) *bp++ = *sp++; else - { + { BIO_printf(bio_err, "escape character at end of string\n"); goto error; + } } else if (*sp == '/') - { + { sp++; break; - } + } else *bp++ = *sp++; - } + } *bp++ = '\0'; ne_num++; - } + } if (!(n = X509_NAME_new())) goto error; diff --git a/apps/ecparam.c b/apps/ecparam.c index 71ae9e7d9b..02bf6c1a9d 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/apps/makeapps.com b/apps/makeapps.com index be5dff644d..ad49cb0fd4 100644 --- a/apps/makeapps.com +++ b/apps/makeapps.com @@ -15,22 +15,10 @@ $! $! It was written so it would try to determine what "C" compiler to $! use or you can specify which "C" compiler to use. $! -$! Specify RSAREF as P1 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P1 to compile with or without debugger $! information. $! -$! Specify which compiler at P3 to try to compile under. +$! Specify which compiler at P2 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -39,19 +27,19 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P4, if defined, sets a TCP/IP library to use, through one of the following +$! P3, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! SOCKETSHR for SOCKETSHR+NETLIB $! TCPIP for TCPIP (post UCX) $! -$! P5, if defined, sets the pointer size to build with. The values can be -$! be "32" or "64". Any other value will default to "32" +$! P4, if defined, sets the pointer size to build with. The values can be +$! be "32" or "64". Any other value will default to "32" $! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! -$! P7, if defined, sets a choice of programs to compile. +$! P6, if defined, sets a choice of programs to compile. $! $! $! Define A TCP/IP Library That We Will Need To Link To. @@ -104,10 +92,6 @@ $! Define The CRYPTO Library. $! $ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'FILE_POINTER_SIZE'.OLB $! -$! Define The RSAREF Library. -$! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'FILE_POINTER_SIZE'.OLB -$! $! Define The SSL Library. $! $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'FILE_POINTER_SIZE'.OLB @@ -327,86 +311,36 @@ $ WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library. Can't link. Skipping. $ GOTO NEXT_FILE $ ENDIF $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (RSAREF.EQS."TRUE") +$ IF (TCPIP_LIB.NES."") $ THEN $! $! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. -$! -$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY,- - 'CRYPTO_LIB'/LIBRARY, - - 'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB', - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - + 'OBJECT_FILE''EXTRA_OBJ', - + 'SSL_LIB'/LIBRARY, + 'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB', + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. +$! Don't Link With TCP/IP Library. $! +$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - + 'OBJECT_FILE''EXTRA_OBJ', - + 'SSL_LIB'/LIBRARY, + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB', - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $! @@ -537,7 +471,6 @@ $! End The Option File Search. $! $ ENDIF $! -$! $! End The DEC C Check. $! $ ENDIF @@ -574,32 +507,6 @@ $! End The Crypto Library Check. $! $ ENDIF $! -$! See If We Need The RSAREF Library. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Look For The Library LIBRSAGLUE.OLB. -$! -$ IF (F$SEARCH(RSAREF_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBRSAGLUE.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$ ENDIF -$! -$! End The RSAREF Library Check. -$! -$ ENDIF -$! $! Look For The Library LIBSSL.OLB. $! $ IF (F$SEARCH(SSL_LIB).EQS."") @@ -630,87 +537,10 @@ $ CHECK_OPTIONS: $! $! Check To See If P1 Is Blank. $! -$ P1 = "NORSAREF" -$ IF (P1.EQS."NORSAREF") -$ THEN -$! -$! P1 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P1.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else... -$! -$ ELSE -$! -$! Compile Using The RSAREF Library. -$! -$ RSAREF = "TRUE" -$! -$! End The RSAREF Soure Directory Check. -$! -$ ENDIF -$! -$! Else... -$! -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End P1 Check. -$! -$ ENDIF -$! -$! Check To See If P2 Is Blank. -$! -$ IF (P2.EQS."NODEBUG") +$ IF (P1.EQS."NODEBUG") $ THEN $! -$! P2 Is NODEBUG, So Compile Without Debugger Information. +$! P1 Is NODEBUG, So Compile Without Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -725,7 +555,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P2.EQS."DEBUG") +$ IF (P1.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -741,7 +571,7 @@ $! $! Tell The User Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -755,13 +585,13 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P2 Check. +$! End The P1 Check. $! $ ENDIF $! -$! Check To See If P3 Is Blank. +$! Check To See If P2 Is Blank. $! -$ IF (P3.EQS."") +$ IF (P2.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -774,7 +604,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P3 = "GNUC" +$ P2 = "GNUC" $! $! Else... $! @@ -787,7 +617,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P3 = "DECC" +$ P2 = "DECC" $! $! Else... $! @@ -795,7 +625,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P3 = "VAXC" +$ P2 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -809,9 +639,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P4. +$! Check To See If We Have A Option For P3. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! Find out what socket library we have available @@ -821,7 +651,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P4 = "SOCKETSHR" +$ P3 = "SOCKETSHR" $! $! Tell the user $! @@ -841,7 +671,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P4 = "UCX" +$ P3 = "UCX" $! $! Tell the user $! @@ -865,12 +695,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") +$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P3.EQS."DECC") +$ IF (P2.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -899,7 +729,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P3.EQS."VAXC") +$ IF (P2.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -936,7 +766,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P3.EQS."GNUC") +$ IF (P2.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -965,31 +795,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Else The User Entered An Invalid Arguement. $! $ ELSE @@ -997,7 +802,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1011,13 +816,13 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - - .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" +$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" - + .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P4.EQS."SOCKETSHR" +$ IF P3.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1030,12 +835,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P4.EQS."MULTINET" +$ IF P3.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P4 = "UCX" +$ P3 = "UCX" $! $! Done with MULTINET $! @@ -1043,7 +848,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P4.EQS."UCX" +$ IF P3.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1063,7 +868,7 @@ $ ENDIF $! $! Check to see if TCPIP (post UCX) was chosen $! -$ IF P4.EQS."TCPIP" +$ IF P3.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP. @@ -1076,7 +881,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P4.EQS."NONE" +$ IF P3.EQS."NONE" $ THEN $! $! Do not use TCPIP. @@ -1089,7 +894,7 @@ $ ENDIF $! $! Add TCP/IP type to CC definitions. $! -$ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P4'" +$ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'" $! $! Print info $! @@ -1102,7 +907,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -1123,20 +928,20 @@ $! On VAX as well as the 64-bit variant on Alpha, the name carries no extra $! information about pointer size (i.e., 64 bits is default on Alpha and 32 $! bits is default on VAX). $! -$ IF (P5.NES."32" .AND. P5.NES."64") +$ IF (P4.NES."32" .AND. P4.NES."64") $ THEN $! $! Set The Default $! -$ P5 = "" +$ P4 = "" $! -$! End of First Check Of P5 +$! End of First Check Of P4 $! $ ENDIF $! -$! Check If P5 Isn't Set (Or Set Properly) +$! Check If P4 Isn't Set (Or Set Properly) $! -$ IF (P5.EQS."" .OR. (P5.NES."32" .AND. ARCH.EQS."VAX")) +$ IF (P4.EQS."" .OR. (P4.NES."32" .AND. ARCH.EQS."VAX")) $ THEN $! $! Check If We're On A VAX @@ -1146,7 +951,7 @@ $ THEN $! $! On VAX, We Force 32 Bit Pointers $! -$ P5 = "32" +$ P4 = "32" $! $! Else... $! @@ -1154,19 +959,19 @@ $ ELSE $! $! On Alpha, We Use 64 Bit Pointers By Default $! -$ P5 = "64" +$ P4 = "64" $! $! End Of Check For VAX $! $ ENDIF $! -$! End Check Of P5 +$! End Check Of P4 $! $ ENDIF $! $! Set POINTER_SIZE $! -$ POINTER_SIZE = P5 +$ POINTER_SIZE = P4 $ QUAL_POINTER_SIZE = "" $ FILE_POINTER_SIZE = "" $ IF ARCH.EQS."AXP" @@ -1203,9 +1008,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P6. +$! Check To See If We Have A Option For P4. $! -$ IF (P6.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -1227,15 +1032,15 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P6 Check. +$! End The P4 Check. $! $ ENDIF $! $! Check if the user wanted to compile just a subset of all the programs. $! -$ IF P7 .NES. "" +$ IF P6 .NES. "" $ THEN -$ PROGRAMS = P7 +$ PROGRAMS = P6 $ ENDIF $! $! Time To RETURN... diff --git a/apps/passwd.c b/apps/passwd.c index ad8e7b0349..0c2cf62e8b 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -19,7 +19,6 @@ # include <openssl/des.h> #endif #ifndef NO_MD5CRYPT_1 -# include <openssl/evp.h> # include <openssl/md5.h> #endif diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 912e32006b..8464c43996 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -63,7 +63,6 @@ #include <openssl/evp.h> #include <openssl/pkcs12.h> -#include "apps.h" #define PROG pkcs8_main int MAIN(int, char **); @@ -245,7 +244,8 @@ int MAIN(int argc, char **argv) if(passout) p8pass = passout; else { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); + if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1)) + return (1); } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, diff --git a/apps/speed.c b/apps/speed.c index a8a375ff2d..0ad86f42bc 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The ECDH and ECDSA speed test software is originally written by * Sumit Gupta of Sun Microsystems Laboratories. * @@ -261,7 +248,7 @@ static int do_multi(int multi); #define RSA_NUM 4 #define DSA_NUM 3 -#define EC_NUM 15 +#define EC_NUM 16 #define MAX_ECDH_SIZE 256 static const char *names[ALGOR_NUM]={ @@ -520,20 +507,21 @@ int MAIN(int argc, char **argv) #define R_RSA_4096 3 #define R_EC_P160 0 -#define R_EC_P224 1 -#define R_EC_P256 2 -#define R_EC_P384 3 -#define R_EC_P521 4 -#define R_EC_K163 5 -#define R_EC_K233 6 -#define R_EC_K283 7 -#define R_EC_K409 8 -#define R_EC_K571 9 -#define R_EC_B163 10 -#define R_EC_B233 11 -#define R_EC_B283 12 -#define R_EC_B409 13 -#define R_EC_B571 14 +#define R_EC_P192 1 +#define R_EC_P224 2 +#define R_EC_P256 3 +#define R_EC_P384 4 +#define R_EC_P521 5 +#define R_EC_K163 6 +#define R_EC_K233 7 +#define R_EC_K283 8 +#define R_EC_K409 9 +#define R_EC_K571 10 +#define R_EC_B163 11 +#define R_EC_B233 12 +#define R_EC_B283 13 +#define R_EC_B409 14 +#define R_EC_B571 15 #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; @@ -560,6 +548,7 @@ int MAIN(int argc, char **argv) { /* Prime Curves */ NID_secp160r1, + NID_X9_62_prime192v1, NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, @@ -580,6 +569,7 @@ int MAIN(int argc, char **argv) { /* Prime Curves */ "secp160r1", + "nistp192", "nistp224", "nistp256", "nistp384", @@ -598,7 +588,7 @@ int MAIN(int argc, char **argv) }; static int test_curves_bits[EC_NUM] = { - 160, 224, 256, 384, 521, + 160, 192, 224, 256, 384, 521, 163, 233, 283, 409, 571, 163, 233, 283, 409, 571 }; diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index e8da921ec5..f708f6f34b 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -99,7 +99,9 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num); + unsigned char counter[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); #ifdef __cplusplus diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index aea3db2092..142ca4a142 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -90,26 +90,31 @@ static void AES_ctr128_inc(unsigned char *counter) { /* The input encrypted as though 128bit counter mode is being * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to AES_ctr128_encrypt(). */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num) { + unsigned char counter[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num) { unsigned int n; unsigned long l=length; - unsigned char tmp[AES_BLOCK_SIZE]; assert(in && out && key && counter && num); + assert(*num < AES_BLOCK_SIZE); n = *num; while (l--) { if (n == 0) { - AES_encrypt(counter, tmp, key); + AES_encrypt(counter, ecount_buf, key); AES_ctr128_inc(counter); } - *(out++) = *(in++) ^ tmp[n]; + *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; } diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index e870948e8d..599cc8bb14 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -70,7 +70,6 @@ #include <openssl/symhacks.h> -#include <openssl/e_os2.h> #include <openssl/ossl_typ.h> #ifdef OPENSSL_BUILD_SHLIBCRYPTO diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index 83e8213ea5..479225bea0 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -112,7 +112,7 @@ extern "C" { /* Macros to aid ASN1 template writing */ #define ASN1_ITEM_TEMPLATE(tname) \ - const static ASN1_TEMPLATE tname##_item_tt + static const ASN1_TEMPLATE tname##_item_tt #define ASN1_ITEM_TEMPLATE_END(tname) \ ;\ @@ -150,7 +150,7 @@ extern "C" { */ #define ASN1_SEQUENCE(tname) \ - const static ASN1_TEMPLATE tname##_seq_tt[] + static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) @@ -170,19 +170,19 @@ extern "C" { ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_BROKEN_SEQUENCE(tname) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_ref(tname, cb, lck) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_enc(tname, enc, cb) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ ASN1_SEQUENCE(tname) #define ASN1_NDEF_SEQUENCE_END(tname) \ @@ -239,10 +239,10 @@ extern "C" { */ #define ASN1_CHOICE(tname) \ - const static ASN1_TEMPLATE tname##_ch_tt[] + static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) @@ -375,13 +375,13 @@ extern "C" { /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ - const static ASN1_ADB_TABLE name##_adbtbl[] + static const ASN1_ADB_TABLE name##_adbtbl[] #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ;\ - const static ASN1_ADB name##_adb = {\ + static const ASN1_ADB name##_adb = {\ flags,\ offsetof(name, field),\ app_table,\ @@ -395,9 +395,9 @@ extern "C" { #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ;\ - const static ASN1_ITEM *name##_adb(void) \ + static const ASN1_ITEM *name##_adb(void) \ { \ - const static ASN1_ADB internal_adb = \ + static const ASN1_ADB internal_adb = \ {\ flags,\ offsetof(name, field),\ @@ -416,7 +416,7 @@ extern "C" { #define ADB_ENTRY(val, template) {val, template} #define ASN1_ADB_TEMPLATE(name) \ - const static ASN1_TEMPLATE name##_tt + static const ASN1_TEMPLATE name##_tt /* This is the ASN1 template structure that defines * a wrapper round the actual type. It determines the diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 67b1279b99..aa58dab046 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -28,7 +28,6 @@ #include <openssl/bio.h> #include <openssl/err.h> -#include <openssl/err.h> #include <openssl/crypto.h> #include "e_os.h" diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index e54f066578..d0b64585ed 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -39,12 +39,12 @@ LIB=$(TOP)/libcrypto.a LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o + bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o SRC= $(LIBSRC) @@ -286,6 +286,13 @@ bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c +bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +bn_nist.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bn_nist.o: ../cryptlib.h bn_lcl.h bn_nist.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 1170465b1f..4182dbfcc5 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the Eric Young open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The binary polynomial arithmetic software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * @@ -355,6 +342,8 @@ BIGNUM *BN_new(void); void BN_init(BIGNUM *); void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +/* BN_ncopy(): like BN_copy() but copies at most the first n BN_ULONGs */ +BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); @@ -513,6 +502,20 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); +/* faster mod functions for the 'NIST primes' + * 0 <= a < p^2 */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + /* library internal functions */ #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index dea1fd3b87..24906c9c32 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -27,6 +27,13 @@ * */ +/* NOTE: This file is licensed pursuant to the OpenSSL license below + * and may be modified; but after modifications, the above covenant + * may no longer apply! In such cases, the corresponding paragraph + * ["In addition, Sun covenants ... causes the infringement."] and + * this note can be edited out; but please keep the Sun copyright + * notice and attribution. */ + /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 8a4dba375a..1db940f4c5 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -239,6 +239,16 @@ struct bignum_ctx #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) + +#define bn_clear_top2max(a) \ + { \ + int ind = (a)->dmax - (a)->top; \ + BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ + for (; ind != 0; ind--) \ + *(++ftl) = 0x0; \ + } + + /* This is used for internal error checking and is not normally used */ #ifdef BN_DEBUG # include <assert.h> diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 20f851cc66..fc610e0438 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -522,6 +522,51 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) return(a); } +BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) + { + int i, min; + BN_ULONG *A; + const BN_ULONG *B; + + bn_check_top(b); + + if (a == b) + return a; + + min = (b->top < (int)n)? b->top: (int)n; + + if (!min) + { + BN_zero(a); + return a; + } + + if (bn_wexpand(a, min) == NULL) + return NULL; + + A=a->d; + B=b->d; + for (i=min>>2; i>0; i--, A+=4, B+=4) + { + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + } + switch (min&3) + { + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: ; + } + a->top = min; + + a->neg = b->neg; + bn_fix_top(a); + + return(a); + } + void BN_swap(BIGNUM *a, BIGNUM *b) { int flags_old_a, flags_old_b; diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index cd59baa2c4..988e0ca7b3 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -123,7 +123,10 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) i=0; for (;;) { - l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; + if (i >= a->top) + l=w; + else + l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; a->d[i]=l; if (w > l) w=1; diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 9026b2888d..689683a52d 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the Eric Young open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The binary polynomial arithmetic software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 5d8debd2c8..e16bbc6626 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -1,4 +1,57 @@ /* crypto/cryptlib.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,7 +165,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ecdsa", "ec", "ecdh", -#if CRYPTO_NUM_LOCKS != 35 + "bn", +#if CRYPTO_NUM_LOCKS != 36 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index aa5188e0e8..b4bad11faa 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -21,22 +21,10 @@ $! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE $! ALL To do both LIBRARY and APPS $! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! -$! Specify which compiler at P4 to try to compile under. +$! Specify which compiler at P3 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -45,19 +33,19 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P5, if defined, sets a TCP/IP library to use, through one of the following +$! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P6, if defined, sets the pointer size to build with. The values can be +$! P5, if defined, sets the pointer size to build with. The values can be $! be "32" or "64". Any other value will default to "32" $! -$! P7, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! -$! P8, if defined, sets a choice of crypto methods to compile. +$! P7, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! @@ -96,7 +84,6 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" -$ ENCRYPT_PROGRAMS = "DES,PKCS7" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -221,7 +208,7 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m" + "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist" $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - "ec2_smpl,ec2_mult" @@ -237,9 +224,7 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_rand,tb_cipher,tb_digest,tb_ecdh,"+ - - "eng_openssl,eng_dyn,eng_cnf,"+ - - "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - - "hw_openbsd_dev_crypto,hw_aep,hw_sureware,hw_4758_cca" + "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - @@ -310,86 +295,6 @@ $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,read_pwd,err," $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," $! -$! Check To See If We Are Going To Use RSAREF. -$! -$ IF (RSAREF.EQS."TRUE" .AND. ENCRYPT_TYPES - "RSA".NES.ENCRYPT_TYPES - - .AND. (BUILDALL .EQS. "TRUE" .OR. BUILDALL .EQS. "LIBRARY")) -$ THEN -$! -$! Check To See If The File [-.RSAREF]RSAREF.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File [-.RSAREF]RSAREF.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAREF.C Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAREF File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAREF File." -$! -$! Compile [-.RSAREF]RSAREF.C -$! -$ CC/OBJECT='OBJ_DIR'RSAREF.OBJ SYS$DISK:[-.RSAREF]RSAREF.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAREF.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAREF.OBJ;* -$! -$! Check To See If The File [-.RSAREF]RSAR_ERR.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File [-.RSAREF]RSAR_ERR.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAR_ERR.C File Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAR_ERR File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAR_ERR File." -$! -$! Compile [-.RSAREF]RSAR_ERR.C -$! -$ CC/OBJECT='OBJ_DIR'RSAR_ERR.OBJ SYS$DISK:[-.RSAREF]RSAR_ERR.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAR_ERR.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAR_ERR.OBJ;* -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Figure Out What Other Modules We Are To Build. $! $ BUILD_SET: @@ -666,78 +571,34 @@ $! Tell the user what happens $! $ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$ IF (TCPIP_LIB.NES."") +$ THEN $! -$! End The TCP/IP Library Check. +$! Link With A TCP/IP Library. $! -$ ENDIF +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION $! -$! Else... +$! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. -$! -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! Don't Link With A TCP/IP Library. $! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS',- + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION $! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $ GOTO NEXT_APPLICATION @@ -943,75 +804,10 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! -$ P2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") -$ THEN -$! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") +$ IF (P2.EQS."NODEBUG") $ THEN $! -$! P3 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -1024,7 +820,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P3.EQS."DEBUG") +$ IF (P2.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -1041,7 +837,7 @@ $! $! They Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -1055,7 +851,7 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! @@ -1065,9 +861,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P7. +$! Check To See If We Have A Option For P6. $! -$ IF (P7.EQS."") +$ IF (P6.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -1089,13 +885,13 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P7 Check. +$! End The P6 Check. $! $ ENDIF $! -$! Check To See If P4 Is Blank. +$! Check To See If P3 Is Blank. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -1108,7 +904,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P4 = "GNUC" +$ P3 = "GNUC" $! $! Else... $! @@ -1121,7 +917,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P4 = "DECC" +$ P3 = "DECC" $! $! Else... $! @@ -1129,7 +925,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P4 = "VAXC" +$ P3 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -1143,9 +939,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P5. +$! Check To See If We Have A Option For P4. $! -$ IF (P5.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Find out what socket library we have available @@ -1155,7 +951,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P5 = "SOCKETSHR" +$ P4 = "SOCKETSHR" $! $! Tell the user $! @@ -1175,7 +971,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Tell the user $! @@ -1189,7 +985,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P5',DSO_VMS" +$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -1203,20 +999,20 @@ $! On VAX as well as the 64-bit variant on Alpha, the name carries no extra $! information about pointer size (i.e., 64 bits is default on Alpha and 32 $! bits is default on VAX). $! -$ IF (P6.NES."32" .AND. P6.NES."64") +$ IF (P5.NES."32" .AND. P5.NES."64") $ THEN $! $! Set The Default $! -$ P6 = "" +$ P5 = "" $! -$! End of First Check Of P6 +$! End of First Check Of P5 $! $ ENDIF $! -$! Check If P6 Isn't Set (Or Set Properly) +$! Check If P5 Isn't Set (Or Set Properly) $! -$ IF (P6.EQS."" .OR. (P6.NES."32" .AND. ARCH.EQS."VAX")) +$ IF (P5.EQS."" .OR. (P5.NES."32" .AND. ARCH.EQS."VAX")) $ THEN $! $! Check If We're On A VAX @@ -1226,7 +1022,7 @@ $ THEN $! $! On VAX, We Force 32 Bit Pointers $! -$ P6 = "32" +$ P5 = "32" $! $! Else... $! @@ -1234,19 +1030,19 @@ $ ELSE $! $! On Alpha, We Use 64 Bit Pointers By Default $! -$ P6 = "64" +$ P5 = "64" $! $! End Of Check For VAX $! $ ENDIF $! -$! End Check Of P6 +$! End Check Of P5 $! $ ENDIF $! $! Set POINTER_SIZE $! -$ POINTER_SIZE = P6 +$ POINTER_SIZE = P5 $ QUAL_POINTER_SIZE = "" $ FILE_POINTER_SIZE = "" $ IF ARCH.EQS."AXP" @@ -1257,12 +1053,12 @@ $ ENDIF $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") +$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P4.EQS."DECC") +$ IF (P3.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1293,7 +1089,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P4.EQS."VAXC") +$ IF (P3.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -1332,7 +1128,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P4.EQS."GNUC") +$ IF (P3.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -1361,31 +1157,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -1405,7 +1176,7 @@ $ ENDIF $ CC = CC + QUAL_POINTER_SIZE $ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P3 .NES. "DEBUG" +$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN $ CC5 = CC + "/OPTIMIZE=NODISJOINT" $ ELSE @@ -1424,7 +1195,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1450,13 +1221,13 @@ $ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P5.EQS."SOCKETSHR" +$ IF P4.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1469,12 +1240,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P5.EQS."MULTINET" +$ IF P4.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Done with MULTINET $! @@ -1482,7 +1253,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P5.EQS."UCX" +$ IF P4.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1502,7 +1273,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P5.EQS."TCPIP" +$ IF P4.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1515,7 +1286,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P5.EQS."NONE" +$ IF P4.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1537,7 +1308,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -1555,10 +1326,10 @@ $! $! Check if the user wanted to compile just a subset of all the encryption $! methods. $! -$ IF P8 .NES. "" +$ IF P7 .NES. "" $ THEN -$ ENCRYPT_TYPES = P8 -$! NYI: ENCRYPT_PROGRAMS = P8 +$ ENCRYPT_TYPES = P7 +$! NYI: ENCRYPT_PROGRAMS = P7 $ ENDIF $! $! Time To RETURN... diff --git a/crypto/crypto.h b/crypto/crypto.h index 1490db9aa4..f87262f517 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -1,4 +1,57 @@ /* crypto/crypto.h */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,7 +188,8 @@ extern "C" { #define CRYPTO_LOCK_ECDSA 32 #define CRYPTO_LOCK_EC 33 #define CRYPTO_LOCK_ECDH 34 -#define CRYPTO_NUM_LOCKS 35 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_NUM_LOCKS 36 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 diff --git a/crypto/ec/Makefile.ssl b/crypto/ec/Makefile.ssl index f8d0696a34..16997c6125 100644 --- a/crypto/ec/Makefile.ssl +++ b/crypto/ec/Makefile.ssl @@ -129,6 +129,7 @@ ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -183,6 +184,7 @@ ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 094e05e168..53fb8cfc57 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * @@ -127,9 +114,9 @@ typedef struct ec_point_st EC_POINT; */ const EC_METHOD *EC_GFp_simple_method(void); const EC_METHOD *EC_GFp_mont_method(void); +const EC_METHOD *EC_GFp_nist_method(void); #if 0 const EC_METHOD *EC_GFp_recp_method(void); /* TODO */ -const EC_METHOD *EC_GFp_nist_method(void); /* TODO */ #endif /* EC_METHOD for curves over GF(2^m). @@ -370,6 +357,10 @@ void ERR_load_EC_strings(void); #define EC_F_ECPKPARAMETERS_PRINT_FP 150 #define EC_F_ECPUBLICKEY_GET_OCTET 151 #define EC_F_ECPUBLICKEY_SET_OCTET 152 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 #define EC_F_EC_ASN1_GROUP2CURVE 153 #define EC_F_EC_ASN1_GROUP2FIELDID 154 #define EC_F_EC_ASN1_GROUP2PARAMETERS 155 @@ -387,6 +378,9 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 #define EC_F_EC_GFP_MONT_FIELD_MUL 131 #define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP 202 #define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 @@ -468,6 +462,7 @@ void ERR_load_EC_strings(void); #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 +#define EC_R_INTERNAL_ERROR 132 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 @@ -478,9 +473,13 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_FIELD_MOD 133 #define EC_R_NO_SUCH_EXTRA_DATA 105 +#define EC_R_PASSED_NULL_PARAMETER 134 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index 41b4c95715..09cf08a46c 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The software is originally written by Sheueling Chang Shantz and * Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index b218c5639a..acf205597b 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The software is originally written by Sheueling Chang Shantz and * Douglas Stebila of Sun Microsystems Laboratories. * @@ -234,16 +221,14 @@ int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, if (!BN_copy(p, &group->field)) return 0; } - if (a != NULL || b != NULL) + if (a != NULL) { - if (a != NULL) - { - if (!BN_copy(a, &group->a)) goto err; - } - if (b != NULL) - { - if (!BN_copy(b, &group->b)) goto err; - } + if (!BN_copy(a, &group->a)) goto err; + } + + if (b != NULL) + { + if (!BN_copy(b, &group->b)) goto err; } ret = 1; diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 090520372e..fbab387dbb 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 22789a57e5..d45640bab9 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -64,24 +64,12 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * */ +#include <openssl/err.h> #include "ec_lcl.h" @@ -89,11 +77,8 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM { const EC_METHOD *meth; EC_GROUP *ret; - - /* Finally, this will use EC_GFp_nist_method if 'p' is a special - * prime with optimized modular arithmetics (for NIST curves) - */ - meth = EC_GFp_mont_method(); + + meth = EC_GFp_nist_method(); ret = EC_GROUP_new(meth); if (ret == NULL) @@ -101,13 +86,43 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + unsigned long err; + + err = ERR_peek_last_error(); + + if (!(ERR_GET_LIB(err) == ERR_LIB_EC && + ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || + (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) + { + /* real error */ + + EC_GROUP_clear_free(ret); + return NULL; + } + + + /* not an actual error, we just cannot use EC_GFp_nist_method */ + + ERR_clear_error(); + EC_GROUP_clear_free(ret); - return NULL; + meth = EC_GFp_mont_method(); + + ret = EC_GROUP_new(meth); + if (ret == NULL) + return NULL; + + if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) + { + EC_GROUP_clear_free(ret); + return NULL; + } } return ret; } + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { const EC_METHOD *meth; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 8ae2c00e32..58ae9d682d 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -76,6 +76,10 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT_FP,0), "ECPKParameters_print_fp"}, {ERR_PACK(0,EC_F_ECPUBLICKEY_GET_OCTET,0), "ECPUBLICKEY_GET_OCTET"}, {ERR_PACK(0,EC_F_ECPUBLICKEY_SET_OCTET,0), "ECPUBLICKEY_SET_OCTET"}, +{ERR_PACK(0,EC_F_ECP_NIST_MOD_192,0), "ECP_NIST_MOD_192"}, +{ERR_PACK(0,EC_F_ECP_NIST_MOD_224,0), "ECP_NIST_MOD_224"}, +{ERR_PACK(0,EC_F_ECP_NIST_MOD_256,0), "ECP_NIST_MOD_256"}, +{ERR_PACK(0,EC_F_ECP_NIST_MOD_521,0), "ECP_NIST_MOD_521"}, {ERR_PACK(0,EC_F_EC_ASN1_GROUP2CURVE,0), "EC_ASN1_GROUP2CURVE"}, {ERR_PACK(0,EC_F_EC_ASN1_GROUP2FIELDID,0), "EC_ASN1_GROUP2FIELDID"}, {ERR_PACK(0,EC_F_EC_ASN1_GROUP2PARAMETERS,0), "EC_ASN1_GROUP2PARAMETERS"}, @@ -93,6 +97,9 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, +{ERR_PACK(0,EC_F_EC_GFP_NIST_FIELD_MUL,0), "ec_GFp_nist_field_mul"}, +{ERR_PACK(0,EC_F_EC_GFP_NIST_FIELD_SQR,0), "ec_GFp_nist_field_sqr"}, +{ERR_PACK(0,EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP,0), "EC_GFP_NIST_GROUP_SET_CURVE_GFP"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,0), "ec_GFp_simple_group_check_discriminant"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE,0), "ec_GFp_simple_group_set_curve"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, @@ -177,6 +184,7 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_GROUP2PKPARAMETERS_FAILURE ,"group2pkparameters failure"}, {EC_R_I2D_ECPKPARAMETERS_FAILURE ,"i2d ecpkparameters failure"}, {EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, +{EC_R_INTERNAL_ERROR ,"internal error"}, {EC_R_INVALID_ARGUMENT ,"invalid argument"}, {EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, {EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, @@ -187,9 +195,13 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_INVALID_PRIVATE_KEY ,"invalid private key"}, {EC_R_MISSING_PARAMETERS ,"missing parameters"}, {EC_R_MISSING_PRIVATE_KEY ,"missing private key"}, +{EC_R_NOT_A_NIST_PRIME ,"not a NIST prime"}, +{EC_R_NOT_A_SUPPORTED_NIST_PRIME ,"not a supported NIST prime"}, {EC_R_NOT_IMPLEMENTED ,"not implemented"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, +{EC_R_NO_FIELD_MOD ,"no field mod"}, {EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, +{EC_R_PASSED_NULL_PARAMETER ,"passed null parameter"}, {EC_R_PKPARAMETERS2GROUP_FAILURE ,"pkparameters2group failure"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, {EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index ae67ccfdc2..e84904b23b 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * @@ -89,11 +76,6 @@ #include <openssl/ec.h> -/* internal function: ec_group_index2nid() returns the NID of curve - * with the given index i from the internal curve list */ -int ec_group_index2nid(int i); - - /* Structure details are not part of the exported interface, * so all this may change in future versions. */ @@ -232,6 +214,7 @@ struct ec_group_st { void *field_data1; /* method-specific (e.g., Montgomery structure) */ void *field_data2; /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ } /* EC_GROUP */; diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index b1c4024c2a..98401fe4bc 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -1,6 +1,9 @@ /* crypto/ec/ecp_nist.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,12 +61,14 @@ * and contributed to the OpenSSL project. */ +#include <openssl/err.h> +#include <openssl/obj_mac.h> #include "ec_lcl.h" -#if 0 const EC_METHOD *EC_GFp_nist_method(void) { static const EC_METHOD ret = { + NID_X9_62_prime_field, ec_GFp_nist_group_init, ec_GFp_nist_group_finish, ec_GFp_nist_group_clear_finish, @@ -71,10 +76,6 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_nist_group_set_curve, ec_GFp_simple_group_get_curve, ec_GFp_simple_group_get_degree, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, @@ -107,8 +108,10 @@ const EC_METHOD *EC_GFp_nist_method(void) return &ret; } -#endif +#if BN_BITS2 == 64 && UINT_MAX != 4294967295UL && ULONG_MAX != 4294967295UL +#define NO_32_BIT_TYPE +#endif int ec_GFp_nist_group_init(EC_GROUP *group) { @@ -119,26 +122,163 @@ int ec_GFp_nist_group_init(EC_GROUP *group) return ok; } +void ec_GFp_nist_group_finish(EC_GROUP *group) + { + BN_free(&group->field); + BN_free(&group->a); + BN_free(&group->b); + } -int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ +void ec_GFp_nist_group_clear_finish(EC_GROUP *group) + { + BN_clear_free(&group->field); + BN_clear_free(&group->a); + BN_clear_free(&group->b); + } -void ec_GFp_nist_group_finish(EC_GROUP *group); -/* TODO */ +int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *tmp_bn; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; -void ec_GFp_nist_group_clear_finish(EC_GROUP *group); -/* TODO */ + BN_CTX_start(ctx); + if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; + if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) + group->field_mod_func = BN_nist_mod_192; + else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) + { +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_224; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) + { +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_256; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) + { +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_384; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) + /* this one works in the NO_32_BIT_TYPE case */ + group->field_mod_func = BN_nist_mod_521; + else + { + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_NIST_PRIME); + goto err; + } + + /* group->field */ + if (!BN_copy(&group->field, p)) goto err; + group->field.neg = 0; + + /* group->a */ + if (!group->field_mod_func(&group->a, a, p, ctx)) goto err; -int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); -/* TODO */ + /* group->b */ + if (!group->field_mod_func(&group->b, b, p, ctx)) goto err; + /* group->a_is_minus3 */ + if (!BN_add_word(tmp_bn, 3)) goto err; + group->a_is_minus3 = (0 == BN_cmp(tmp_bn, &group->field)); -int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ + ret = 1; + + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) + { + if (dest == NULL || src == NULL) + return 0; + if (!BN_copy(&dest->field, &src->field)) + return 0; + if (!BN_copy(&dest->a, &src->a)) + return 0; + if (!BN_copy(&dest->b, &src->b)) + return 0; -int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -/* TODO */ + dest->curve_name = src->curve_name; + + dest->a_is_minus3 = src->a_is_minus3; + + dest->field_data1 = src->field_data1; + + return 1; + } + +int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) + { + int ret=0; + BN_CTX *ctx_new=NULL; + + if (!group || !r || !a || !b) + { + ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; + + if (!BN_mul(r, a, b, ctx)) goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret=1; +err: + if (ctx_new) + BN_CTX_free(ctx_new); + return ret; + } + +int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) + { + int ret=0; + BN_CTX *ctx_new=NULL; + + if (!group || !r || !a) + { + ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; + + if (!BN_sqr(r, a, ctx)) goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret=1; +err: + if (ctx_new) + BN_CTX_free(ctx_new); + return ret; + } diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index adf7c94bdb..e32b231e8d 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index b5b877b55f..1ab131cde9 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH software is originally written by Douglas Stebila of * Sun Microsystems Laboratories. * diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 090737f0ff..c51731917d 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH software is originally written by Douglas Stebila of * Sun Microsystems Laboratories. * diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index 8b21addf3c..f000b8c8ad 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH software is originally written by Douglas Stebila of * Sun Microsystems Laboratories. * diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index d7f2e1a5ae..fd8cb19fdd 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH software is originally written by Douglas Stebila of * Sun Microsystems Laboratories. * diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 105bc578b4..182e825b74 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH software is originally written by Douglas Stebila of * Sun Microsystems Laboratories. * diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 8b8c64ebc7..26b98e0ff1 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -61,19 +61,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * @@ -472,54 +459,9 @@ int main(void) EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_NO_OCTET : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NO_OCTET)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_EMBEDDED_PARAM : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_EMBEDDED_PARAM)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_NS_DB : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NS_DB)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; EVP_PKEY_free(pkey); pkey = NULL; ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); pkcs8 = NULL; /* sign and verify tests */ diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 65cab35c4c..a124654b0d 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -110,6 +110,29 @@ eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c +eng_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +eng_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +eng_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cryptodev.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +eng_cryptodev.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/objects.h +eng_cryptodev.o: ../../include/openssl/opensslconf.h +eng_cryptodev.o: ../../include/openssl/opensslv.h +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +eng_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cryptodev.o: ../../include/openssl/ui_compat.h eng_cryptodev.c eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 5803c0123a..61ae230570 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -500,6 +500,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * engine.h, much of this would be simplified if each area of code * provided its own "summary" structure of all related callbacks. It * would also increase opaqueness. */ + fns.static_state = ENGINE_get_static_state(); fns.err_fns = ERR_get_implementation(); fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index f6c5630395..814d95ee32 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index a66d0f08af..999061a8ed 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -319,3 +319,13 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) { return e->cmd_defns; } + +/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so + * put the "static_state" hack here. */ + +static int internal_static_hack = 0; + +void *ENGINE_get_static_state(void) + { + return &internal_static_hack; + } diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index b41e6ba0f7..55b646da24 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -196,14 +196,14 @@ ENGINE *ENGINE_get_first(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_head; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -211,14 +211,14 @@ ENGINE *ENGINE_get_last(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = engine_list_tail; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_list_tail; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -232,7 +232,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->next; if(ret) { @@ -240,7 +240,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -255,7 +255,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->prev; if(ret) { @@ -263,7 +263,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -358,7 +358,7 @@ ENGINE *ENGINE_by_id(const char *id) ERR_R_PASSED_NULL_PARAMETER); return NULL; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; while(iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; @@ -384,7 +384,7 @@ ENGINE *ENGINE_by_id(const char *id) engine_ref_debug(iterator, 0, 1) } } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); #if 0 if(iterator == NULL) { @@ -416,3 +416,14 @@ notfound: /* EEK! Experimental code ends */ #endif } + +int ENGINE_up_ref(ENGINE *e) + { + if (e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); + return 1; + } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 45fa61834b..e28951cbc4 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -68,6 +68,7 @@ #include <openssl/engine.h> #include <openssl/dso.h> #include <openssl/pem.h> +#include <openssl/evp.h> /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -191,7 +192,6 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -#include <openssl/evp.h> #include <openssl/rc4.h> #define TEST_RC4_KEY_SIZE 16 static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; @@ -276,7 +276,6 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -#include <openssl/evp.h> #include <openssl/sha.h> static int test_digest_nids[] = {NID_sha1}; static int test_digest_nids_number = 1; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 7bc5b4f490..3b951eb3e2 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -318,6 +318,7 @@ ENGINE *ENGINE_by_id(const char *id); /* Add all the built-in engines. */ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); +#ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_cswift(void); void ENGINE_load_chil(void); void ENGINE_load_atalla(void); @@ -326,6 +327,7 @@ void ENGINE_load_ubsec(void); void ENGINE_load_aep(void); void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); +#endif void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); @@ -433,6 +435,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * compatibility! */ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); @@ -566,17 +569,20 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure * type provides the calling application's (or library's) error functionality * and memory management function pointers to the loaded library. These should * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. */ + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ typedef void *(*dyn_MEM_malloc_cb)(size_t); typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); typedef void (*dyn_MEM_free_cb)(void *); @@ -604,6 +610,7 @@ typedef struct st_dynamic_LOCK_fns { } dynamic_LOCK_fns; /* The top-level structure */ typedef struct st_dynamic_fns { + void *static_state; const ERR_FNS *err_fns; const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; @@ -644,6 +651,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ return 0; \ @@ -655,9 +663,22 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ return 0; \ if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ +void *ENGINE_get_static_state(void); + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -697,6 +718,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 #define ENGINE_F_LOG_MESSAGE 141 diff --git a/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c index 64357157a0..ea82b61a18 100644 --- a/crypto/engine/tb_ecdh.c +++ b/crypto/engine/tb_ecdh.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH engine software is originally written by Nils Gura and * Douglas Stebila of Sun Microsystems Laboratories. * diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index c156663f0e..81e34bd6ce 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -62,7 +62,6 @@ #include "cryptlib.h" #include <openssl/buffer.h> #include <openssl/err.h> -#include <openssl/crypto.h> void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 43200a91a8..a97b1f87da 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -79,14 +79,15 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; + ASN1_TYPE *t1, *t2; + STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) + ASN1_TYPE *param = NULL; ASN1_INTEGER *privkey; - ASN1_TYPE *t1, *t2, *param = NULL; - STACK_OF(ASN1_TYPE) *n_stack = NULL; BN_CTX *ctx = NULL; int plen; #endif @@ -124,172 +125,188 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign_RSA (pkey, rsa); break; #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) - case NID_ecdsa_with_SHA1: +#ifndef OPENSSL_NO_DSA case NID_dsa: - /* PKCS#8 DSA/ECDSA is weird: you just get a private key integer + /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ - /* Check for broken DSA/ECDSA PKCS#8, UGH! */ - if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) - { - if(!(n_stack = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, + /* Check for broken DSA PKCS#8, UGH! */ + if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { + if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, d2i_ASN1_TYPE, - ASN1_TYPE_free))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; - } - if(sk_ASN1_TYPE_num(n_stack) != 2 ) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; - } + ASN1_TYPE_free))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; + } + if(sk_ASN1_TYPE_num(ndsa) != 2 ) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; + } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ - t1 = sk_ASN1_TYPE_value(n_stack, 0); - t2 = sk_ASN1_TYPE_value(n_stack, 1); - if(t1->type == V_ASN1_SEQUENCE) - { + t1 = sk_ASN1_TYPE_value(ndsa, 0); + t2 = sk_ASN1_TYPE_value(ndsa, 1); + if(t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; param = t1; - } - else if(a->parameter->type == V_ASN1_SEQUENCE) - { + } else if(a->parameter->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; param = a->parameter; - } - else - { + } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; + goto dsaerr; } if(t2->type != V_ASN1_INTEGER) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; + goto dsaerr; } privkey = t2->value.integer; - } - else - { - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) - { + } else { + if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; + goto dsaerr; } param = p8->pkeyalg->parameter; } - if (!param || (param->type != V_ASN1_SEQUENCE)) - { + if (!param || (param->type != V_ASN1_SEQUENCE)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; + goto dsaerr; } cp = p = param->value.sequence->data; plen = param->value.sequence->length; - if (!(ctx = BN_CTX_new())) - { + if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; + } + /* We have parameters now set private key */ + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); + goto dsaerr; + } + /* Calculate public key (ouch!) */ + if (!(dsa->pub_key = BN_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto err; + goto dsaerr; } - if (nid == NID_dsa) + + if (!BN_mod_exp(dsa->pub_key, dsa->g, + dsa->priv_key, dsa->p, ctx)) { + + EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); + goto dsaerr; + } + + EVP_PKEY_assign_DSA(pkey, dsa); + BN_CTX_free (ctx); + if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + else ASN1_INTEGER_free(privkey); + break; + dsaerr: + BN_CTX_free (ctx); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + DSA_free(dsa); + EVP_PKEY_free(pkey); + return NULL; + break; +#endif +#ifndef OPENSSL_NO_EC + case NID_X9_62_id_ecPublicKey: + if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { -#ifndef OPENSSL_NO_DSA - if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; - } - /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); - goto err; - } - /* Calculate public key (ouch!) */ - if (!(dsa->pub_key = BN_new())) - { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!BN_mod_exp(dsa->pub_key, dsa->g, - dsa->priv_key, dsa->p, ctx)) - { - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); - goto err; - } + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + param = p8->pkeyalg->parameter; - EVP_PKEY_assign_DSA(pkey, dsa); - BN_CTX_free(ctx); - if(n_stack) sk_ASN1_TYPE_pop_free(n_stack, ASN1_TYPE_free); - else ASN1_INTEGER_free(privkey); -#else - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - goto err; -#endif - } - else /* nid == NID_ecdsa_with_SHA1 */ + if (!param || ((param->type != V_ASN1_SEQUENCE) && + (param->type != V_ASN1_OBJECT))) { -#ifndef OPENSSL_NO_EC - if ((eckey = d2i_ECParameters(NULL, &cp, - plen)) == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; - } - if ((eckey->priv_key = ASN1_INTEGER_to_BN(privkey, - NULL)) == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto err; - } - if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto err; - } - if (!EC_POINT_copy(eckey->pub_key, - EC_GROUP_get0_generator(eckey->group))) + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + if (param->type == V_ASN1_SEQUENCE) + { + cp = p = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto err; + EVPerr(EVP_F_EVP_PKCS82PKEY, + EVP_R_DECODE_ERROR); + goto ecerr; } - if (!EC_POINT_mul(eckey->group, eckey->pub_key, - eckey->priv_key, NULL, NULL, ctx)) + } + else + { + cp = p = param->value.object->data; + plen = param->value.object->length; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto err; + EVPerr(EVP_F_EVP_PKCS82PKEY, + ERR_R_MALLOC_FAILURE); + goto ecerr; } - - EVP_PKEY_assign_EC_KEY(pkey, eckey); - BN_CTX_free(ctx); - if (n_stack) sk_ASN1_TYPE_pop_free(n_stack, ASN1_TYPE_free); - else - ASN1_INTEGER_free(privkey); -#else - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - goto err; -#endif + if ((eckey->group = EC_GROUP_new_by_nid( + OBJ_obj2nid(a->parameter->value.object))) == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(eckey->group, + OPENSSL_EC_NAMED_CURVE); + } + + /* We have parameters now set private key */ + if (!(eckey->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); + goto ecerr; + } + /* Calculate public key */ + if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; } + if (!EC_POINT_copy(eckey->pub_key, + EC_GROUP_get0_generator(eckey->group))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_mul(eckey->group, eckey->pub_key, + eckey->priv_key, NULL, NULL, ctx)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + if (ctx) + BN_CTX_free(ctx); + if (privkey) + ASN1_INTEGER_free(privkey); break; -err: - if (ctx) BN_CTX_free(ctx); - sk_ASN1_TYPE_pop_free(n_stack, ASN1_TYPE_free); -#ifndef OPENSSL_NO_DSA - if (dsa) DSA_free(dsa); -#endif -#ifndef OPENSSL_NO_EC - if (eckey) +ecerr: + if (ctx) + BN_CTX_free(ctx); + if (eckey) EC_KEY_free(eckey); -#endif - if (pkey) EVP_PKEY_free(pkey); + if (pkey) + EVP_PKEY_free(pkey); return NULL; - break; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); @@ -506,209 +523,106 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) #ifndef OPENSSL_NO_EC static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { - ASN1_STRING *params=NULL; - ASN1_INTEGER *prkey=NULL; - ASN1_TYPE *ttmp=NULL; - STACK_OF(ASN1_TYPE) *neckey=NULL; - unsigned char *p=NULL, *q=NULL; - int len=0; - EC_POINT *point=NULL; + EC_KEY *eckey; + ASN1_INTEGER *prkey = NULL; + unsigned char *p, *pp; + int nid; if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); return 0; } - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1); - len = i2d_ECParameters(pkey->pkey.eckey, NULL); - if ((p = OPENSSL_malloc(len)) == NULL) + eckey = pkey->pkey.eckey; + + /* set the ec parameters OID */ + if (p8->pkeyalg->algorithm) + ASN1_OBJECT_free(p8->pkeyalg->algorithm); + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); + + /* set the ec parameters */ + + if (p8->pkeyalg->parameter) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; + ASN1_TYPE_free(p8->pkeyalg->parameter); + p8->pkeyalg->parameter = NULL; } - q = p; - if (!i2d_ECParameters(pkey->pkey.eckey, &q)) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); - OPENSSL_free(p); - return 0; - } - if ((params = ASN1_STRING_new()) == NULL) + + if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - OPENSSL_free(p); return 0; - } - if (!ASN1_STRING_set(params, p, len)) + + if (EC_GROUP_get_asn1_flag(eckey->group) + && (nid = EC_GROUP_get_nid(eckey->group))) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); - OPENSSL_free(p); - return 0; + /* we have a 'named curve' => just set the OID */ + p8->pkeyalg->parameter->type = V_ASN1_OBJECT; + p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); } - OPENSSL_free(p); - if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) - == NULL) + else /* explicit parameters */ { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); - return 0; - } - - switch(p8->broken) { - - case PKCS8_OK: - case PKCS8_NO_OCTET: - - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) + int i; + if ((i = i2d_ECParameters(eckey, NULL)) == 0) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(prkey); + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } - - ASN1_INTEGER_free(prkey); - p8->pkeyalg->parameter->value.sequence = params; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - - break; - - case PKCS8_NS_DB: - - p8->pkeyalg->parameter->value.sequence = params; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - neckey = sk_ASN1_TYPE_new_null(); - if (neckey == NULL || (ttmp = ASN1_TYPE_new()) == NULL) + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); return 0; - } - - if ((point = EC_GROUP_get0_generator(pkey->pkey.eckey->group)) - == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); - return 0; - } - len = EC_POINT_point2oct(pkey->pkey.eckey->group, point, - pkey->pkey.eckey->conv_form, NULL, 0, NULL); - p = OPENSSL_malloc(len); - if (!len || !p || !EC_POINT_point2oct(pkey->pkey.eckey->group, - point, pkey->pkey.eckey->conv_form, p, len, NULL)) + } + pp = p; + if (!i2d_ECParameters(eckey, &pp)) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); OPENSSL_free(p); return 0; } - if ((ttmp->value.octet_string =ASN1_OCTET_STRING_new()) == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!ASN1_OCTET_STRING_set(ttmp->value.octet_string, p, len)) + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + if ((p8->pkeyalg->parameter->value.sequence + = ASN1_STRING_new()) == NULL) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, EVP_R_ASN1_LIB); + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + OPENSSL_free(p); return 0; } + ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); OPENSSL_free(p); - - ttmp->type = V_ASN1_OCTET_STRING; - if (!sk_ASN1_TYPE_push(neckey, ttmp)) - { - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); - return 0; - } - - if ((ttmp = ASN1_TYPE_new()) == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; - } - ttmp->value.integer = prkey; - ttmp->type = V_ASN1_INTEGER; - if (!sk_ASN1_TYPE_push(neckey, ttmp)) - { - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); - return 0; - } - - if ((p8->pkey->value.octet_string = ASN1_OCTET_STRING_new()) - == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - return 0; - } - - if (!ASN1_seq_pack_ASN1_TYPE(neckey, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) - { + } - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - return 0; - } - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - break; + /* set the private key */ + if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) + == NULL) + { + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + return 0; + } - case PKCS8_EMBEDDED_PARAM: + switch(p8->broken) { - p8->pkeyalg->parameter->type = V_ASN1_NULL; - neckey = sk_ASN1_TYPE_new_null(); - if ((ttmp = ASN1_TYPE_new()) == NULL) + case PKCS8_OK: + if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, + &p8->pkey->value.octet_string)) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); - return 0; - } - ttmp->value.sequence = params; - ttmp->type = V_ASN1_SEQUENCE; - if (!sk_ASN1_TYPE_push(neckey, ttmp)) - { - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); + M_ASN1_INTEGER_free(prkey); return 0; } - if ((ttmp = ASN1_TYPE_new()) == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); - return 0; - } - ttmp->value.integer = prkey; - ttmp->type = V_ASN1_INTEGER; - if (!sk_ASN1_TYPE_push(neckey, ttmp)) - { - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - ASN1_INTEGER_free(prkey); - return 0; - } + ASN1_INTEGER_free(prkey); - if ((p8->pkey->value.octet_string = ASN1_OCTET_STRING_new()) - == NULL) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); + break; + case PKCS8_NO_OCTET: /* RSA specific */ + case PKCS8_NS_DB: /* DSA specific */ + case PKCS8_EMBEDDED_PARAM: /* DSA specific */ + default: + EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); return 0; - } - if (!ASN1_seq_pack_ASN1_TYPE(neckey, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) - { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - return 0; - } - sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); - break; } return 1; } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 7066e67b39..bfc43e90af 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -251,7 +251,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char ret = 1; err: - if (!pnm) OPENSSL_free(nm); + if (!ret || !pnm) OPENSSL_free(nm); OPENSSL_free(header); if (!ret) OPENSSL_free(data); return ret; diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index d7dad3efd0..53a726e1aa 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 7de21d37d0..4175576fcc 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -236,3 +236,10 @@ int RAND_poll(void) } #endif + +#if defined(OPENSSL_SYS_VXWORKS) +int RAND_poll(void) +{ + return 0; +} +#endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 7a2c8db1b0..3ac3c5a4a4 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -104,7 +104,6 @@ #ifndef OPENSSL_NO_SHA #include <openssl/sha.h> #endif -#include <openssl/evp.h> #include <openssl/e_os2.h> #include <openssl/ossl_typ.h> diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c index f092acbf3f..36edf4d4b1 100644 --- a/demos/engines/rsaref/rsaref.c +++ b/demos/engines/rsaref/rsaref.c @@ -3,11 +3,14 @@ be found a little here and there. */ #include <stdio.h> +#include <string.h> #include "./source/global.h" #include "./source/rsaref.h" #include "./source/rsa.h" #include "./source/des.h" #include <openssl/err.h> +#define OPENSSL_NO_MD2 +#define OPENSSL_NO_MD5 #include <openssl/evp.h> #include <openssl/bn.h> #include <openssl/engine.h> @@ -400,7 +403,7 @@ static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned c if (!RSAref_Private_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPrivateDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPrivateDecrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i); outlen= -1; @@ -423,7 +426,7 @@ static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned c } if (!RSAref_Private_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPrivateEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPrivateEncrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i); outlen= -1; @@ -441,7 +444,7 @@ static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned ch if (!RSAref_Public_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPublicDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPublicDecrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i); outlen= -1; @@ -478,7 +481,7 @@ static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned ch if (!RSAref_Public_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPublicEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0) + if ((i=RSAPublicEncrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i); outlen= -1; diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c index 4709e18e7c..8304d30e0b 100644 --- a/demos/x509/mkcert.c +++ b/demos/x509/mkcert.c @@ -88,7 +88,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) } rsa=NULL; - X509_set_version(x,3); + X509_set_version(x,2); ASN1_INTEGER_set(X509_get_serialNumber(x),serial); X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); diff --git a/doc/c-indentation.el b/doc/c-indentation.el index 48ca3cf69b..cbf01cb172 100644 --- a/doc/c-indentation.el +++ b/doc/c-indentation.el @@ -13,12 +13,10 @@ ; ; Apparently statement blocks that are not introduced by a statement ; such as "if" and that are not the body of a function cannot -; be handled too well by CC mode with this indentation style. -; The style defined below does not indent them at all. -; To insert tabs manually, prefix them with ^Q (the "quoted-insert" -; command of Emacs). If you know a solution to this problem -; or find other problems with this indentation style definition, -; please send e-mail to bodo@openssl.org. +; be handled too well by CC mode with this indentation style, +; so you have to indent them manually (you can use C-q tab). +; +; For suggesting improvements, please send e-mail to bodo@openssl.org. (c-add-style "eay" '((c-basic-offset . 8) diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 75cceb1ca2..daf57e5895 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -419,7 +419,7 @@ Encrypt a string using blowfish: EVP_CIPHER_CTX ctx; FILE *out; EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, NULL, EVP_bf_cbc(), key, iv); + EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) { diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index 50650bdbce..7dcc07923f 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -101,7 +101,7 @@ Create an object for B<commonName>: ASN1_OBJECT *o; o = OBJ_nid2obj(NID_commonName); -Check is an object is B<commonName> +Check if an object is B<commonName> if (OBJ_obj2nid(obj) == NID_commonName) /* Do something */ @@ -129,14 +129,14 @@ than enough to handle any OID encountered in practice. =head1 RETURN VALUES -OBJ_nid2obj() returns an ASN1_OBJECT structure or B<NULL> is an +OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an error occurred. OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL> on error. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return -a NID or NID_undef on error. +a NID or B<NID_undef> on error. =head1 SEE ALSO diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index 8093241ea4..2cfad2e049 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -14,7 +14,7 @@ SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message. B<out> is the BIO to write the data to. B<p7> is the appropriate -B<PKCS7> structure. If cleartext signing (B<multipart/signed) is +B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is being used then the signed data must be supplied in the B<data> argument. B<flags> is an optional set of flags. diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod index af326c2f73..82676b26b2 100644 --- a/doc/ssl/SSL_CTX_add_session.pod +++ b/doc/ssl/SSL_CTX_add_session.pod @@ -37,6 +37,14 @@ removed and replaced by the new session. If the session is actually identical (the SSL_SESSION object is identical), SSL_CTX_add_session() is a no-op, and the return value is 0. +If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE +flag then the internal cache will not be populated automatically by new +sessions negotiated by the SSL/TLS implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the +application can use SSL_CTX_add_session() directly to have full control +over the sessions that can be resumed if desired. + =head1 RETURN VALUES diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod index 9aa6c6b2e3..c5d2f43dff 100644 --- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -26,12 +26,14 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX object. In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then decides whether it -agrees in reusing the session or starts the handshake for a new session. +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). -A server will lookup up the session in its internal session storage. If -the session is not found in internal storage or internal storage is -deactivated, the server will try the external storage if available. +A server will lookup up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try +the external storage if available. Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see @@ -57,9 +59,10 @@ function. This option is not activated by default. =item SSL_SESS_CACHE_SERVER Server sessions are added to the session cache. When a client proposes a -session to be reused, the session is looked up in the internal session cache. -If the session is found, the server will try to reuse the session. -This is the default. +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. =item SSL_SESS_CACHE_BOTH @@ -77,12 +80,32 @@ explicitly by the application. =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP -By setting this flag sessions are cached in the internal storage but -they are not looked up automatically. If an external session cache -is enabled, sessions are looked up in the external cache. As automatic -lookup only applies for SSL/TLS servers, the flag has no effect on +By setting this flag, session-resume operations in an SSL/TLS server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients. +=item SSL_SESS_CACHE_NO_INTERNAL_STORE + +Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, +sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the SSL_CTX. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note: +in any SSL/TLS servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues - this flag +prevents these additions to the internal cache as well. + +=item SSL_SESS_CACHE_NO_INTERNAL + +Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and +SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time. + + =back The default mode is SSL_SESS_CACHE_SERVER. @@ -98,6 +121,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode. L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, L<SSL_session_reused(3)|SSL_session_reused(3)>, +L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, @@ -105,4 +129,9 @@ L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> +=head1 HISTORY + +SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL +were introduced in OpenSSL 0.9.6h. + =cut diff --git a/engines/.cvsignore b/engines/.cvsignore index 28e1e24d19..bb22714f15 100644 --- a/engines/.cvsignore +++ b/engines/.cvsignore @@ -1 +1,2 @@ Makefile.save +libs diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index b6a1d9d191..7ebbe51c7f 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -17,6 +17,9 @@ MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl AR= ar r +PEX_LIBS= +EX_LIBS= + CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile engines.com install.com @@ -68,7 +71,7 @@ libs: $(LIBOBJ) for l in $(LIBNAMES); do \ $(NEWMAKE) -f ../Makefile.shared \ CC="$(CC)" LIBNAME=$$l LIBEXTRAS=e_$$l.o \ - LIBDEPS='-L.. -lcrypto' \ + LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ link_o.$(SHLIB_TARGET); \ done; \ else \ @@ -89,10 +92,10 @@ install: @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ for l in $(LIBNAMES); do \ - ( echo installing $$i; \ - cp lib$$i.so $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$i.so.new; \ - chmod 555 $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$i.so.new; \ - mv $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$i.so.new $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$i.so ); \ + ( echo installing $$l; \ + cp lib$$l.so $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new; \ + chmod 555 $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new; \ + mv $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so ); \ done; \ fi diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 2e77f8c647..203a8a75e6 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -54,6 +54,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> /* #include <openssl/pem.h> */ #include <openssl/dso.h> diff --git a/engines/e_atalla.c b/engines/e_atalla.c index be590f0ebb..65339a0d68 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> #include <openssl/buffer.h> #include <openssl/dso.h> diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 2ed9357f13..f3d3628366 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> #include <openssl/buffer.h> #include <openssl/dso.h> diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 4585dbed1f..d7960a9d95 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> #include <openssl/buffer.h> #include <openssl/dso.h> diff --git a/engines/e_sureware.c b/engines/e_sureware.c index dced97c695..9c2279c195 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -51,6 +51,7 @@ ====================================================================*/ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> #include <openssl/pem.h> #include <openssl/dso.h> diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index fe4a3b7ef7..35af495b71 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -59,6 +59,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/crypto.h> #include <openssl/buffer.h> #include <openssl/dso.h> diff --git a/makevms.com b/makevms.com index ff6d1aca65..02d4932043 100755 --- a/makevms.com +++ b/makevms.com @@ -9,7 +9,7 @@ $! $! Changes by Richard Levitte <richard@levitte.org> $! $! This procedure creates the SSL libraries of "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" -$! "[.xxx.EXE.SSL]LIBSSL.OLB" and if specified "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB". +$! "[.xxx.EXE.SSL]LIBSSL.OLB" $! The "xxx" denotes the machine architecture of AXP or VAX. $! $! This procedures accepts two command line options listed below. @@ -21,7 +21,6 @@ $! CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file. $! BUILDINF Just build the "[.CRYPTO]BUILDINF.H" file. $! SOFTLINKS Just fix the Unix soft links. $! BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done. -$! RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library. $! CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library. $! CRYPTO/x Just build the x part of the $! "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library. @@ -29,19 +28,12 @@ $! SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library. $! SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program. $! TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. $! APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. +$! ENGINES Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL. $! CERT_TOOL Just build the "[.xxx.EXE.CERT_TOOL]" application programs for OpenSSL. $! $! -$! Specify RSAREF as P2 to compile using the RSAREF Library. -$! If you specify NORSAREF, it will compile without using RSAREF. -$! (If in the United States, You Must Compile Using RSAREF). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory as that is where the scripts -$! will look for the files. +$! P2 is ignored (it was used to denote if RSAref should be used or not, +$! and is simply kept so surrounding scripts don't get confused) $! $! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging $! information. @@ -156,20 +148,6 @@ $! $ IF (BUILDCOMMAND.EQS."ALL".OR.BUILDCOMMAND.EQS."BUILDALL") $ THEN $! -$! Check To See If We Are Going To Be Building The -$! [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library. -$! -$ IF (RSAREF.EQS."RSAREF") -$ THEN -$! -$! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library. -$! -$ GOSUB RSAREF -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! $ GOSUB CRYPTO @@ -190,6 +168,10 @@ $! Build The [.xxx.EXE.APPS] OpenSSL Application Utilities. $! $ GOSUB APPS $! +$! Build The [.xxx.EXE.ENGINES] OpenSSL Shareable Engines. +$! +$ GOSUB ENGINES +$! $! Build The [.VMS.CERT_TOOL] OpenSSL Certificate Utility. $! $ GOSUB CERT_TOOL @@ -274,6 +256,9 @@ $ ENDIF $ ENDIF $ GOTO CONFIG_LOG_LOOP $ CONFIG_LOG_LOOP_END: +$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE" +$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE" +$ WRITE H_FILE "#endif" $ WRITE H_FILE "#ifndef OPENSSL_THREADS" $ WRITE H_FILE "# define OPENSSL_THREADS" $ WRITE H_FILE "#endif" @@ -538,11 +523,6 @@ $ ENDIF $ GOTO LOOP_SDIRS $ LOOP_SDIRS_END: $! -$! Copy All The ".H" Files From The [.RSAREF] Directory. -$! -$! EXHEADER := rsaref.h -$! COPY SYS$DISK:[.RSAREF]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] -$! $! Copy All The ".H" Files From The [.SSL] Directory. $! $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h @@ -571,11 +551,11 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO] $! $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! -$ @CRYPTO-LIB LIBRARY 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" "''ISSEVEN'" "''BUILDPART'" +$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" "''ISSEVEN'" "''BUILDPART'" $! $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. $! -$ @CRYPTO-LIB APPS 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' "''BUILDPART'" $! $! Go Back To The Main Directory. $! @@ -585,34 +565,6 @@ $! Time To RETURN. $! $ RETURN $! -$! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE Library. -$! -$ RSAREF: -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "RSAref glue library not built, since it's no longer needed" -$ RETURN -$! -$! Tell The User What We Are Doing. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.RSAREF]LIBRSAGLUE.OLB Library." -$! -$! Go To The [.RSAREF] Directory. -$! -$ SET DEFAULT SYS$DISK:[.RSAREF] -$! -$! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library. -$! -$ @RSAREF-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''POINTER_SIZE'" 'ISSEVEN' -$! -$! Go Back To The Main Directory. -$! -$ SET DEFAULT [-] -$! -$! Time To Return. -$! -$ RETURN -$! $! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library. $! $ SSL: @@ -628,7 +580,7 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library. $! -$ @SSL-LIB LIBRARY 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' $! $! Go Back To The Main Directory. $! @@ -653,7 +605,7 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]SSL_TASK.EXE $! -$ @SSL-LIB SSL_TASK 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' $! $! Go Back To The Main Directory. $! @@ -678,7 +630,7 @@ $ SET DEFAULT SYS$DISK:[.TEST] $! $! Build The Test Programs. $! -$ @MAKETESTS 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' $! $! Go Back To The Main Directory. $! @@ -703,7 +655,32 @@ $ SET DEFAULT SYS$DISK:[.APPS] $! $! Build The Application Programs. $! -$ @MAKEAPPS 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''POINTER_SIZE'" 'ISSEVEN' +$! +$! Go Back To The Main Directory. +$! +$ SET DEFAULT [-] +$! +$! That's All, Time To RETURN. +$! +$ RETURN +$! +$! Build The OpenSSL Application Programs. +$! +$ ENGINES: +$! +$! Tell The User What We Are Doing. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines." +$! +$! Go To The [.ENGINES] Directory. +$! +$ SET DEFAULT SYS$DISK:[.ENGINES] +$! +$! Build The Application Programs. +$! +$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" $! $! Go Back To The Main Directory. $! @@ -770,7 +747,7 @@ $! $ IF (P1.EQS."CONFIGALL")- .OR.(P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") - .OR.(P1.EQS."BUILDALL") - - .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL").OR.(P1.EQS."RSAREF") - + .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL") - .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS") - .OR.(P1.EQS."CERT_TOOL") $ THEN @@ -821,54 +798,6 @@ $! End The P1 Check. $! $ ENDIF $! -$! Check To See If P2 Is Blank. -$! -$ P2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") -$ THEN -$! -$! P2 Is NORSAREF, So Compile Without RSAREF. -$! -$ RSAREF = "NORSAREF" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Compile Using The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Compile With RSAREF Library. -$! -$ RSAREF = "RSAREF" -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : To Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : To Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ GOTO CLEAN_UP_PATH -$! -$! End The Valid Arguemnt Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."NODEBUG") diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 592e0b35c8..1a2cb7cd10 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e0e1176d00..be4325886d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * @@ -702,8 +689,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 28 VRS */ { 1, - SSL3_TXT_KRB5_RC4_40_CBC_SHA, - SSL3_CK_KRB5_RC4_40_CBC_SHA, + SSL3_TXT_KRB5_RC4_40_SHA, + SSL3_CK_KRB5_RC4_40_SHA, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, @@ -744,8 +731,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 2B VRS */ { 1, - SSL3_TXT_KRB5_RC4_40_CBC_MD5, - SSL3_CK_KRB5_RC4_40_CBC_MD5, + SSL3_TXT_KRB5_RC4_40_MD5, + SSL3_CK_KRB5_RC4_40_MD5, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 98c950a343..ac555c1f80 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * @@ -2127,7 +2114,7 @@ static int ssl3_get_cert_verify(SSL *s) SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, - 512, /* 512? */ + 514, /* 514? */ &ok); if (!ok) return((int)n); diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 3abb5f59b8..fc0e63c310 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -21,22 +21,10 @@ $! $! LIBRARY To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library. $! SSL_TASK To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE $! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! -$! Specify which compiler at P4 to try to compile under. +$! Specify which compiler at P3 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -45,17 +33,17 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P5, if defined, sets a TCP/IP library to use, through one of the following +$! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P6, if defined, sets the pointer size to build with. The values can be +$! P5, if defined, sets the pointer size to build with. The values can be $! be "32" or "64". Any other value will default to "32" $! -$! P7, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! $! Define A TCP/IP Library That We Will Need To Link To. @@ -157,8 +145,6 @@ $ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'FILE_POINTER_SIZE'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'FILE_POINTER_SIZE'.OLB -$! $! Check To See What We Are To Do. $! $ IF (BUILDALL.EQS."TRUE") @@ -341,84 +327,31 @@ $! $ ON ERROR THEN GOTO SSL_TASK_END $ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (RSAREF.EQS."TRUE") +$ IF (TCPIP_LIB.NES."") $ THEN $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library... -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! Link With TCP/IP Library. $! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + 'OBJ_DIR'SSL_TASK.OBJ, - + 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION $! $! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. -$! +$! Don't Link With TCP/IP Library. $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + 'OBJ_DIR'SSL_TASK.OBJ,- + 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ,- - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $! @@ -593,35 +526,6 @@ $! End The LIBCRYPTO.OLB Library Check. $! $ ENDIF $! -$! Check To See If We Need The RSAREF Library. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Look For The Library LIBRSAGLUE.OLB. -$! -$ IF (F$SEARCH(RSAREF_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBRSAGLUE.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$! -$! End The LIBRSAGLUE.OLB Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Library Check. -$! -$ ENDIF -$! $! Time To Return. $! $ RETURN @@ -685,78 +589,10 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! -$ p2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") -$ THEN -$! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") +$ IF (P2.EQS."NODEBUG") $ THEN $! -$! P3 Is NODEBUG, So Compile Without Debugger Information. +$! P2 Is NODEBUG, So Compile Without Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -771,7 +607,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P3.EQS."DEBUG") +$ IF (P2.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -787,7 +623,7 @@ $! $! Tell The User Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -801,7 +637,7 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! @@ -811,20 +647,20 @@ $! On VAX as well as the 64-bit variant on Alpha, the name carries no extra $! information about pointer size (i.e., 64 bits is default on Alpha and 32 $! bits is default on VAX). $! -$ IF (P6.NES."32" .AND. P6.NES."64") +$ IF (P5.NES."32" .AND. P5.NES."64") $ THEN $! $! Set The Default $! -$ P6 = "" +$ P5 = "" $! -$! End of First Check Of P6 +$! End of First Check Of P5 $! $ ENDIF $! -$! Check If P6 Isn't Set (Or Set Properly) +$! Check If P5 Isn't Set (Or Set Properly) $! -$ IF (P6.EQS."" .OR. (P6.NES."32" .AND. ARCH.EQS."VAX")) +$ IF (P5.EQS."" .OR. (P5.NES."32" .AND. ARCH.EQS."VAX")) $ THEN $! $! Check If We're On A VAX @@ -834,7 +670,7 @@ $ THEN $! $! On VAX, We Force 32 Bit Pointers $! -$ P6 = "32" +$ P5 = "32" $! $! Else... $! @@ -842,19 +678,19 @@ $ ELSE $! $! On Alpha, We Use 64 Bit Pointers By Default $! -$ P6 = "64" +$ P5 = "64" $! $! End Of Check For VAX $! $ ENDIF $! -$! End Check Of P6 +$! End Check Of P5 $! $ ENDIF $! $! Set POINTER_SIZE $! -$ POINTER_SIZE = P6 +$ POINTER_SIZE = P5 $ QUAL_POINTER_SIZE = "" $ FILE_POINTER_SIZE = "" $ IF ARCH.EQS."AXP" @@ -869,9 +705,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P7. +$! Check To See If We Have A Option For P6. $! -$ IF (P7.EQS."") +$ IF (P6.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -893,13 +729,13 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P7 Check. +$! End The P6 Check. $! $ ENDIF $! -$! Check To See If P4 Is Blank. +$! Check To See If P3 Is Blank. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -912,7 +748,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P4 = "GNUC" +$ P3 = "GNUC" $! $! End The GNU C Compiler Check. $! @@ -925,7 +761,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P4 = "DECC" +$ P3 = "DECC" $! $! Else... $! @@ -933,7 +769,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P4 = "VAXC" +$ P3 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -947,9 +783,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P5. +$! Check To See If We Have A Option For P4. $! -$ IF (P5.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Find out what socket library we have available @@ -959,7 +795,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P5 = "SOCKETSHR" +$ P4 = "SOCKETSHR" $! $! Tell the user $! @@ -979,7 +815,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Tell the user $! @@ -993,7 +829,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P5'" +$ CCDEFS = "TCPIP_TYPE_''P4'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -1003,12 +839,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") +$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P4.EQS."DECC") +$ IF (P3.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1038,7 +874,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P4.EQS."VAXC") +$ IF (P3.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -1076,7 +912,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P4.EQS."GNUC") +$ IF (P3.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -1105,31 +941,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -1170,7 +981,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1184,13 +995,13 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P5.EQS."SOCKETSHR" +$ IF P4.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1203,12 +1014,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P5.EQS."MULTINET" +$ IF P4.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Done with MULTINET $! @@ -1216,7 +1027,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P5.EQS."UCX" +$ IF P4.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1236,7 +1047,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P5.EQS."TCPIP" +$ IF P4.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1249,7 +1060,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P5.EQS."NONE" +$ IF P4.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1271,7 +1082,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -321,9 +321,7 @@ extern "C" { #include <openssl/crypto.h> #include <openssl/lhash.h> #include <openssl/buffer.h> -#include <openssl/bio.h> #include <openssl/pem.h> -#include <openssl/x509.h> #ifdef __cplusplus extern "C" { @@ -728,10 +726,11 @@ struct ssl_ctx_st #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* This one, when set, makes the server session-id lookup not look - * in the cache. If there is an application get_session callback - * defined, this will still get called. */ +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 52a38ae834..b829791abd 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -225,9 +225,9 @@ extern "C" { #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1ddd3380ac..851155e04e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1803,7 +1803,7 @@ void ssl_update_cache(SSL *s,int mode) i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ca1a7427be..2a4a90897e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -309,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->ctx,ret); + /* Add the externally cached session to the internal + * cache as well if and only if we are supposed to. */ + if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; diff --git a/ssl/tls1.h b/ssl/tls1.h index 4d7c9a17b2..7f4a2f3085 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * diff --git a/test/maketests.com b/test/maketests.com index 78b3de5e48..ff01c54c61 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -16,22 +16,10 @@ $! The test "executeables" will be placed in a directory called $! [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines $! architecture. $! -$! Specify RSAREF as P1 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG P2 to compile with or without debugger +$! Specify DEBUG or NODEBUG P1 to compile with or without debugger $! information. $! -$! Specify which compiler at P3 to try to compile under. +$! Specify which compiler at P2 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -40,17 +28,17 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P4, if defined, sets a TCP/IP library to use, through one of the following +$! P3, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P5, if defined, sets the pointer size to build with. The values can be +$! P4, if defined, sets the pointer size to build with. The values can be $! be "32" or "64". Any other value will default to "32" $! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! $! Define A TCP/IP Library That We Will Need To Link To. @@ -97,8 +85,6 @@ $ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'FILE_POINTER_SIZE'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'FILE_POINTER_SIZE'.OLB -$! $! Define The SSL We Are To Use. $! $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'FILE_POINTER_SIZE'.OLB @@ -257,54 +243,12 @@ $! $ ENDIF $! $! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (RSAREF.EQS."TRUE") +$ IF (TCPIP_LIB.NES."") $ THEN $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - /MAP = 'MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE',- - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - /MAP = 'MAP_FILE' /FULL/CROSS - - 'OBJECT_FILE', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines. -$! -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. +$! Don't Link With The RSAREF Routines And TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - /MAP = 'MAP_FILE' /FULL/CROSS - @@ -313,11 +257,11 @@ $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - 'TCPIP_LIB','OPT_FILE'/OPTION, - SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! -$! Else... +$! Else... $! -$ ELSE +$ ELSE $! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. +$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - /MAP = 'MAP_FILE' /FULL/CROSS - @@ -325,13 +269,9 @@ $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! -$ ENDIF +$ ENDIF $! $! Go Back And Do It Again. $! @@ -496,32 +436,6 @@ $! End The Crypto Library Check. $! $ ENDIF $! -$! See If We Need The RSAREF Library... -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Look For The Library LIBRSAGLUE.OLB. -$! -$ IF (F$SEARCH(RSAREF_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBRSAGLUE.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$ ENDIF -$! -$! End The RSAREF Library Check. -$! -$ ENDIF -$! $! Look For The Library LIBSSL.OLB. $! $ IF (F$SEARCH(SSL_LIB).EQS."") @@ -552,75 +466,10 @@ $ CHECK_OPTIONS: $! $! Check To See If P1 Is Blank. $! -$ P1 = "NORSAREF" -$ IF (P1.EQS."NORSAREF") +$ IF (P1.EQS."NODEBUG") $ THEN $! -$! P1 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P1.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If P2 Is Blank. -$! -$ IF (P2.EQS."NODEBUG") -$ THEN -$! -$! P2 Is NODEBUG, So Compile Without Debugger Information. +$! P1 Is NODEBUG, So Compile Without Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -635,7 +484,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P2.EQS."DEBUG") +$ IF (P1.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -654,7 +503,7 @@ $! $! Tell The User Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -668,13 +517,13 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! -$! Check To See If P3 Is Blank. +$! Check To See If P2 Is Blank. $! -$ IF (P3.EQS."") +$ IF (P2.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -687,7 +536,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P3 = "GNUC" +$ P2 = "GNUC" $! $! End The GNU C Compiler Check. $! @@ -700,7 +549,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P3 = "DECC" +$ P2 = "DECC" $! $! Else... $! @@ -708,7 +557,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P3 = "VAXC" +$ P2 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -722,9 +571,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P4. +$! Check To See If We Have A Option For P3. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! Find out what socket library we have available @@ -734,7 +583,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P4 = "SOCKETSHR" +$ P3 = "SOCKETSHR" $! $! Tell the user $! @@ -754,7 +603,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P4 = "UCX" +$ P3 = "UCX" $! $! Tell the user $! @@ -768,7 +617,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P4'" +$ CCDEFS = "TCPIP_TYPE_''P3'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -782,20 +631,20 @@ $! On VAX as well as the 64-bit variant on Alpha, the name carries no extra $! information about pointer size (i.e., 64 bits is default on Alpha and 32 $! bits is default on VAX). $! -$ IF (P5.NES."32" .AND. P5.NES."64") +$ IF (P4.NES."32" .AND. P4.NES."64") $ THEN $! $! Set The Default $! -$ P5 = "" +$ P4 = "" $! -$! End of First Check Of P5 +$! End of First Check Of P4 $! $ ENDIF $! -$! Check If P5 Isn't Set (Or Set Properly) +$! Check If P4 Isn't Set (Or Set Properly) $! -$ IF (P5.EQS."" .OR. (P5.NES."32" .AND. ARCH.EQS."VAX")) +$ IF (P4.EQS."" .OR. (P4.NES."32" .AND. ARCH.EQS."VAX")) $ THEN $! $! Check If We're On A VAX @@ -805,7 +654,7 @@ $ THEN $! $! On VAX, We Force 32 Bit Pointers $! -$ P5 = "32" +$ P4 = "32" $! $! Else... $! @@ -813,19 +662,19 @@ $ ELSE $! $! On Alpha, We Use 64 Bit Pointers By Default $! -$ P5 = "64" +$ P4 = "64" $! $! End Of Check For VAX $! $ ENDIF $! -$! End Check Of P5 +$! End Check Of P4 $! $ ENDIF $! $! Set POINTER_SIZE $! -$ POINTER_SIZE = P5 +$ POINTER_SIZE = P4 $ QUAL_POINTER_SIZE = "" $ FILE_POINTER_SIZE = "" $ IF ARCH.EQS."AXP" @@ -836,12 +685,12 @@ $ ENDIF $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") +$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P3.EQS."DECC") +$ IF (P2.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -871,7 +720,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P3.EQS."VAXC") +$ IF (P2.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -909,7 +758,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P3.EQS."GNUC") +$ IF (P2.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -937,31 +786,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -992,7 +816,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1006,13 +830,13 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - - .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" +$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" - + .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P4.EQS."SOCKETSHR" +$ IF P3.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1025,12 +849,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P4.EQS."MULTINET" +$ IF P3.EQS."MULTINET" $ THEN $! $! Set the library to use UXC emulation. $! -$ P4 = "UCX" +$ P3 = "UCX" $! $! Done with MULTINET $! @@ -1038,7 +862,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P4.EQS."UCX" +$ IF P3.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1058,7 +882,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P4.EQS."TCPIP" +$ IF P3.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1071,7 +895,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P4.EQS."NONE" +$ IF P3.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1093,7 +917,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -1114,9 +938,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P6. +$! Check To See If We Have A Option For P5. $! -$ IF (P6.EQS."") +$ IF (P5.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -1138,7 +962,7 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P6 Check. +$! End The P5 Check. $! $ ENDIF $! diff --git a/util/libeay.num b/util/libeay.num index 8b19e33b8e..5edc1bc514 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2071,7 +2071,7 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:STATIC_ENGINE ENGINE_register_all_digests 2637 EXIST::FUNCTION: PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2545,7 +2545,7 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION: +ENGINE_load_cswift 3027 EXIST::FUNCTION:STATIC_ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION: +ENGINE_load_nuron 3055 EXIST::FUNCTION:STATIC_ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2600,7 +2600,7 @@ asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: ENGINE_set_table_flags 3073 EXIST::FUNCTION: AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION: +ENGINE_load_chil 3075 EXIST::FUNCTION:STATIC_ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION: +ENGINE_load_atalla 3130 EXIST::FUNCTION:STATIC_ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION: -ENGINE_load_sureware 3211 EXIST::FUNCTION: +ENGINE_load_aep 3210 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:STATIC_ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION: +ENGINE_load_4758cca 3218 EXIST::FUNCTION:STATIC_ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2784,239 +2784,188 @@ CONF_modules_free 3226 EXIST::FUNCTION: NCONF_default 3227 EXIST::FUNCTION: OPENSSL_no_config 3228 EXIST::FUNCTION: NCONF_WIN32 3229 EXIST::FUNCTION: -ECDSA_set_conversion_form 3230 NOEXIST::FUNCTION: -EC_GROUP_new_by_name 3231 NOEXIST::FUNCTION: -d2i_ECDSA_PUBKEY 3232 NOEXIST::FUNCTION: -PEM_read_bio_ECDSAPrivateKey 3233 NOEXIST::FUNCTION: -EC_GROUP_get_asn1_flag 3234 EXIST::FUNCTION:EC -ECDSA_SIG_new 3235 EXIST::FUNCTION:ECDSA -ECDSA_verify 3236 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3237 EXIST::FUNCTION:EC -i2d_ECDSAParameters 3238 NOEXIST::FUNCTION: -i2d_ECDSAPrivateKey_bio 3239 NOEXIST::FUNCTION: -EC_ASN1_group2pkparameters 3240 NOEXIST::FUNCTION: -PEM_write_bio_ECDSAParameters 3241 NOEXIST::FUNCTION: -ECDSAParameters_print_fp 3242 NOEXIST::FUNCTION: -EC_GROUP_check 3243 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3244 EXIST::FUNCTION: -PEM_read_bio_ECDSA_PUBKEY 3245 NOEXIST::FUNCTION: -ECDSA_check_key 3246 NOEXIST::FUNCTION: -ECDSA_new_method 3247 NOEXIST::FUNCTION: -d2i_ECPARAMETERS 3248 NOEXIST::FUNCTION: -d2i_ECDSAPrivateKey_bio 3249 NOEXIST::FUNCTION: -i2d_ECDSA_PUBKEY 3250 NOEXIST::FUNCTION: -EC_POINT_hex2point 3251 EXIST::FUNCTION:EC -i2d_ECDSA_PUBKEY_fp 3252 NOEXIST::FUNCTION: -ENGINE_unregister_ECDSA 3253 EXIST::FUNCTION: -ECDSA_free 3254 NOEXIST::FUNCTION: -ECDSAParameters_print 3255 NOEXIST::FUNCTION: -EC_POINT_bn2point 3256 EXIST::FUNCTION:EC -PEM_write_bio_ECDSA_PUBKEY 3257 NOEXIST::FUNCTION: -ECDSA_set_method 3258 EXIST::FUNCTION:ECDSA -ECDSA_print 3259 NOEXIST::FUNCTION: -i2d_ECPARAMETERS 3260 NOEXIST::FUNCTION: -d2i_ECPKPARAMETERS 3261 NOEXIST::FUNCTION: -EVP_PKEY_get1_ECDSA 3262 NOEXIST::FUNCTION: -ECDSA_SIG_free 3263 EXIST::FUNCTION:ECDSA -ENGINE_get_default_ECDSA 3264 EXIST::FUNCTION: -PEM_write_ECDSAPrivateKey 3265 NOEXIST::FUNCTION: -ECDSA_sign_setup 3266 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3267 EXIST::FUNCTION: -ECDSA_get_default_method 3268 EXIST::FUNCTION:ECDSA -d2i_ECDSA_PUBKEY_bio 3269 NOEXIST::FUNCTION: -ECDSA_sign 3270 EXIST::FUNCTION:ECDSA -ENGINE_register_ECDSA 3271 EXIST::FUNCTION: -d2i_ECDSAPrivateKey_fp 3272 NOEXIST::FUNCTION: -EC_GROUP_set_asn1_flag 3273 EXIST::FUNCTION:EC -ECPKPARAMETERS_it 3274 NOEXIST::FUNCTION: -ECPKPARAMETERS_it 3274 NOEXIST::FUNCTION: -ECDSA_print_fp 3275 NOEXIST::FUNCTION: -i2d_ECDSAPrivateKey 3276 NOEXIST::FUNCTION: -d2i_ECDSAParameters 3277 NOEXIST::FUNCTION: -PEM_write_bio_ECDSAPrivateKey 3278 NOEXIST::FUNCTION: -ERR_load_ECDSA_strings 3279 EXIST::FUNCTION:ECDSA -d2i_ECParameters 3280 EXIST::FUNCTION:EC -d2i_ECDSA_SIG 3281 EXIST::FUNCTION:ECDSA -ECDSA_size 3282 EXIST::FUNCTION:ECDSA -EC_GROUP_set_nid 3283 EXIST::FUNCTION:EC -EVP_PKEY_set1_ECDSA 3284 NOEXIST::FUNCTION: -EC_GROUP_get_nid 3285 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY_fp 3286 NOEXIST::FUNCTION: -EC_METHOD_get_field_type 3287 EXIST::FUNCTION:EC -EC_GROUP_get_point_conversion_form 3288 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3288 EXIST:VMS:FUNCTION:EC -ECDSA_OpenSSL 3289 EXIST::FUNCTION:ECDSA -i2d_ECPKPARAMETERS 3290 NOEXIST::FUNCTION: -PEM_read_ECDSAParameters 3291 NOEXIST::FUNCTION: -ECDSA_get_ex_data 3292 EXIST::FUNCTION:ECDSA -ECDSA_do_verify 3293 EXIST::FUNCTION:ECDSA -ECDSA_do_sign 3294 EXIST::FUNCTION:ECDSA -EC_POINT_point2bn 3295 EXIST::FUNCTION:EC -i2d_ECParameters 3296 EXIST::FUNCTION:EC -d2i_ECPKParameters 3297 EXIST::FUNCTION:EC -i2d_ECDSA_SIG 3298 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAParameters 3299 NOEXIST::FUNCTION: -ECDSAPublicKey_get_octet_string 3300 NOEXIST::FUNCTION: -ECDSA_new 3301 NOEXIST::FUNCTION: -EVP_ecdsa 3302 EXIST::FUNCTION:SHA -ECPARAMETERS_it 3303 NOEXIST::FUNCTION: -ECPARAMETERS_it 3303 NOEXIST::FUNCTION: -ECDSA_set_default_method 3304 EXIST::FUNCTION:ECDSA -ENGINE_set_ECDSA 3305 EXIST::FUNCTION: -ECDSA_get_ex_new_index 3306 EXIST::FUNCTION:ECDSA -EC_GROUP_set_point_conversion_form 3307 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3307 EXIST:VMS:FUNCTION:EC -PEM_write_ECDSA_PUBKEY 3308 NOEXIST::FUNCTION: -EC_GROUP_check_discriminant 3309 EXIST::FUNCTION:EC -ECDSA_set_default_conversion_form 3310 NOEXIST::FUNCTION: -ECDSA_set_ex_data 3311 EXIST::FUNCTION:ECDSA -ECDSA_get_default_conversion_form 3312 NOEXIST::FUNCTION: -i2d_ECDSA_PUBKEY_bio 3313 NOEXIST::FUNCTION: -EC_ASN1_pkparameters2group 3314 NOEXIST::FUNCTION: -d2i_ECDSAPrivateKey 3315 NOEXIST::FUNCTION: -EC_GROUP_new_by_nid 3316 EXIST::FUNCTION:EC -PEM_read_ECDSA_PUBKEY 3317 NOEXIST::FUNCTION: -ECDSA_up_ref 3318 NOEXIST::FUNCTION: -ENGINE_register_all_ECDSA 3319 EXIST::FUNCTION: -ECDSA_get_conversion_form 3320 NOEXIST::FUNCTION: -i2d_ECPKParameters 3321 EXIST::FUNCTION:EC -ECDSA_generate_key 3322 NOEXIST::FUNCTION: -PEM_write_ECDSAParameters 3323 NOEXIST::FUNCTION: -i2d_ECDSAPrivateKey_fp 3324 NOEXIST::FUNCTION: -PEM_read_ECDSAPrivateKey 3325 NOEXIST::FUNCTION: -ECDSAPublicKey_set_octet_string 3326 NOEXIST::FUNCTION: -ECPKParameters_print_fp 3327 EXIST::FUNCTION:EC,FP_API -EVP_des_ede3_ecb 3328 EXIST::FUNCTION:DES -EC_GROUP_set_seed 3329 EXIST::FUNCTION:EC -ASN1_UNIVERSALSTRING_free 3330 EXIST::FUNCTION: -PEM_write_ECPKParameters 3331 EXIST:!WIN16:FUNCTION:EC -ECPKParameters_print 3332 EXIST::FUNCTION:BIO,EC -i2d_ASN1_UNIVERSALSTRING 3333 EXIST::FUNCTION: -EC_GROUP_get0_seed 3334 EXIST::FUNCTION:EC -ASN1_UNIVERSALSTRING_it 3335 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UNIVERSALSTRING_it 3335 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_GROUP_get_seed_len 3336 EXIST::FUNCTION:EC -PEM_write_bio_ECPKParameters 3337 EXIST::FUNCTION:EC -PEM_read_ECPKParameters 3338 EXIST:!WIN16:FUNCTION:EC -EVP_des_ede_ecb 3339 EXIST::FUNCTION:DES -d2i_ASN1_UNIVERSALSTRING 3340 EXIST::FUNCTION: -PEM_read_bio_ECPKParameters 3341 EXIST::FUNCTION:EC -ASN1_UNIVERSALSTRING_new 3342 EXIST::FUNCTION: -EC_PRIVATEKEY_new 3343 NOEXIST::FUNCTION: -EC_PRIVATEKEY_it 3344 NOEXIST::FUNCTION: -EC_PRIVATEKEY_it 3344 NOEXIST::FUNCTION: -DSO_merge 3345 EXIST::FUNCTION: -d2i_EC_PRIVATEKEY 3346 NOEXIST::FUNCTION: -ECDSA_get_enc_flag 3347 NOEXIST::FUNCTION: -ECDSA_set_enc_flag 3348 NOEXIST::FUNCTION: -i2d_EC_PRIVATEKEY 3349 NOEXIST::FUNCTION: -EC_PRIVATEKEY_free 3350 NOEXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GF2m 3351 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3351 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_sqr_arr 3352 EXIST::FUNCTION: -EC_GROUP_new_curve_GF2m 3353 EXIST::FUNCTION:EC -EC_GF2m_simple_method 3354 EXIST::FUNCTION:EC -EC_GROUP_set_curve_GF2m 3355 EXIST::FUNCTION:EC -EC_GROUP_dup 3356 EXIST::FUNCTION:EC -BN_GF2m_mod_solve_quad 3357 EXIST::FUNCTION: -BN_GF2m_mod_div 3358 EXIST::FUNCTION: -EC_POINT_set_compressed_coordinates_GF2m 3359 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3359 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_sqr 3360 EXIST::FUNCTION: -BN_GF2m_add 3361 EXIST::FUNCTION: -BN_GF2m_mod_solve_quad_arr 3362 EXIST::FUNCTION: -BN_GF2m_mod_arr 3363 EXIST::FUNCTION: -EC_GROUP_get_curve_GF2m 3364 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3365 EXIST::FUNCTION: -BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION: -BN_GF2m_mod_exp 3367 EXIST::FUNCTION: -BN_GF2m_mod_inv 3368 EXIST::FUNCTION: -BN_GF2m_mod_div_arr 3369 EXIST::FUNCTION: -BN_GF2m_arr2poly 3370 EXIST::FUNCTION: -BN_GF2m_mod_sqrt 3371 EXIST::FUNCTION: -BN_GF2m_mod_mul 3372 EXIST::FUNCTION: -EC_GROUP_get_degree 3373 EXIST::FUNCTION:EC -BN_GF2m_mod 3374 EXIST::FUNCTION: -BN_GF2m_mod_inv_arr 3375 EXIST::FUNCTION: -BN_GF2m_mod_exp_arr 3376 EXIST::FUNCTION: -BN_GF2m_poly2arr 3377 EXIST::FUNCTION: -EC_POINT_dup 3378 EXIST::FUNCTION:EC -EC_POINT_set_affine_coordinates_GF2m 3379 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3379 EXIST:VMS:FUNCTION:EC -i2d_EC_PUBKEY 3380 EXIST::FUNCTION:EC -i2d_ECPrivateKey 3381 EXIST::FUNCTION:EC -EC_KEY_free 3382 EXIST::FUNCTION:EC -PEM_write_bio_ECPrivateKey 3383 EXIST::FUNCTION:EC -ECDSA_DATA_new_method 3384 EXIST::FUNCTION:ECDSA -i2d_ECPrivateKey_bio 3385 EXIST::FUNCTION:BIO,EC -d2i_ECPrivateKey_fp 3386 EXIST::FUNCTION:EC,FP_API -EVP_PKEY_get1_EC_KEY 3387 EXIST::FUNCTION:EC -ECPublicKey_set_octet_string 3388 EXIST::FUNCTION:EC -PEM_write_EC_PUBKEY 3389 EXIST:!WIN16:FUNCTION:EC -EC_KEY_print_fp 3390 EXIST::FUNCTION:EC,FP_API -EC_KEY_new 3391 EXIST::FUNCTION:EC -i2d_EC_PUBKEY_bio 3392 EXIST::FUNCTION:BIO,EC -ECDSA_DATA_new 3393 EXIST::FUNCTION:ECDSA -EVP_PKEY_set1_EC_KEY 3394 EXIST::FUNCTION:EC -ECDSA_DATA_free 3395 EXIST::FUNCTION:ECDSA -EC_KEY_print 3396 EXIST::FUNCTION:BIO,EC -PEM_write_bio_EC_PUBKEY 3397 EXIST::FUNCTION:EC -ECParameters_print 3398 EXIST::FUNCTION:BIO,EC +ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION: +EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES +i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: +EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES +X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO +ENGINE_up_ref 3238 EXIST::FUNCTION: +BN_get0_nist_prime_384 3239 EXIST::FUNCTION: +ENGINE_register_ECDSA 3240 EXIST::FUNCTION: +BN_nist_mod_192 3241 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3242 EXIST::FUNCTION:EC +ECDH_get_default_method 3243 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3244 EXIST::FUNCTION: +ENGINE_register_ECDH 3245 EXIST::FUNCTION: +i2d_ECPrivateKey 3246 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3247 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3248 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3248 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3249 EXIST::FUNCTION: +X509_keyid_get0 3250 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3251 EXIST::FUNCTION:EC +BN_GF2m_mod_mul_arr 3252 EXIST::FUNCTION: +EC_KEY_copy 3253 EXIST::FUNCTION:EC +EC_GROUP_check_discriminant 3254 EXIST::FUNCTION:EC +EC_POINT_point2bn 3255 EXIST::FUNCTION:EC +EC_GROUP_new_curve_GF2m 3256 EXIST::FUNCTION:EC +EVP_PKEY_get1_EC_KEY 3257 EXIST::FUNCTION:EC +ENGINE_get_default_ECDH 3258 EXIST::FUNCTION: +ASN1_OCTET_STRING_NDEF_it 3259 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3259 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ENGINE_get_static_state 3260 EXIST::FUNCTION: +ECDSA_SIG_new 3261 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_sqr 3262 EXIST::FUNCTION: +EC_POINT_bn2point 3263 EXIST::FUNCTION:EC +EC_GROUP_get_point_conversion_form 3264 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3264 EXIST:VMS:FUNCTION:EC +PEM_read_bio_ECPKParameters 3265 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3266 EXIST::FUNCTION:EC +EC_GROUP_get_nid 3267 EXIST::FUNCTION:EC +ECDSA_sign_setup 3268 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3269 EXIST::FUNCTION: +EC_KEY_up_ref 3270 EXIST::FUNCTION:EC +BN_GF2m_mod_div 3271 EXIST::FUNCTION: +EC_KEY_free 3272 EXIST::FUNCTION:EC +PEM_write_bio_ECPrivateKey 3273 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3274 EXIST::FUNCTION:EC +EC_KEY_print_fp 3275 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3276 EXIST::FUNCTION: +ECDH_get_ex_data 3277 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3278 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3279 EXIST::FUNCTION: +ECDH_OpenSSL 3280 EXIST::FUNCTION:ECDH +EC_POINT_dup 3281 EXIST::FUNCTION:EC +EC_get_builtin_curves 3282 EXIST::FUNCTION:EC +EVP_PKEY_set1_EC_KEY 3283 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3284 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3285 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3286 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3287 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3288 EXIST::FUNCTION:EC +EC_GROUP_set_nid 3289 EXIST::FUNCTION:EC +PKCS12_add_safes 3290 EXIST::FUNCTION: +BN_GF2m_poly2arr 3291 EXIST::FUNCTION: +BN_get0_nist_prime_224 3292 EXIST::FUNCTION: +i2d_ECParameters 3293 EXIST::FUNCTION:EC +i2d_ECPKParameters 3294 EXIST::FUNCTION:EC +BN_ncopy 3295 EXIST::FUNCTION: +d2i_ECPKParameters 3296 EXIST::FUNCTION:EC +ENGINE_set_ECDH 3297 EXIST::FUNCTION: +PEM_write_bio_EC_PUBKEY 3298 EXIST::FUNCTION:EC +ECParameters_print 3299 EXIST::FUNCTION:BIO,EC +BN_GF2m_mod_mul 3300 EXIST::FUNCTION: +EC_GROUP_set_seed 3301 EXIST::FUNCTION:EC +EC_GROUP_get_curve_GF2m 3302 EXIST::FUNCTION:EC +ECPublicKey_set_octet_string 3303 EXIST::FUNCTION:EC +ECDSA_get_ex_data 3304 EXIST::FUNCTION:ECDSA +BN_GF2m_mod 3305 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3306 EXIST::FUNCTION:EC +PEM_read_bio_EC_PUBKEY 3307 EXIST::FUNCTION:EC +i2d_EC_PUBKEY 3308 EXIST::FUNCTION:EC +ECDSA_get_default_method 3309 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3310 EXIST::FUNCTION: +ECDSA_DATA_free 3311 EXIST::FUNCTION:ECDSA +EC_METHOD_get_field_type 3312 EXIST::FUNCTION:EC +EC_GFp_nist_method 3313 EXIST::FUNCTION:EC +BN_GF2m_mod_sqr_arr 3314 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3315 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3316 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3317 EXIST::FUNCTION: +ECDH_set_default_method 3318 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3319 EXIST::FUNCTION:EC +BN_GF2m_arr2poly 3320 EXIST::FUNCTION: +ECPublicKey_get_octet_string 3321 EXIST::FUNCTION:EC +EC_GROUP_check 3322 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3323 EXIST::FUNCTION:BIO,EC +d2i_ECPrivateKey 3324 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3325 EXIST::FUNCTION: +i2d_PKCS7_NDEF 3326 EXIST::FUNCTION: +EC_GROUP_get_degree 3327 EXIST::FUNCTION:EC +BN_GF2m_add 3328 EXIST::FUNCTION: +BN_nist_mod_224 3329 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3330 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3331 EXIST::FUNCTION:EC +ECDH_get_ex_new_index 3332 EXIST::FUNCTION:ECDH +ECDH_size 3333 EXIST::FUNCTION:ECDH +BN_GF2m_mod_inv 3334 EXIST::FUNCTION: +BN_GF2m_mod_exp 3335 EXIST::FUNCTION: +EC_GROUP_get0_seed 3336 EXIST::FUNCTION:EC +ecdsa_check 3337 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_div_arr 3338 EXIST::FUNCTION: +ENGINE_set_ECDSA 3339 EXIST::FUNCTION: +ECPKParameters_print 3340 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3341 EXIST:!WIN16:FUNCTION:EC +ECDH_set_method 3342 EXIST::FUNCTION:ECDH +ECDH_set_ex_data 3343 EXIST::FUNCTION:ECDH +BN_nist_mod_521 3344 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3345 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3345 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3346 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3347 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3348 EXIST::FUNCTION:ECDSA +ECDSA_set_default_method 3349 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3350 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3350 EXIST:VMS:FUNCTION:EC +ECDH_DATA_new_method 3351 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3352 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3353 EXIST:!WIN16:FUNCTION:EC +ERR_load_ECDSA_strings 3354 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3355 EXIST::FUNCTION:EC +ECDH_DATA_new 3356 EXIST::FUNCTION:ECDH +BN_nist_mod_384 3357 EXIST::FUNCTION: +PEM_write_ECPKParameters 3358 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3359 EXIST::FUNCTION:ECDH +ENGINE_register_all_ECDH 3360 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3361 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3362 EXIST::FUNCTION:EC,FP_API +ENGINE_register_all_ECDSA 3363 EXIST::FUNCTION: +EC_POINT_get_affine_coordinates_GF2m 3364 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3364 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3365 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3366 EXIST::FUNCTION: +EC_KEY_new 3367 EXIST::FUNCTION:EC +ECDSA_verify 3368 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3369 EXIST::FUNCTION:EC +ECDSA_do_verify 3370 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3371 EXIST::FUNCTION:EC,FP_API +PEM_write_ECPrivateKey 3372 EXIST:!WIN16:FUNCTION:EC +PEM_read_ECPKParameters 3373 EXIST:!WIN16:FUNCTION:EC +ECParameters_print_fp 3374 EXIST::FUNCTION:EC,FP_API +ECDH_DATA_free 3375 EXIST::FUNCTION:ECDH +i2d_EC_PUBKEY_fp 3376 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3377 EXIST::FUNCTION: +ECDSA_DATA_new 3378 EXIST::FUNCTION:ECDSA +ECDSA_size 3379 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3380 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3381 EXIST::FUNCTION: +PEM_read_bio_ECPrivateKey 3382 EXIST::FUNCTION:EC +ENGINE_get_ECDH 3383 EXIST::FUNCTION: +d2i_ECDSA_SIG 3384 EXIST::FUNCTION:ECDSA +ECDSA_sign 3385 EXIST::FUNCTION:ECDSA +ENGINE_get_ECDSA 3386 EXIST::FUNCTION: +EVP_ecdsa 3387 EXIST::FUNCTION:SHA +PKCS12_add_cert 3388 EXIST::FUNCTION: +ERR_load_ECDH_strings 3389 EXIST::FUNCTION:ECDH +EC_KEY_dup 3390 EXIST::FUNCTION:EC +ECDSA_set_method 3391 EXIST::FUNCTION:ECDSA +d2i_ECParameters 3392 EXIST::FUNCTION:EC +EC_GF2m_simple_method 3393 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3394 EXIST::FUNCTION:ECDSA +EC_KEY_print 3395 EXIST::FUNCTION:BIO,EC +ECDSA_get_ex_new_index 3396 EXIST::FUNCTION:ECDSA +EC_GROUP_set_asn1_flag 3397 EXIST::FUNCTION:EC +EC_KEY_check_key 3398 EXIST::FUNCTION:EC d2i_EC_PUBKEY_fp 3399 EXIST::FUNCTION:EC,FP_API -PEM_write_ECPrivateKey 3400 EXIST:!WIN16:FUNCTION:EC -ecdsa_check 3401 EXIST::FUNCTION:ECDSA -PEM_read_ECPrivateKey 3402 EXIST:!WIN16:FUNCTION:EC -d2i_ECPrivateKey_bio 3403 EXIST::FUNCTION:BIO,EC -ECParameters_print_fp 3404 EXIST::FUNCTION:EC,FP_API -i2d_EC_PUBKEY_fp 3405 EXIST::FUNCTION:EC,FP_API -i2d_ECPrivateKey_fp 3406 EXIST::FUNCTION:EC,FP_API -d2i_EC_PUBKEY 3407 EXIST::FUNCTION:EC -d2i_ECPrivateKey 3408 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_bio 3409 EXIST::FUNCTION:BIO,EC -ECPublicKey_get_octet_string 3410 EXIST::FUNCTION:EC -PEM_read_EC_PUBKEY 3411 EXIST:!WIN16:FUNCTION:EC -PEM_read_bio_EC_PUBKEY 3412 EXIST::FUNCTION:EC -PEM_read_bio_ECPrivateKey 3413 EXIST::FUNCTION:EC -EC_KEY_dup 3414 EXIST::FUNCTION:EC -EC_KEY_check_key 3415 EXIST::FUNCTION:EC -EC_KEY_generate_key 3416 EXIST::FUNCTION:EC -EC_KEY_copy 3417 EXIST::FUNCTION:EC -ECDH_compute_key 3418 EXIST::FUNCTION:ECDH -ENGINE_get_ECDH 3419 EXIST::FUNCTION: -ECDH_get_default_method 3420 EXIST::FUNCTION:ECDH -ECDH_DATA_new 3421 EXIST::FUNCTION:ECDH -ECDH_DATA_free 3422 EXIST::FUNCTION:ECDH -ECDH_get_ex_new_index 3423 EXIST::FUNCTION:ECDH -ERR_load_ECDH_strings 3424 EXIST::FUNCTION:ECDH -ecdh_check 3425 EXIST::FUNCTION:ECDH -ECDH_get_ex_data 3426 EXIST::FUNCTION:ECDH -ECDH_set_default_method 3427 EXIST::FUNCTION:ECDH -EC_KEY_up_ref 3428 EXIST::FUNCTION:EC -ECDH_size 3429 EXIST::FUNCTION:ECDH -ECDH_set_ex_data 3430 EXIST::FUNCTION:ECDH -ENGINE_get_default_ECDH 3431 EXIST::FUNCTION: -ENGINE_unregister_ECDH 3432 EXIST::FUNCTION: -ENGINE_set_ECDH 3433 EXIST::FUNCTION: -ECDH_set_method 3434 EXIST::FUNCTION:ECDH -ECDH_OpenSSL 3435 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3436 EXIST::FUNCTION: -ECDH_DATA_new_method 3437 EXIST::FUNCTION:ECDH -ENGINE_set_default_ECDH 3438 EXIST::FUNCTION: -ENGINE_register_ECDH 3439 EXIST::FUNCTION: -EC_GROUP_get0_comment 3440 NOEXIST::FUNCTION: -ec_group_index2nid 3441 NOEXIST::FUNCTION: -EC_GROUP_get_basis_type 3442 EXIST::FUNCTION:EC -X509_REQ_print_ex 3443 EXIST::FUNCTION:BIO -EC_GROUP_get_pentanomial_basis 3444 EXIST::FUNCTION:EC -EC_GROUP_get_trinomial_basis 3445 EXIST::FUNCTION:EC -EC_get_builtin_curves 3446 EXIST::FUNCTION:EC -PKCS12_add_safe 3447 EXIST::FUNCTION: -PKCS12_add_safes 3448 EXIST::FUNCTION: -X509_keyid_get0 3449 EXIST::FUNCTION: -ASN1_OCTET_STRING_NDEF_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_put_eoc 3451 EXIST::FUNCTION: -PKCS12_add_key 3452 EXIST::FUNCTION: -PKCS12_add_cert 3453 EXIST::FUNCTION: -ASN1_item_ndef_i2d 3454 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3455 EXIST::FUNCTION: +ecdh_check 3400 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3401 EXIST::FUNCTION:ECDSA +ENGINE_set_default_ECDH 3402 EXIST::FUNCTION: +PKCS12_add_key 3403 EXIST::FUNCTION: +DSO_merge 3404 EXIST::FUNCTION: +EC_POINT_hex2point 3405 EXIST::FUNCTION:EC +BN_GF2m_mod_inv_arr 3406 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3407 EXIST::FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index db08e29b74..fffd1d9a7c 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -91,7 +91,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); + "FP_API", "STDIO", "SOCK", "KRB5", + # Engines + "STATIC_ENGINE" ); my $options=""; open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n"; @@ -108,7 +110,7 @@ my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; -my $no_fp_api; +my $no_fp_api; my $no_static_engine; foreach (@ARGV, split(/ /, $options)) { @@ -443,6 +445,7 @@ sub do_defs s/\/\*.*?\*\///gs; # ignore comments s/{[^{}]*}//gs; # ignore {} blocks + print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; if (/^\#\s*ifndef\s+(.*)/) { push(@tag,"-"); @@ -1061,6 +1064,7 @@ sub is_valid if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } + if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } # Nothing recognise as true return 1; |