diff options
| author | steve <steve> | 2000-12-06 18:33:56 +0000 |
|---|---|---|
| committer | steve <steve> | 2000-12-06 18:33:56 +0000 |
| commit | 99618e6ba26edf521fa79e77ab624f6d7f82038c (patch) | |
| tree | 6fe60302301e971d7bb918e81b9718b02011f108 | |
| parent | f0c59ec71d7c5d3f8129bfff824d945f6c14cdd9 (diff) | |
| download | openssl-99618e6ba26edf521fa79e77ab624f6d7f82038c.tar.gz | |
Merge from main trunk: lets see if this works ;-)TOBEMERGED_ASN12mainBRANCH_ASN1
This involved the use of some temporary
macros which handle the partial constification.
They cast away const but this will go away when
constification is handled in the main ASN1 code.
212 files changed, 11053 insertions, 3460 deletions
@@ -1,9 +1,175 @@ - OpenSSL CHANGES _______________ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Changed the LHASH code to use prototypes for callbacks, and created + macros to declare and implement thin (optionally static) functions + that provide type-safety and avoid function pointer casting for the + type-specific callbacks. + [Geoff Thorpe] + + *) Use better test patterns in bntest. + [Ulf Möller] + + *) Added Kerberos Cipher Suites to be used with TLS, as written in + RFC 2712. + [Veers Staats <staatsvr@asc.hpc.mil>, + Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte] + + *) rand_win.c fix for Borland C. + [Ulf Möller] + + *) BN_rshift bugfix for n == 0. + [Bodo Moeller] + + *) Reformat the FAQ so the different questions and answers can be divided + in sections depending on the subject. + [Richard Levitte] + + *) Have the zlib compression code load ZLIB.DLL dynamically under + Windows. + [Richard Levitte] + + *) New function BN_mod_sqrt for computing square roots modulo a prime + (Tonelli-Shanks algorithm). + [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] + + *) Store verify_result within SSL_SESSION also for client side to + avoid potential security hole. (Re-used sessions on the client side + always resulted in verify_result==X509_V_OK, not using the original + result of the server certificate verification.) + [Lutz Jaenicke] + + *) Make BN_mod_inverse faster by explicitly handling small quotients + in the Euclid loop. (Speed gain about 20% for small moduli [256 or + 512 bits], about 30% for larger ones [1024 or 2048 bits].) + [Bodo Moeller] + + *) Disable ssl2_peek and ssl3_peek (i.e., both implementations + of SSL_peek) because they both are completely broken. + They will be fixed RSN by adding an additional 'peek' parameter + to the internal read functions. + [Bodo Moeller] + + *) New function BN_kronecker. + [Bodo Moeller] + + *) Fix BN_gcd so that it works on negative inputs; the result is + positive unless both parameters are zero. + Previously something reasonably close to an infinite loop was + possible because numbers could be growing instead of shrinking + in the implementation of Euclid's algorithm. + [Bodo Moeller] + + *) Fix BN_is_word() and BN_is_one() macros to take into account the + sign of the number in question. + + Fix BN_is_word(a,w) to work correctly for w == 0. + + The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) + because its test if the absolute value of 'a' equals 'w'. + Note that BN_abs_is_word does *not* handle w == 0 reliably; + it exists mostly for use in the implementations of BN_is_zero(), + BN_is_one(), and BN_is_word(). + [Bodo Moeller] + + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + + *) New function BN_swap. + [Bodo Moeller] + + *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that + the exponentiation functions are more likely to produce reasonable + results on negative inputs. + [Bodo Moeller] + + *) Change BN_mod_mul so that the result is always non-negative. + Previously, it could be negative if one of the factors was negative; + I don't think anyone really wanted that behaviour. + [Bodo Moeller] + + *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c + (except for exponentiation, which stays in crypto/bn/bn_exp.c, + and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) + and add new functions: + + BN_nnmod + BN_mod_sqr + BN_mod_add + BN_mod_add_quick + BN_mod_sub + BN_mod_sub_quick + BN_mod_lshift1 + BN_mod_lshift1_quick + BN_mod_lshift + BN_mod_lshift_quick + + These functions always generate non-negative results. + + BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r + such that |m| < r < 0, BN_nnmod will output rem + |m| instead). + + BN_mod_XXX_quick(r, a, [b,] m) generates the same result as + BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] + be reduced modulo m. + [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] + + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there + was actually never needed) and in BN_mul(). The removal in BN_mul() + required a small change in bn_mul_part_recursive() and the addition + of the functions bn_cmp_part_words(), bn_sub_part_words() and + bn_add_part_words(), which do the same thing as bn_cmp_words(), + bn_sub_words() and bn_add_words() except they take arrays with + differing sizes. + [Richard Levitte] + + *) In 'openssl passwd', verify passwords read from the terminal + unless the '-salt' option is used (which usually means that + verification would just waste user's time since the resulting + hash is going to be compared with some given password hash) + or the new '-noverify' option is used. + + This is an incompatible change, but it does not affect + non-interactive use of 'openssl passwd' (passwords on the command + line, '-stdin' option, '-in ...' option) and thus should not + cause any problems. + [Bodo Moeller] + + *) Remove all references to RSAref, since there's no more need for it. + [Richard Levitte] + + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. + The previous value, 12, was not always sufficient for BN_mod_exp(). + [Bodo Moeller] + + *) Make DSO load along a path given through an environment variable + (SHLIB_PATH) with shl_load(). + [Richard Levitte] + + *) Constify the ENGINE code as a result of BIGNUM constification. + Also constify the RSA code and most things related to it. In a + few places, most notable in the depth of the ASN.1 code, ugly + casts back to non-const were required (to be solved at a later + time) + [Richard Levitte] + + *) Make it so the openssl application has all engines loaded by default. + [Richard Levitte] + + *) Constify the BIGNUM routines a little more. + [Richard Levitte] + + *) Make sure that shared libraries get the internal name engine with + the full version number and not just 0. This should mark the + shared libraries as not backward compatible. Of course, this should + be changed again when we can guarantee backward binary compatibility. + [Richard Levitte] + *) Add the following functions: ENGINE_load_cswift() @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [no-threads] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx=vvv] os/compiler[:flags]\n"; # Options: # @@ -23,12 +23,21 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # default). This needn't be set in advance, you can # just as well use "make INSTALL_PREFIX=/whatever install". # +# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected +# to live in the subdirectory lib/ and the header files in +# include/. +# --with-krb5-lib Declare where the Kerberos 5 libraries live. +# (Default: KRB5_DIR/lib) +# --with-krb5-include Declare where the Kerberos 5 header files live. +# (Default: KRB5_DIR/include) +# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently +# supported values are "MIT" and "Heimdal". +# # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware # support isn't compiled. # no-hw do not compile support for any crypto hardware. -# rsaref use RSAref # [no-]threads [don't] try to create a library that is suitable for # multithreaded applications (default is "threads" if we # know how to do it) @@ -36,6 +45,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. +# no-krb5 do not compile in any KRB5 library or code. # 386 generate 80386 code # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # -<xxx> +<xxx> compiler options are passed through @@ -119,7 +129,7 @@ my %table=( "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any (32 and less bit) box @@ -220,40 +230,40 @@ my %table=( #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler <ruemmler@cup.hp.com> # Kevin Steves <ks@hp.se> -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or # egcs. gcc 2.8.1 is also broken. -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, # please report your OS and compiler version to the openssl-bugs@openssl.org # mailing list. -"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-gcc fails, try this one: -"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 10.X config. Supports threads. -"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): -"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-gcc fails, try this one: -"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 11.X from www.globus.org. # Only works on PA-RISC 2.0 cpus, and not optimized. Why? @@ -408,8 +418,9 @@ my %table=( "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -##### MacOS X (a.k.a. Rhapsody) setup +##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", +"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", ##### Sony NEWS-OS 4.x "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", @@ -424,6 +435,7 @@ my $openssldir=""; my $install_prefix=""; my $no_threads=0; my $no_shared=1; +my $no_krb5=0; my $threads=0; my $no_asm=0; my $no_dso=0; @@ -466,6 +478,7 @@ my $libs; my $target; my $options; my $symlink; +my %withargs=(); my @argvcopy=@ARGV; my $argvstring=""; @@ -510,6 +523,8 @@ PROCESS_ARGS: } elsif (/^no-dso$/) { $no_dso=1; } + elsif (/^no-krb5$/) + { $no_krb5=1; } elsif (/^no-threads$/) { $no_threads=1; } elsif (/^threads$/) @@ -564,9 +579,9 @@ PROCESS_ARGS: { $processor=386; } elsif (/^rsaref$/) { - $libs.= "-lRSAglue -lrsaref "; - $flags.= "-DRSAref "; - $openssl_other_defines .= "#define RSAref\n"; + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken } elsif (/^[-+]/) { @@ -590,6 +605,10 @@ PROCESS_ARGS: { $install_prefix=$1; } + elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) + { + $withargs{"krb5-".$1}=$2; + } else { print STDERR $usage; @@ -654,6 +673,38 @@ print "IsWindows=$IsWindows\n"; split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); $cflags="$flags$cflags" if ($flags ne ""); +# Kerberos settings. The flavor must be provided from outside, either through +# the script "config" or manually. +if ($no_krb5 + || !defined($withargs{"krb5-flavor"}) + || $withargs{"krb5-flavor"} eq "") + { + $cflags="-DNO_KRB5 $cflags"; + } +else + { + if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) + { + $withargs{"krb5-dir"} = "/usr/heimdal" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi -lkrb5 -lcom_err" + if $withargs{"krb5-lib"} eq ""; + $cflags="-DKRB5_HEIMDAL $cflags"; + } + if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]$/) + { + $withargs{"krb5-dir"} = "/usr/kerberos" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" + if $withargs{"krb5-lib"} eq ""; + $cflags="-DKRB5_MIT $cflags"; + } + $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" + if $withargs{"krb5-include"} eq "" && $withargs{"krb5-dir"} ne ""; + } + # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -846,6 +897,8 @@ while (<IN>) s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^PERL=.*/PERL= $perl/; + s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); @@ -879,6 +932,10 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "PERL =$perl\n"; +print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" + if $withargs{"krb5-include"} ne ""; +print "LIBKRB5 =",$withargs{"krb5-lib"},"\n" + if $withargs{"krb5-lib"} ne ""; my $des_ptr=0; my $des_risc1=0; @@ -1,20 +1,22 @@ OpenSSL - Frequently Asked Questions -------------------------------------- +[MISC] Miscellaneous questions + * Which is the current version of OpenSSL? * Where is the documentation? * How can I contact the OpenSSL developers? +* Where can I get a compiled version of OpenSSL? +* Why aren't tools like 'autoconf' and 'libtool' used? + +[LEGAL] Legal questions + * Do I need patent licenses to use OpenSSL? -* Is OpenSSL thread-safe? +* Can I use OpenSSL with GPL software? + +[USER] Questions on using the OpenSSL applications + * Why do I get a "PRNG not seeded" error message? -* Why does the linker complain about undefined symbols? -* Where can I get a compiled version of OpenSSL? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? -* I've called <some function> and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? * How do I create certificates or certificate requests? * Why can't I create certificate requests? * Why does <SSL program> fail with a certificate verify error? @@ -22,14 +24,31 @@ OpenSSL - Frequently Asked Questions * How can I create DSA certificates? * Why can't I make an SSL connection using a DSA certificate? * How can I remove the passphrase on a private key? -* Why can't the OpenSSH configure script detect OpenSSL? + +[BUILD] Questions about building and testing OpenSSL + +* Why does the linker complain about undefined symbols? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Why does the OpenSSL compilation fail on Alpha True64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? -* Why aren't tools like 'autoconf' and 'libtool' used? +[PROG] Questions about programming with OpenSSL + +* Is OpenSSL thread-safe? +* I've compiled a program under Windows and it crashes: why? +* How do I read or write a DER encoded buffer using the ASN1 functions? +* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? +* I've called <some function> and it fails, why? +* I just get a load of numbers for the error output, what do they mean? +* Why do I get errors about unknown algorithms? +* Why can't the OpenSSH configure script detect OpenSSL? +* Can I use OpenSSL's SSL library with non-blocking I/O? + +=============================================================================== + +[MISC] ======================================================================== * Which is the current version of OpenSSL? @@ -80,6 +99,36 @@ OpenSSL. Information on the OpenSSL mailing lists is available from <URL: http://www.openssl.org>. +* Where can I get a compiled version of OpenSSL? + +Some applications that use OpenSSL are distributed in binary form. +When using such an application, you don't need to install OpenSSL +yourself; the application will include the required parts (e.g. DLLs). + +If you want to install OpenSSL on a Windows system and you don't have +a C compiler, read the "Mingw32" section of INSTALL.W32 for information +on how to obtain and install the free GNU C compiler. + +A number of Linux and *BSD distributions include OpenSSL. + + +* Why aren't tools like 'autoconf' and 'libtool' used? + +autoconf is a nice tool, but is unfortunately very Unix-centric. +Although one can come up with solution to have ports keep in track, +there's also some work needed for that, and can be quite painful at +times. If there was a 'autoconf'-like tool that generated perl +scripts or something similarly general, it would probably be used +in OpenSSL much earlier. + +libtool has repeatadly been reported by some members of the OpenSSL +development and others to be a pain to use. So far, those in the +development team who have said anything about this have expressed +a wish to avoid libtool for that reason. + + +[LEGAL] ======================================================================= + * Do I need patent licenses to use OpenSSL? The patents section of the README file lists patents that may apply to @@ -91,17 +140,25 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using ./config no-rc5 no-idea -* Is OpenSSL thread-safe? +* Can I use OpenSSL with GPL software? -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. +On many systems including the major Linux and BSD distributions, yes (the +GPL does not place restrictions on using libraries that are part of the +normal operating system distribution). -Multi-threaded applications must provide two callback functions to -OpenSSL. This is described in the threads(3) manpage. +On other systems, the situation is less clear. Some GPL software copyright +holders claim that you infringe on their rights if you use OpenSSL with +their software on operating systems that don't normally include OpenSSL. +If you develop open source software that uses OpenSSL, you may find it +useful to choose an other license than the GPL, or state explicitely that +"This program is released under the GPL with the additional exemption that +compiling, linking, and/or using OpenSSL is allowed." If you are using +GPL software developed by others, you may want to ask the copyright holder +for permission to use their software with OpenSSL. + + +[USER] ======================================================================== * Why do I get a "PRNG not seeded" error message? @@ -140,6 +197,70 @@ versions. However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +* How do I create certificates or certificate requests? + +Check out the CA.pl(1) manual page. This provides a simple wrapper round +the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check +out the manual pages for the individual utilities and the certificate +extensions documentation (currently in doc/openssl.txt). + + +* Why can't I create certificate requests? + +You typically get the error: + + unable to find 'distinguished_name' in config + problems making Certificate Request + +This is because it can't find the configuration file. Check out the +DIAGNOSTICS section of req(1) for more information. + + +* Why does <SSL program> fail with a certificate verify error? + +This problem is usually indicated by log messages saying something like +"unable to get local issuer certificate" or "self signed certificate". +When a certificate is verified its root CA must be "trusted" by OpenSSL +this typically means that the CA certificate must be placed in a directory +or file and the relevant program configured to read it. The OpenSSL program +'verify' behaves in a similar way and issues similar error messages: check +the verify(1) program manual page for more information. + + +* Why can I only use weak ciphers when I connect to a server using OpenSSL? + +This is almost certainly because you are using an old "export grade" browser +which only supports weak encryption. Upgrade your browser to support 128 bit +ciphers. + + +* How can I create DSA certificates? + +Check the CA.pl(1) manual page for a DSA certificate example. + + +* Why can't I make an SSL connection to a server using a DSA certificate? + +Typically you'll see a message saying there are no shared ciphers when +the same setup works fine with an RSA certificate. There are two possible +causes. The client may not support connections to DSA servers most web +browsers (including Netscape and MSIE) only support connections to servers +supporting RSA cipher suites. The other cause is that a set of DH parameters +has not been supplied to the server. DH parameters can be created with the +dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: +check the source to s_server in apps/s_server.c for an example. + + +* How can I remove the passphrase on a private key? + +Firstly you should be really *really* sure you want to do this. Leaving +a private key unencrypted is a major security risk. If you decide that +you do have to do this check the EXAMPLES sections of the rsa(1) and +dsa(1) manual pages. + + +[BUILD] ======================================================================= + * Why does the linker complain about undefined symbols? Maybe the compilation was interrupted, and make doesn't notice that @@ -164,17 +285,98 @@ If none of these helps, you may want to try using the current snapshot. If the problem persists, please submit a bug report. -* Where can I get a compiled version of OpenSSL? +* Why does the OpenSSL test fail with "bc: command not found"? -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). +You didn't install "bc", the Unix calculator. If you want to run the +tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. -If you want to install OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. -A number of Linux and *BSD distributions include OpenSSL. +* Why does the OpenSSL test fail with "bc: 1 no implemented"? + +On some SCO installations or versions, bc has a bug that gets triggered when +you run the test suite (using "make test"). The message returned is "bc: +1 not implemented". The best way to deal with this is to find another +implementation of bc and compile/install it. For example, GNU bc (see +http://www.gnu.org/software/software.html for download instructions) can +be safely used. + + +* Why does the OpenSSL compilation fail on Alpha True64 Unix? + +On some Alpha installations running True64 Unix and Compaq C, the compilation +of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual +memory to continue compilation.' As far as the tests have shown, this may be +a compiler bug. What happens is that it eats up a lot of resident memory +to build something, probably a table. The problem is clearly in the +optimization code, because if one eliminates optimization completely (-O0), +the compilation goes through (and the compiler consumes about 2MB of resident +memory instead of 240MB or whatever one's limit is currently). + +There are three options to solve this problem: + +1. set your current data segment size soft limit higher. Experience shows +that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do +this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of +kbytes to set the limit to. + +2. If you have a hard limit that is lower than what you need and you can't +get it changed, you can compile all of OpenSSL with -O0 as optimization +level. This is however not a very nice thing to do for those who expect to +get the best result from OpenSSL. A bit more complicated solution is the +following: + +----- snip:start ----- + make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ + sed -e 's/ -O[0-9] / -O0 /'`" + rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` + make +----- snip:end ----- + +This will only compile sha_dgst.c with -O0, the rest with the optimization +level chosen by the configuration process. When the above is done, do the +test and installation and you're set. + + +* Why does the OpenSSL compilation fail with "ar: command not found"? + +Getting this message is quite usual on Solaris 2, because Sun has hidden +away 'ar' and other development commands in directories that aren't in +$PATH by default. One of those directories is '/usr/ccs/bin'. The +quickest way to fix this is to do the following (it assumes you use sh +or any sh-compatible shell): + +----- snip:start ----- + PATH=${PATH}:/usr/ccs/bin; export PATH +----- snip:end ----- + +and then redo the compilation. What you should really do is make sure +'/usr/ccs/bin' is permanently in your $PATH, for example through your +'.profile' (again, assuming you use a sh-compatible shell). + + +* Why does the OpenSSL compilation fail on Win32 with VC++? + +Sometimes, you may get reports from VC++ command line (cl) that it +can't find standard include files like stdio.h and other weirdnesses. +One possible cause is that the environment isn't correctly set up. +To solve that problem, one should run VCVARS32.BAT which is found in +the 'bin' subdirectory of the VC++ installation directory (somewhere +under 'Program Files'). This needs to be done prior to running NMAKE, +and the changes are only valid for the current DOS session. + + +[PROG] ======================================================================== + +* Is OpenSSL thread-safe? + +Yes (with limitations: an SSL connection may not concurrently be used +by multiple threads). On Windows and many Unix systems, OpenSSL +automatically uses the multi-threaded versions of the standard +libraries. If your platform is not one of these, consult the INSTALL +file. + +Multi-threaded applications must provide two callback functions to +OpenSSL. This is described in the threads(3) manpage. * I've compiled a program under Windows and it crashes: why? @@ -261,68 +463,6 @@ is forgetting to load OpenSSL's table of algorithms with OpenSSL_add_all_algorithms(). See the manual page for more information. -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (currently in doc/openssl.txt). - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does <SSL program> fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - * Why can't the OpenSSH configure script detect OpenSSL? There is a problem with OpenSSH 1.2.2p1, in that the configure script @@ -364,97 +504,19 @@ applied to the OpenSSH distribution: ----- snip:end ----- -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered when -you run the test suite (using "make test"). The message returned is "bc: -1 not implemented". The best way to deal with this is to find another -implementation of bc and compile/install it. For example, GNU bc (see -http://www.gnu.org/software/software.html for download instructions) can -be safely used. - - -* Why does the OpenSSL compilation fail on Alpha True64 Unix? - -On some Alpha installations running True64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). +* Can I use OpenSSL's SSL library with non-blocking I/O? -There are three options to solve this problem: +Yes; make sure to read the SSL_get_error(3) manual page! -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. +A pitfall to avoid: Don't assume that SSL_read() will just read from +the underlying transport or that SSL_write() will just write to it -- +it is also possible that SSL_write() cannot do any useful work until +there is data to read, or that SSL_read() cannot do anything until it +is possible to send data. One reason for this is that the peer may +request a new TLS/SSL handshake at any time during the protocol, +requiring a bi-directional message exchange; both SSL_read() and +SSL_write() will try to continue any pending handshake. -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem, one should run VCVARS32.BAT which is found in -the 'bin' subdirectory of the VC++ installation directory (somewhere -under 'Program Files'). This needs to be done prior to running NMAKE, -and the changes are only valid for the current DOS session. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf is a nice tool, but is unfortunately very Unix-centric. -Although one can come up with solution to have ports keep in track, -there's also some work needed for that, and can be quite painful at -times. If there was a 'autoconf'-like tool that generated perl -scripts or something similarly general, it would probably be used -in OpenSSL much earlier. - -libtool has repeatadly been reported by some members of the OpenSSL -development and others to be a pain to use. So far, those in the -development team who have said anything about this have expressed -a wish to avoid libtool for that reason. +=============================================================================== @@ -43,9 +43,6 @@ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, the library files and binaries are also installed there. - rsaref Build with RSADSI's RSAREF toolkit (this assumes that - librsaref.a is in the library search path). - no-threads Don't try to build with support for multi-threaded applications. diff --git a/Makefile.org b/Makefile.org index 0c62ec96d..c50cab6a7 100644 --- a/Makefile.org +++ b/Makefile.org @@ -24,7 +24,6 @@ INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! OPENSSLDIR=/usr/local/ssl -# RSAref - Define if we are to link with RSAref. # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm # NO_RC2 - Define to build without the RC2 algorithm @@ -150,11 +149,15 @@ RMD160_ASM_OBJ= asm/rm86-out.o #RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD #RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= + # When we're prepared to use shared libraries in the programs we link here # we might set SHLIB_MARK to '$(SHARED_LIBS)'. SHLIB_MARK= -DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools +DIRS= crypto ssl $(SHLIB_MARK) apps test tools SHLIBDIRS= crypto ssl # dirs in crypto to build @@ -165,6 +168,10 @@ SDIRS= \ buffer bio stack lhash rand err objects \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp +# tests to perform. "alltests" is a special word indicating that all tests +# should be performed. +TESTS = alltests + MAKEFILE= Makefile.ssl MAKE= make -f Makefile.ssl @@ -201,7 +208,7 @@ sub_all: do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; \ @@ -254,7 +261,7 @@ do_bsd-gcc-shared: linux-shared do_linux-shared: libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \ + -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -L. -l$$i"; \ @@ -273,7 +280,7 @@ do_tru64-shared: do_solaris-shared: libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -L. -l$$i"; \ done @@ -282,28 +289,46 @@ do_solaris-shared: do_irix-shared: libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname,lib$$i.so.${SHLIB_MAJOR} \ + -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ libs="$$libs -L. -l$$i"; \ done # This assumes that GNU utilities are *not* used +# HP-UX includes the full pathname of libs we depend on, so we would get +# ./libcrypto (with ./ as path information) compiled into libssl, hence +# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto +# anyway. +# The object modules are loaded from lib$i.a using the undocumented -Fl +# option. +# +# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH +# by temporarily specifying "+s"! +# do_hpux-shared: - libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + for i in ${SHLIBDIRS}; do \ ( set -x; /usr/ccs/bin/ld +vnocompatwarnings \ - -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -b -z +s \ + -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -L. -l$$i"; \ + -Fl lib$$i.a -ldld -lc ) || exit 1; \ done # This assumes that GNU utilities are *not* used +# HP-UX includes the full pathname of libs we depend on, so we would get +# ./libcrypto (with ./ as path information) compiled into libssl, hence +# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto +# anyway. +# +# HP-UX in 64bit mode has "+s" enabled by default; it will search for +# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH. +# do_hpux64-shared: - libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld -b -z \ + -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -L. -l$$i"; \ + +forceload lib$$i.a -ldl -lc ) || exit 1; \ done Makefile.ssl: Makefile.org @@ -352,7 +377,7 @@ links: @for i in $(DIRS); do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making links in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ fi; \ done; @@ -375,7 +400,7 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests ); + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' tests ); @apps/openssl version -a report: @@ -484,8 +509,8 @@ install: all install_docs do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi \ done; \ ( here="`pwd`"; \ @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.6 and OpenSSL x.x.x: + + o New library section OCSP. + o Complete haul-over of the ASN.1 library section [1]. + + [1] The haul-over is currently a separate line of development. + Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: o Some documentation for BIO and SSL libraries. diff --git a/README.ENGINE b/README.ENGINE index 8318db0a4..0d698b744 100644 --- a/README.ENGINE +++ b/README.ENGINE @@ -13,11 +13,10 @@ o CryptoSwift o Compaq Atalla o nCipher CHIL + o Nuron A number of things are still needed and are being worked on: - o An openssl utility command to handle or at least check available - engines. o A better way of handling the methods that are handled by the engines. o Documentation! @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/10/26 21:07:27 $ + ______________ $Date: 2000/12/06 18:34:02 $ DEVELOPMENT STATE @@ -34,8 +34,10 @@ o Richard is currently working on: UTIL (a new set of library functions to support some higher level functionality that is currently missing). - Dynamic thread-lock support. Shared library support for VMS. + OCSP + Kerberos 5 authentication + Constification NEEDS PATCH @@ -735,6 +735,27 @@ $shared_target= $shared_cflag = $shared_extension = +*** darwin-ppc-cc +$cc = cc +$cflags = -O3 -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$lflags = +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_extension = + *** debug $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror @@ -842,24 +863,24 @@ $shared_extension = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe $unistd = $thread_cflag = -D_REENTRANT $lflags = -ldl -$bn_ops = -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** debug-linux-elf $cc = gcc @@ -1160,7 +1181,7 @@ $cc = cc $cflags = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z $unistd = $thread_cflag = (unknown) -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1181,7 +1202,7 @@ $cc = gcc $cflags = -DB_ENDIAN -DBN_DIV2W -O3 $unistd = $thread_cflag = (unknown) -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1202,7 +1223,7 @@ $cc = cc $cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z $unistd = $thread_cflag = (unknown) -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1223,7 +1244,7 @@ $cc = gcc $cflags = -DB_ENDIAN -DBN_DIV2W -O3 $unistd = $thread_cflag = (unknown) -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1244,7 +1265,7 @@ $cc = cc $cflags = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = $des_obj = @@ -1286,7 +1307,7 @@ $cc = gcc $cflags = -O3 -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1307,7 +1328,7 @@ $cc = cc $cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = $des_obj = @@ -1328,7 +1349,7 @@ $cc = cc $cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = asm/pa-risc2.o $des_obj = @@ -1349,7 +1370,7 @@ $cc = cc $cflags = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1370,7 +1391,7 @@ $cc = gcc $cflags = -DB_ENDIAN -DBN_DIV2W -O3 $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1391,7 +1412,7 @@ $cc = cc $cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = @@ -1412,7 +1433,7 @@ $cc = gcc $cflags = -DB_ENDIAN -DBN_DIV2W -O3 $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -Wl,+s -ldld $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $bn_obj = $des_obj = diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 46e44a59a..3f76156b6 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -5,7 +5,7 @@ DIR= apps TOP= .. CC= cc -INCLUDES= -I../include +INCLUDES= -I../include $(KRB5_INCLUDES) CFLAG= -g -static INSTALL_PREFIX= INSTALLTOP= /usr/local/ssl @@ -15,6 +15,9 @@ MAKEDEPEND= $(TOP)/util/domd $(TOP) MAKEFILE= Makefile.ssl PERL=/usr/local/bin/perl RM= rm -f +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= @@ -134,7 +137,7 @@ $(DLIBCRYPTO): $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs) progs.h: progs.pl @@ -158,7 +161,7 @@ app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -app_rand.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +app_rand.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h app_rand.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -181,7 +184,7 @@ apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -apps.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +apps.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h apps.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h apps.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -204,7 +207,7 @@ asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h asn1pars.o: ../include/openssl/rand.h ../include/openssl/rc2.h asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -asn1pars.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +asn1pars.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -225,7 +228,7 @@ ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ca.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +ca.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h ca.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ca.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -241,22 +244,23 @@ ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h -ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ciphers.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ciphers.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h +ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ciphers.o: ../include/openssl/rand.h ../include/openssl/rc2.h +ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ciphers.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h apps.h crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -274,7 +278,7 @@ crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl.o: ../include/openssl/rand.h ../include/openssl/rc2.h crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -crl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +crl.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -297,7 +301,7 @@ crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl2p7.o: ../include/openssl/rand.h ../include/openssl/rc2.h crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -crl2p7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +crl2p7.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -319,7 +323,7 @@ dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dgst.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +dgst.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -340,7 +344,7 @@ dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +dh.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h dh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h dh.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -363,7 +367,7 @@ dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +dsa.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -385,7 +389,7 @@ dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dsaparam.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +dsaparam.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -407,7 +411,7 @@ enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +enc.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -421,22 +425,23 @@ engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h engine.o: ../include/openssl/e_os.h ../include/openssl/e_os.h engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h engine.o: ../include/openssl/err.h ../include/openssl/evp.h -engine.o: ../include/openssl/idea.h ../include/openssl/lhash.h -engine.o: ../include/openssl/md2.h ../include/openssl/md4.h -engine.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h -engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -engine.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -engine.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h -engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h +engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h +engine.o: ../include/openssl/md4.h ../include/openssl/md5.h +engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +engine.o: ../include/openssl/rand.h ../include/openssl/rc2.h +engine.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +engine.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +engine.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h +engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +engine.o: ../include/openssl/tls1.h ../include/openssl/x509.h +engine.o: ../include/openssl/x509_vfy.h apps.h errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -446,22 +451,23 @@ errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h -errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h -errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -errstr.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -errstr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h +errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h +errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h +errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +errstr.o: ../include/openssl/rand.h ../include/openssl/rc2.h +errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +errstr.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h apps.h gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -479,7 +485,7 @@ gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -gendh.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +gendh.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -501,7 +507,7 @@ gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -gendsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +gendsa.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -523,7 +529,7 @@ genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -genrsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +genrsa.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -545,7 +551,7 @@ nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h nseq.o: ../include/openssl/rand.h ../include/openssl/rc2.h nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -nseq.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +nseq.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -559,23 +565,23 @@ openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h -openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h -openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -openssl.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -openssl.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -openssl.o: progs.h s_apps.h +openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h +openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h +openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +openssl.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -592,7 +598,7 @@ passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -passwd.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +passwd.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -614,7 +620,7 @@ pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h pkcs12.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -637,7 +643,7 @@ pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -pkcs7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +pkcs7.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -659,7 +665,7 @@ pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h pkcs8.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -681,7 +687,7 @@ rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -rand.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +rand.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -703,7 +709,7 @@ req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h req.o: ../include/openssl/rand.h ../include/openssl/rc2.h req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +req.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h req.o: ../include/openssl/safestack.h ../include/openssl/sha.h req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -726,7 +732,7 @@ rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -rsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +rsa.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -748,7 +754,7 @@ rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -rsautl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +rsautl.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -762,22 +768,23 @@ s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_cb.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s_cb.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h +s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_cb.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_cb.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -787,23 +794,23 @@ s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_client.o: ../include/openssl/err.h ../include/openssl/evp.h -s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_client.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s_client.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_client.o: s_apps.h +s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_client.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -813,23 +820,23 @@ s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_server.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s_server.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_server.o: s_apps.h +s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_server.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -839,22 +846,23 @@ s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h -s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_socket.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s_socket.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h +s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h +s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s_socket.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s_socket.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -864,23 +872,23 @@ s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_time.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s_time.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_time.o: s_apps.h +s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_time.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_time.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -890,22 +898,23 @@ sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h -sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h -sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -sess_id.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -sess_id.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h -sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h +sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h +sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h +sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +sess_id.o: ../include/openssl/rand.h ../include/openssl/rc2.h +sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +sess_id.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h apps.h smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -923,7 +932,7 @@ smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -smime.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +smime.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -944,7 +953,7 @@ speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -speed.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +speed.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h speed.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h speed.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -967,7 +976,7 @@ spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -spkac.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +spkac.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -989,7 +998,7 @@ verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -verify.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +verify.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -1010,7 +1019,7 @@ version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -version.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +version.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h version.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h version.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -1033,7 +1042,7 @@ x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -x509.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +x509.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h diff --git a/apps/apps.h b/apps/apps.h index e8272a397..11133cb1d 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -122,14 +122,16 @@ extern BIO *bio_err; # ifdef _O_BINARY # define apps_startup() \ _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - SSLeay_add_all_algorithms() + SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines() # else # define apps_startup() \ _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - SSLeay_add_all_algorithms() + SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines() # endif # else -# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms(); +# define apps_startup() \ + do_pipe_sig(); SSLeay_add_all_algorithms(); \ + ENGINE_load_builtin_engines() # endif #endif @@ -153,7 +153,8 @@ static char *ca_usage[]={ " -days arg - number of days to certify the certificate for\n", " -md arg - md to use, one of md2, md5, sha or sha1\n", " -policy arg - The CA 'policy' to support\n", -" -keyfile arg - PEM private key file\n", +" -keyfile arg - private key file\n", +" -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -in file - The input PEM encoded certificate request(s)\n", @@ -179,11 +180,11 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(char *name,char *tag); -static unsigned long index_serial_hash(char **a); -static int index_serial_cmp(char **a, char **b); -static unsigned long index_name_hash(char **a); +static unsigned long index_serial_hash(const char **a); +static int index_serial_cmp(const char **a, const char **b); +static unsigned long index_name_hash(const char **a); static int index_name_qual(char **a); -static int index_name_cmp(char **a,char **b); +static int index_name_cmp(const char **a,const char **b); static BIGNUM *load_serial(char *serialfile); static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, @@ -214,6 +215,12 @@ static char *section=NULL; static int preserve=0; static int msie_hack=0; +static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) +static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) + + int MAIN(int, char **); int MAIN(int argc, char **argv) @@ -236,6 +243,7 @@ int MAIN(int argc, char **argv) char *policy=NULL; char *keyfile=NULL; char *certfile=NULL; + int keyform=FORMAT_PEM; char *infile=NULL; char *spkac_file=NULL; char *ss_cert_file=NULL; @@ -337,6 +345,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; keyfile= *(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; @@ -563,14 +576,31 @@ bad: BIO_printf(bio_err,"Error getting password\n"); goto err; } - if (BIO_read_filename(in,keyfile) <= 0) + if (keyform == FORMAT_ENGINE) { - perror(keyfile); - BIO_printf(bio_err,"trying to load CA private key\n"); - goto err; + if (!e) + { + BIO_printf(bio_err,"no engine specified\n"); + goto err; + } + pkey = ENGINE_load_private_key(e, keyfile, key); } + else if (keyform == FORMAT_PEM) + { + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); + goto err; + } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - if(key) memset(key,0,strlen(key)); + } + else + { + BIO_printf(bio_err,"bad input format specified for key file\n"); + goto err; + } + if(key) memset(key,0,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); @@ -729,15 +759,17 @@ bad: BIO_printf(bio_err,"generating index\n"); } - if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, - index_serial_cmp)) + if (!TXT_DB_create_index(db, DB_serial, NULL, + LHASH_HASH_FN(index_serial_hash), + LHASH_COMP_FN(index_serial_cmp))) { BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); goto err; } - if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, - index_name_cmp)) + if (!TXT_DB_create_index(db, DB_name, index_name_qual, + LHASH_HASH_FN(index_name_hash), + LHASH_COMP_FN(index_name_cmp))) { BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", db->error,db->arg1,db->arg2); @@ -1302,31 +1334,31 @@ static void lookup_fail(char *name, char *tag) BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } -static unsigned long index_serial_hash(char **a) +static unsigned long index_serial_hash(const char **a) { - char *n; + const char *n; n=a[DB_serial]; while (*n == '0') n++; return(lh_strhash(n)); } -static int index_serial_cmp(char **a, char **b) +static int index_serial_cmp(const char **a, const char **b) { - char *aa,*bb; + const char *aa,*bb; for (aa=a[DB_serial]; *aa == '0'; aa++); for (bb=b[DB_serial]; *bb == '0'; bb++); return(strcmp(aa,bb)); } -static unsigned long index_name_hash(char **a) +static unsigned long index_name_hash(const char **a) { return(lh_strhash(a[DB_name])); } static int index_name_qual(char **a) { return(a[0][0] == 'V'); } -static int index_name_cmp(char **a, char **b) +static int index_name_cmp(const char **a, const char **b) { return(strcmp(a[DB_name], b[DB_name])); } @@ -2227,7 +2259,7 @@ static int do_revoke(X509 *x509, TXT_DB *db) goto err; } - else if (index_name_cmp(row,rrow)) + else if (index_name_cmp((const char **)row,(const char **)rrow)) { BIO_printf(bio_err,"ERROR:name does not match %s\n", row[DB_name]); diff --git a/apps/enc.c b/apps/enc.c index 84179f57a..f43bb029a 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -71,6 +71,7 @@ #endif #include <openssl/pem.h> #include <openssl/engine.h> +#include <ctype.h> int set_hex(char *in,unsigned char *out,int size); #undef SIZE @@ -81,6 +82,24 @@ int set_hex(char *in,unsigned char *out,int size); #define BSIZE (8*1024) #define PROG enc_main +void show_ciphers(const OBJ_NAME *name,void *bio_) + { + BIO *bio=bio_; + static int n; + + if(!islower(*name->name)) + return; + + BIO_printf(bio,"-%-25s",name->name); + if(++n == 3) + { + BIO_printf(bio,"\n"); + n=0; + } + else + BIO_printf(bio," "); + } + int MAIN(int, char **); int MAIN(int argc, char **argv) @@ -92,7 +111,7 @@ int MAIN(int argc, char **argv) unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; int ret=1,inl; - unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; @@ -252,76 +271,11 @@ bad: BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); BIO_printf(bio_err,"Cipher Types\n"); - BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); - BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n"); - BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n"); -#ifndef NO_IDEA - BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n"); -#endif -#ifndef NO_RC4 - BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n"); -#endif -#ifndef NO_BF - BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n"); -#endif -#ifndef NO_RC4 - BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n", - LN_rc4); -#endif + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, + show_ciphers, + bio_err); + BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ecb,LN_des_cbc, - LN_des_cfb64,LN_des_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n", - "des", LN_des_cbc); - - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ede,LN_des_ede_cbc, - LN_des_ede_cfb64,LN_des_ede_ofb64); - BIO_printf(bio_err," -desx -none\n"); - - - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ede3,LN_des_ede3_cbc, - LN_des_ede3_cfb64,LN_des_ede3_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n", - "des3", LN_des_ede3_cbc); - -#ifndef NO_IDEA - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_idea_ecb, LN_idea_cbc, - LN_idea_cfb64, LN_idea_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc); -#endif -#ifndef NO_RC2 - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_rc2_ecb, LN_rc2_cbc, - LN_rc2_cfb64, LN_rc2_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc); -#endif -#ifndef NO_BF - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_bf_ecb, LN_bf_cbc, - LN_bf_cfb64, LN_bf_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc); -#endif -#ifndef NO_CAST - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_cast5_ecb, LN_cast5_cbc, - LN_cast5_cfb64, LN_cast5_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc); -#endif -#ifndef NO_RC5 - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_rc5_ecb, LN_rc5_cbc, - LN_rc5_cfb64, LN_rc5_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc); -#endif -#ifndef NO_RIJNDAEL - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s\n", - LN_rijndael_ecb_k128_b128,"","","",""); -#endif - goto end; } argc--; @@ -542,12 +496,12 @@ bad: else memset(str,0,strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv,iv,8)) + if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey,key,24)) + if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); goto end; diff --git a/apps/engine.c b/apps/engine.c index ca5618b1a..f11206f57 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -73,11 +73,8 @@ static char *engine_usage[]={ "usage: engine opts [engine ...]\n", " -v - verbose mode, a textual listing of the engines in OpenSSL\n", -#if 0 " -c - for each engine, also list the capabilities\n", -#endif " -t - for each engine, check that they are really available\n", -" -l - load all built-in engines\n", NULL }; @@ -153,8 +150,6 @@ int MAIN(int argc, char **argv) list_cap=1; else if (strcmp(*argv,"-t") == 0) test_avail=1; - else if (strcmp(*argv,"-l") == 0) - ENGINE_load_builtin_engines(); else if ((strncmp(*argv,"-h",2) == 0) || (strcmp(*argv,"-?") == 0)) { diff --git a/apps/makeapps.com b/apps/makeapps.com index 7e9d0ac8d..0bd5e2e51 100644 --- a/apps/makeapps.com +++ b/apps/makeapps.com @@ -157,13 +157,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- "RSA;RSAUTL;DSA;DSAPARAM;"+- "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- - "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND" + "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE" $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,- CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,- RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,- X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,- S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,- - CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ + CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",OPENSSL," @@ -581,6 +581,7 @@ $ CHECK_OPTIONS: $! $! Check To See If P1 Is Blank. $! +$ P1 = "NORSAREF" $ IF (P1.EQS."NORSAREF") $ THEN $! diff --git a/apps/openssl.c b/apps/openssl.c index 4f61006b7..b7e50c737 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -85,6 +85,9 @@ char *default_config_file=NULL; BIO *bio_err=NULL; #endif +static IMPLEMENT_LHASH_HASH_FN(hash,FUNCTION *) +static IMPLEMENT_LHASH_COMP_FN(cmp,FUNCTION *) + int main(int Argc, char *Argv[]) { ARGS arg; @@ -112,6 +115,7 @@ int main(int Argc, char *Argv[]) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); ERR_load_crypto_strings(); + ENGINE_load_builtin_engines(); /* Lets load up our environment a little */ p=getenv("OPENSSL_CONF"); @@ -350,7 +354,9 @@ static LHASH *prog_init(void) ; qsort(functions,i,sizeof *functions,SortFnByName); - if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); + if ((ret=lh_new(LHASH_HASH_FN(hash), + LHASH_COMP_FN(cmp))) == NULL) + return(NULL); for (f=functions; f->name != NULL; f++) lh_insert(ret,f); diff --git a/apps/passwd.c b/apps/passwd.c index 6851a9927..c92ff40be 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -50,6 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin + * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns @@ -62,6 +63,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; + int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; @@ -128,6 +130,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], "-noverify") == 0) + in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) @@ -174,6 +178,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); + BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); @@ -222,7 +227,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) - if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } diff --git a/apps/req.c b/apps/req.c index a27959868..7b8b4dbd6 100644 --- a/apps/req.c +++ b/apps/req.c @@ -102,7 +102,7 @@ * -nodes - no des encryption * -config file - Load configuration file. * -key file - make a request using key in file (or use it for verification). - * -keyform - key file format. + * -keyform arg - key file format. * -rand file(s) - load the file(s) into the PRNG. * -newkey - make a key and a request. * -modulus - print RSA modulus. diff --git a/apps/rsa.c b/apps/rsa.c index 700df4223..825d925c6 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -265,7 +265,7 @@ bad: else if (informat == FORMAT_NETSCAPE) { BUF_MEM *buf=NULL; - unsigned char *p; + const unsigned char *p; int size=0; buf=BUF_MEM_new(); diff --git a/apps/s_client.c b/apps/s_client.c index 45d627a60..1a94cdec6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -420,6 +420,12 @@ bad: con=SSL_new(ctx); +#ifndef NO_KRB5 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); + } +#endif /* NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: diff --git a/apps/s_server.c b/apps/s_server.c index 7b6a2b0a2..383e2304d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -821,6 +821,13 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); +#ifndef NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); diff --git a/apps/speed.c b/apps/speed.c index 5ff2ade6e..1634498c7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -82,13 +82,15 @@ #include <openssl/rand.h> #include <openssl/err.h> #include <openssl/engine.h> +#include <openssl/evp.h> +#include <openssl/objects.h> #if defined(__FreeBSD__) # define USE_TOD #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) /* FIXME */ # define TIMEB #endif @@ -196,7 +198,7 @@ int run=0; static double Time_F(int s, int usertime); -static void print_message(char *s,long num,int length); +static void print_message(const char *s,long num,int length); static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) @@ -314,11 +316,11 @@ int MAIN(int argc, char **argv) ENGINE *e; unsigned char *buf=NULL,*buf2=NULL; int mret=1; -#define ALGOR_NUM 15 +#define ALGOR_NUM 16 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 - long count,rsa_count; + long count,rsa_count,save_count=0; int i,j,k; unsigned rsa_num; #ifndef NO_MD2 @@ -384,10 +386,11 @@ int MAIN(int argc, char **argv) #define D_CBC_RC5 12 #define D_CBC_BF 13 #define D_CBC_CAST 14 +#define D_EVP 15 double d,results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={8,64,256,1024,8*1024}; long c[ALGOR_NUM][SIZE_NUM]; - static char *names[ALGOR_NUM]={ + static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"}; @@ -420,6 +423,7 @@ int MAIN(int argc, char **argv) int doit[ALGOR_NUM]; int pr_header=0; int usertime=1; + const EVP_CIPHER *evp=NULL; #ifndef TIMES usertime=-1; @@ -472,6 +476,23 @@ int MAIN(int argc, char **argv) { if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0)) usertime = 0; + else if ((argc > 0) && (strcmp(*argv,"-evp") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no EVP given\n"); + goto end; + } + evp=EVP_get_cipherbyname(*argv); + if(!evp) + { + BIO_printf(bio_err,"%s is an unknown cipher\n",*argv); + goto end; + } + doit[D_EVP]=1; + } else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { @@ -547,7 +568,7 @@ int MAIN(int argc, char **argv) else #endif #ifndef NO_RSA -#ifdef RSAref +#if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) { RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); @@ -719,7 +740,10 @@ int MAIN(int argc, char **argv) if (j == 0) { for (i=0; i<ALGOR_NUM; i++) - doit[i]=1; + { + if (i != D_EVP) + doit[i]=1; + } for (i=0; i<RSA_NUM; i++) rsa_doit[i]=1; for (i=0; i<DSA_NUM; i++) @@ -739,7 +763,7 @@ int MAIN(int argc, char **argv) #ifndef NO_RSA for (i=0; i<RSA_NUM; i++) { - unsigned char *p; + const unsigned char *p; p=rsa_data[i]; rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]); @@ -804,6 +828,7 @@ int MAIN(int argc, char **argv) &(sch[0]),DES_ENCRYPT); d=Time_F(STOP,usertime); } while (d <3); + save_count=count; c[D_MD2][0]=count/10; c[D_MDC2][0]=count/10; c[D_MD4][0]=count; @@ -1160,6 +1185,28 @@ int MAIN(int argc, char **argv) } #endif + if (doit[D_EVP]) + { + for (j=0; j<SIZE_NUM; j++) + { + EVP_CIPHER_CTX ctx; + int outl; + + names[D_EVP]=OBJ_nid2ln(evp->nid); + print_message(names[D_EVP],save_count, + lengths[j]); + EVP_EncryptInit(&ctx,evp,key16,iv); + Time_F(START,usertime); + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]); + EVP_EncryptFinal(&ctx,buf,&outl); + d=Time_F(STOP,usertime); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_EVP],d); + results[D_EVP][j]=((double)count)/d*lengths[j]; + } + } + RAND_pseudo_bytes(buf,36); #ifndef NO_RSA for (j=0; j<RSA_NUM; j++) @@ -1429,7 +1476,7 @@ end: EXIT(mret); } -static void print_message(char *s, long num, int length) +static void print_message(const char *s, long num, int length) { #ifdef SIGALRM BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length); @@ -203,6 +203,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "ppc-apple-rhapsody"; exit 0 ;; + Darwin:*) + echo "ppc-apple-darwin"; exit 0 + ;; + SunOS:5.*) echo "${MACHINE}-whatever-solaris2"; exit 0 ;; @@ -433,6 +437,7 @@ EOF m68k-*-linux*) OUT="linux-m68k" ;; ia64-*-linux?) OUT="linux-ia64" ;; ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; + ppc-apple-darwin) OUT="darwin-ppc-cc" ;; sparc64-*-linux2) #Before we can uncomment following lines we have to wait at least #till 64-bit glibc for SPARC is operational:-( @@ -442,7 +447,7 @@ EOF #read waste < /dev/tty OUT="linux-sparcv9" ;; sparc-*-linux2) - KARCH=`awk '/type/{print$3}' /proc/cpuinfo` + KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` case ${KARCH:-sun4} in sun4u*) OUT="linux-sparcv9" ;; sun4m) OUT="linux-sparcv8" ;; @@ -536,6 +541,27 @@ do fi done +# Discover Kerberos 5 (since it's still a prototype, we don't +# do any guesses yet, that's why this section is commented away. +#if [ -d /usr/kerberos ]; then +# krb5_dir=/usr/kerberos +# if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\ +# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\ +# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\ +# -a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\ +# -a \( -f $krb5_dir/include/krb5.h \) ]; then +# options="$options --with-krb5-flavor=MIT" +# fi +#elif [ -d /usr/heimdal ]; then +# krb5_dir=/usr/heimdal +# if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\ +# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\ +# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\ +# -a \( -f $krb5_dir/include/krb5.h \) ]; then +# options="$options --with-krb5-flavor=Heimdal" +# fi +#fi + if [ -z "$OUT" ]; then OUT="$CC" fi diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 2720dd65f..5dd662843 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -157,8 +157,7 @@ a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -a_digest.o: ../../include/openssl/rc5.h -a_digest.o: ../../include/openssl/rijndael-alg-fst.h +a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h a_digest.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -275,12 +274,12 @@ a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -a_sign.o: ../../include/openssl/rijndael-alg-fst.h -a_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +a_sign.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_sign.o: ../cryptlib.h a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -294,12 +293,12 @@ a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -a_strex.o: ../../include/openssl/rijndael-alg-fst.h -a_strex.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h charmap.h +a_strex.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: charmap.h a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h @@ -355,8 +354,7 @@ a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_verify.o: ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -a_verify.o: ../../include/openssl/rc5.h -a_verify.o: ../../include/openssl/rijndael-alg-fst.h +a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h a_verify.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -406,7 +404,7 @@ d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h d2i_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -424,7 +422,7 @@ d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h d2i_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -475,7 +473,7 @@ i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h i2d_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -493,7 +491,7 @@ i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h i2d_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -513,12 +511,12 @@ n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -n_pkey.o: ../../include/openssl/rijndael-alg-fst.h -n_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +n_pkey.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +n_pkey.o: ../cryptlib.h nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -532,7 +530,7 @@ nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h nsseq.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -nsseq.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +nsseq.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h nsseq.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h nsseq.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -553,12 +551,12 @@ p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p5_pbe.o: ../../include/openssl/rijndael-alg-fst.h -p5_pbe.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p5_pbe.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbe.o: ../cryptlib.h p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -574,12 +572,12 @@ p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p5_pbev2.o: ../../include/openssl/rijndael-alg-fst.h -p5_pbev2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p5_pbev2.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbev2.o: ../cryptlib.h p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -594,7 +592,7 @@ p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p8_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -615,13 +613,12 @@ t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_bitst.o: ../../include/openssl/rijndael-alg-fst.h -t_bitst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_bitst.o: ../cryptlib.h +t_bitst.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -637,13 +634,12 @@ t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_crl.o: ../../include/openssl/rijndael-alg-fst.h -t_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_crl.o: ../cryptlib.h +t_crl.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h @@ -668,13 +664,12 @@ t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_req.o: ../../include/openssl/rijndael-alg-fst.h -t_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_req.o: ../cryptlib.h +t_req.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h t_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -689,12 +684,12 @@ t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_spki.o: ../../include/openssl/rijndael-alg-fst.h -t_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +t_spki.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_spki.o: ../cryptlib.h t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -710,13 +705,12 @@ t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_x509.o: ../../include/openssl/rijndael-alg-fst.h -t_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_x509.o: ../cryptlib.h +t_x509.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -731,12 +725,12 @@ t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h t_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_x509a.o: ../../include/openssl/rijndael-alg-fst.h -t_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +t_x509a.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +t_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -789,7 +783,7 @@ x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_algor.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -809,8 +803,7 @@ x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_attrib.o: ../../include/openssl/rc5.h -x_attrib.o: ../../include/openssl/rijndael-alg-fst.h +x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_attrib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -839,7 +832,7 @@ x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -858,7 +851,7 @@ x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_exten.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -878,12 +871,12 @@ x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_info.o: ../../include/openssl/rijndael-alg-fst.h -x_info.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x_info.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_info.o: ../cryptlib.h x_long.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_long.o: ../../include/openssl/bio.h ../../include/openssl/bn.h x_long.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -906,7 +899,7 @@ x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_name.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_name.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_name.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -926,7 +919,7 @@ x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -946,8 +939,7 @@ x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_pubkey.o: ../../include/openssl/rc5.h -x_pubkey.o: ../../include/openssl/rijndael-alg-fst.h +x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_pubkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -967,7 +959,7 @@ x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_req.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_req.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -987,7 +979,7 @@ x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -1007,7 +999,7 @@ x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -1027,7 +1019,7 @@ x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_val.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_val.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_val.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -1048,7 +1040,7 @@ x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -1069,7 +1061,7 @@ x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 63aa37665..a06803594 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -288,6 +288,7 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; /* Declare ASN1 functions: the implement macro in in asn1t.h */ #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ type *name##_new(void); \ void name##_free(type *a); \ @@ -298,6 +299,15 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; int i2d_##name(type *a, unsigned char **out); \ extern const ASN1_ITEM name##_it; +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + extern const ASN1_ITEM name##_it; + +#define DECLARE_ASN1_FUNCTIONS_const(name) \ + name *name##_new(void); \ + void name##_free(name *a); + /* Parameters used by ASN1_STRING_print_ex() */ /* These determine which characters to escape: @@ -913,24 +923,58 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); #define ASN1_F_BN_TO_ASN1_INTEGER 139 #define ASN1_F_COLLECT_DATA 140 #define ASN1_F_D2I_ASN1_BIT_STRING 141 +#define ASN1_F_D2I_ASN1_BMPSTRING 178 #define ASN1_F_D2I_ASN1_BOOLEAN 142 #define ASN1_F_D2I_ASN1_BYTES 143 #define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 #define ASN1_F_D2I_ASN1_HEADER 145 #define ASN1_F_D2I_ASN1_INTEGER 146 +#define ASN1_F_D2I_ASN1_NULL 179 #define ASN1_F_D2I_ASN1_OBJECT 147 #define ASN1_F_D2I_ASN1_SET 148 #define ASN1_F_D2I_ASN1_TYPE_BYTES 149 #define ASN1_F_D2I_ASN1_UINTEGER 150 #define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_ASN1_VISIBLESTRING 180 #define ASN1_F_D2I_DHPARAMS 152 #define ASN1_F_D2I_DSAPARAMS 153 #define ASN1_F_D2I_DSAPRIVATEKEY 154 #define ASN1_F_D2I_DSAPUBLICKEY 155 #define ASN1_F_D2I_NETSCAPE_RSA 156 #define ASN1_F_D2I_NETSCAPE_RSA_2 157 +#define ASN1_F_D2I_OCSP_BASICRESP 181 +#define ASN1_F_D2I_OCSP_CERTID 182 +#define ASN1_F_D2I_OCSP_CERTSTATUS 183 +#define ASN1_F_D2I_OCSP_CRLID 184 +#define ASN1_F_D2I_OCSP_ONEREQ 185 +#define ASN1_F_D2I_OCSP_REQINFO 186 +#define ASN1_F_D2I_OCSP_REQUEST 187 +#define ASN1_F_D2I_OCSP_RESPBYTES 188 +#define ASN1_F_D2I_OCSP_RESPDATA 189 +#define ASN1_F_D2I_OCSP_RESPID 190 +#define ASN1_F_D2I_OCSP_RESPONSE 191 +#define ASN1_F_D2I_OCSP_REVOKEDINFO 192 +#define ASN1_F_D2I_OCSP_SERVICELOC 193 +#define ASN1_F_D2I_OCSP_SIGNATURE 194 +#define ASN1_F_D2I_OCSP_SINGLERESP 195 +#define ASN1_F_D2I_PKCS12 196 +#define ASN1_F_D2I_PKCS12_BAGS 197 +#define ASN1_F_D2I_PKCS12_MAC_DATA 198 +#define ASN1_F_D2I_PKCS12_SAFEBAG 199 +#define ASN1_F_D2I_PKCS7 200 +#define ASN1_F_D2I_PKCS7_DIGEST 201 +#define ASN1_F_D2I_PKCS7_ENCRYPT 202 +#define ASN1_F_D2I_PKCS7_ENC_CONTENT 203 +#define ASN1_F_D2I_PKCS7_ENVELOPE 204 +#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL 205 +#define ASN1_F_D2I_PKCS7_RECIP_INFO 206 +#define ASN1_F_D2I_PKCS7_SIGNED 207 +#define ASN1_F_D2I_PKCS7_SIGNER_INFO 208 +#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 209 #define ASN1_F_D2I_PRIVATEKEY 158 #define ASN1_F_D2I_PUBLICKEY 159 +#define ASN1_F_D2I_X509 210 +#define ASN1_F_D2I_X509_CINF 211 #define ASN1_F_D2I_X509_NAME 160 #define ASN1_F_D2I_X509_PKEY 161 #define ASN1_F_I2D_ASN1_TIME 162 @@ -944,10 +988,41 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); #define ASN1_F_I2D_PUBLICKEY 170 #define ASN1_F_I2D_RSA_PUBKEY 171 #define ASN1_F_LONG_C2I 172 +#define ASN1_F_OCSP_BASICRESP_NEW 212 +#define ASN1_F_OCSP_CERTID_NEW 213 +#define ASN1_F_OCSP_CERTSTATUS_NEW 214 +#define ASN1_F_OCSP_CRLID_NEW 215 +#define ASN1_F_OCSP_ONEREQ_NEW 216 +#define ASN1_F_OCSP_REQINFO_NEW 217 +#define ASN1_F_OCSP_REQUEST_NEW 218 +#define ASN1_F_OCSP_RESPBYTES_NEW 219 +#define ASN1_F_OCSP_RESPDATA_NEW 220 +#define ASN1_F_OCSP_RESPID_NEW 221 +#define ASN1_F_OCSP_RESPONSE_NEW 222 +#define ASN1_F_OCSP_REVOKEDINFO_NEW 223 +#define ASN1_F_OCSP_SERVICELOC_NEW 224 +#define ASN1_F_OCSP_SIGNATURE_NEW 225 +#define ASN1_F_OCSP_SINGLERESP_NEW 226 +#define ASN1_F_PKCS12_BAGS_NEW 227 +#define ASN1_F_PKCS12_MAC_DATA_NEW 228 +#define ASN1_F_PKCS12_NEW 229 +#define ASN1_F_PKCS12_SAFEBAG_NEW 230 #define ASN1_F_PKCS5_PBE2_SET 173 +#define ASN1_F_PKCS7_DIGEST_NEW 231 +#define ASN1_F_PKCS7_ENCRYPT_NEW 232 +#define ASN1_F_PKCS7_ENC_CONTENT_NEW 233 +#define ASN1_F_PKCS7_ENVELOPE_NEW 234 +#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW 235 +#define ASN1_F_PKCS7_NEW 236 +#define ASN1_F_PKCS7_RECIP_INFO_NEW 237 +#define ASN1_F_PKCS7_SIGNED_NEW 238 +#define ASN1_F_PKCS7_SIGNER_INFO_NEW 239 +#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 240 +#define ASN1_F_X509_CINF_NEW 241 #define ASN1_F_X509_CRL_ADD0_REVOKED 174 #define ASN1_F_X509_INFO_NEW 175 #define ASN1_F_X509_NAME_NEW 176 +#define ASN1_F_X509_NEW 242 #define ASN1_F_X509_PKEY_NEW 177 /* Reason codes. */ @@ -955,7 +1030,9 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 +#define ASN1_R_BAD_PKCS7_CONTENT 171 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BAD_TYPE 172 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -969,6 +1046,7 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); #define ASN1_R_EXPECTING_AN_INTEGER 115 #define ASN1_R_EXPECTING_AN_OBJECT 116 #define ASN1_R_EXPECTING_A_BOOLEAN 117 +#define ASN1_R_EXPECTING_A_NULL 173 #define ASN1_R_EXPECTING_A_TIME 118 #define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 #define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 9ab1891b8..e75dfc71b 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -108,24 +108,58 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, {ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, +{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0), "D2I_ASN1_BMPSTRING"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, +{ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0), "D2I_ASN1_NULL"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, +{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0), "D2I_ASN1_VISIBLESTRING"}, {ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0), "d2i_DHparams"}, {ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0), "d2i_DSAparams"}, {ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0), "d2i_DSAPrivateKey"}, {ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "d2i_DSAPublicKey"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "d2i_Netscape_RSA_2"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0), "d2i_OCSP_BASICRESP"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0), "d2i_OCSP_CERTID"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0), "d2i_OCSP_CERTSTATUS"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0), "d2i_OCSP_CRLID"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0), "d2i_OCSP_ONEREQ"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0), "d2i_OCSP_REQINFO"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0), "d2i_OCSP_REQUEST"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0), "d2i_OCSP_RESPBYTES"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0), "d2i_OCSP_RESPDATA"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0), "d2i_OCSP_RESPID"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0), "d2i_OCSP_RESPONSE"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0), "d2i_OCSP_REVOKEDINFO"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0), "d2i_OCSP_SERVICELOC"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0), "d2i_OCSP_SIGNATURE"}, +{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0), "d2i_OCSP_SINGLERESP"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12,0), "D2I_PKCS12"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0), "D2I_PKCS12_BAGS"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0), "D2I_PKCS12_MAC_DATA"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0), "D2I_PKCS12_SAFEBAG"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7,0), "D2I_PKCS7"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0), "D2I_PKCS7_ENCRYPT"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0), "D2I_PKCS7_ENC_CONTENT"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0), "D2I_PKCS7_ENVELOPE"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0), "D2I_PKCS7_ISSUER_AND_SERIAL"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0), "D2I_PKCS7_RECIP_INFO"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "D2I_PKCS7_SIGNED"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0), "D2I_PKCS7_SIGNER_INFO"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"}, {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, +{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, +{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, @@ -139,10 +173,41 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, +{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0), "OCSP_BASICRESP_new"}, +{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0), "OCSP_CERTID_new"}, +{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0), "OCSP_CERTSTATUS_new"}, +{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0), "OCSP_CRLID_new"}, +{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0), "OCSP_ONEREQ_new"}, +{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0), "OCSP_REQINFO_new"}, +{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0), "OCSP_REQUEST_new"}, +{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0), "OCSP_RESPBYTES_new"}, +{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0), "OCSP_RESPDATA_new"}, +{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0), "OCSP_RESPID_new"}, +{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0), "OCSP_RESPONSE_new"}, +{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0), "OCSP_REVOKEDINFO_new"}, +{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0), "OCSP_SERVICELOC_new"}, +{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0), "OCSP_SIGNATURE_new"}, +{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0), "OCSP_SINGLERESP_new"}, +{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0), "PKCS12_BAGS_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0), "PKCS12_MAC_DATA_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_NEW,0), "PKCS12_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0), "PKCS12_SAFEBAG_NEW"}, {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, +{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0), "PKCS7_ENCRYPT_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0), "PKCS7_ENC_CONTENT_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0), "PKCS7_ENVELOPE_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0), "PKCS7_ISSUER_AND_SERIAL_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_NEW,0), "PKCS7_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0), "PKCS7_RECIP_INFO_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0), "PKCS7_SIGNER_INFO_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"}, +{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, {ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, {ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, +{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, {0,NULL} }; @@ -153,7 +218,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_BAD_CLASS ,"bad class"}, {ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, {ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, +{ASN1_R_BAD_PKCS7_CONTENT ,"bad pkcs7 content"}, {ASN1_R_BAD_TAG ,"bad tag"}, +{ASN1_R_BAD_TYPE ,"bad type"}, {ASN1_R_BN_LIB ,"bn lib"}, {ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, {ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, @@ -167,6 +234,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, {ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, {ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, +{ASN1_R_EXPECTING_A_NULL ,"expecting a null"}, {ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, {ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, {ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index 4512ba6cc..be65b7b54 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -76,8 +76,8 @@ extern "C" { ASN1_CTX c; \ type ret=NULL; \ \ - c.pp=pp; \ - c.q= *pp; \ + c.pp=(unsigned char **)pp; \ + c.q= *(unsigned char **)pp; \ c.error=ERR_R_NESTED_ASN1_ERROR; \ if ((a == NULL) || ((*a) == NULL)) \ { if ((ret=(type)func()) == NULL) \ @@ -85,13 +85,13 @@ extern "C" { else ret=(*a); #define M_ASN1_D2I_Init() \ - c.p= *pp; \ + c.p= *(unsigned char **)pp; \ c.max=(length == 0)?0:(c.p+length); #define M_ASN1_D2I_Finish_2(a) \ if (!asn1_Finish(&c)) \ { c.line=__LINE__; goto err; } \ - *pp=c.p; \ + *(unsigned char **)pp=c.p; \ if (a != NULL) (*a)=ret; \ return(ret); @@ -99,7 +99,7 @@ extern "C" { M_ASN1_D2I_Finish_2(a); \ err:\ ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*pp,(int)(c.q- *pp)); \ + asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ return(NULL) diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index 3ed21d474..430c37124 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -657,7 +657,7 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) -#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ return (stname *)ASN1_item_new(&itname##_it); \ @@ -665,8 +665,11 @@ typedef struct ASN1_AUX_st { void fname##_free(stname *a) \ { \ ASN1_item_free((ASN1_VALUE *)a, &itname##_it); \ - } \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ stname *d2i_##fname(stname **a, unsigned char **in, long len) \ @@ -678,6 +681,26 @@ typedef struct ASN1_AUX_st { return ASN1_item_i2d((ASN1_VALUE *)a, out, &itname##_it);\ } +/* This includes evil casts to remove const: they will go away when full + * ASN1 constification is done. + */ +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, &itname##_it);\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &itname##_it);\ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + /* external definitions for primitive types */ extern const ASN1_ITEM ASN1_BOOLEAN_it; diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index c92b8325d..31584fe09 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -84,7 +84,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, { #ifndef NO_RSA case EVP_PKEY_RSA: - if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL) + if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, + (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); goto err; @@ -93,7 +94,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL) + if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, + (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index e0d203cef..9eedde3de 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -84,7 +84,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, { #ifndef NO_RSA case EVP_PKEY_RSA: - if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL) + if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL, + (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; @@ -93,7 +94,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL) + if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL, + (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index ffe7928d7..82a621224 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -92,7 +92,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY); -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) +IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), @@ -100,17 +100,17 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(NETSCAPE_PKEY); -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY) +IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, int (*cb)(), int sgckey); -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()) +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) { return i2d_RSA_NET(a, pp, cb, 0); } -int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey) +int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) { int i, j, ret = 0; int rsalen, pkeylen, olen; @@ -223,15 +223,15 @@ err: } -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()) +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) { return d2i_RSA_NET(a, pp, length, cb, 0); } -RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey) +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) { RSA *ret=NULL; - unsigned char *p, *kp; + const unsigned char *p, *kp; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -273,7 +273,8 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, NETSCAPE_PKEY *pkey=NULL; RSA *ret=NULL; int i,j; - unsigned char buf[256],*zz; + unsigned char buf[256]; + const unsigned char *zz; unsigned char key[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX ctx; diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index ae18da96e..62bc704d3 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -74,7 +74,7 @@ static int print(BIO *fp,const char *str,BIGNUM *num, unsigned char *buf,int off); #ifndef NO_RSA #ifndef NO_FP_API -int RSA_print_fp(FILE *fp, RSA *x, int off) +int RSA_print_fp(FILE *fp, const RSA *x, int off) { BIO *b; int ret; @@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, RSA *x, int off) } #endif -int RSA_print(BIO *bp, RSA *x, int off) +int RSA_print(BIO *bp, const RSA *x, int off) { char str[128]; const char *s; @@ -140,7 +140,7 @@ err: #ifndef NO_DSA #ifndef NO_FP_API -int DSA_print_fp(FILE *fp, DSA *x, int off) +int DSA_print_fp(FILE *fp, const DSA *x, int off) { BIO *b; int ret; @@ -157,7 +157,7 @@ int DSA_print_fp(FILE *fp, DSA *x, int off) } #endif -int DSA_print(BIO *bp, DSA *x, int off) +int DSA_print(BIO *bp, const DSA *x, int off) { char str[128]; unsigned char *m=NULL; @@ -261,7 +261,7 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, #ifndef NO_DH #ifndef NO_FP_API -int DHparams_print_fp(FILE *fp, DH *x) +int DHparams_print_fp(FILE *fp, const DH *x) { BIO *b; int ret; @@ -278,7 +278,7 @@ int DHparams_print_fp(FILE *fp, DH *x) } #endif -int DHparams_print(BIO *bp, DH *x) +int DHparams_print(BIO *bp, const DH *x) { unsigned char *m=NULL; int reason=ERR_R_BUF_LIB,i,ret=0; @@ -314,7 +314,7 @@ err: #ifndef NO_DSA #ifndef NO_FP_API -int DSAparams_print_fp(FILE *fp, DSA *x) +int DSAparams_print_fp(FILE *fp, const DSA *x) { BIO *b; int ret; @@ -331,7 +331,7 @@ int DSAparams_print_fp(FILE *fp, DSA *x) } #endif -int DSAparams_print(BIO *bp, DSA *x) +int DSAparams_print(BIO *bp, const DSA *x) { unsigned char *m=NULL; int reason=ERR_R_BUF_LIB,i,ret=0; diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index cd5144d3d..8cef2cfb1 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -169,6 +169,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) long j; int type; unsigned char *p; + const unsigned char *cp; #ifndef NO_DSA X509_ALGOR *a; #endif @@ -200,9 +201,9 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) if (a->parameter->type == V_ASN1_SEQUENCE) { ret->pkey.dsa->write_params=0; - p=a->parameter->value.sequence->data; + cp=p=a->parameter->value.sequence->data; j=a->parameter->value.sequence->length; - if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j)) + if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) goto err; } ret->save_parameters=1; diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index 4ca495d28..9a69e3af4 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -123,7 +123,7 @@ bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h bf_buff.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -142,11 +142,11 @@ bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -bf_nbio.o: ../../include/openssl/rijndael-alg-fst.h -bf_nbio.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -bf_nbio.o: ../../include/openssl/symhacks.h ../cryptlib.h +bf_nbio.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bf_nbio.o: ../cryptlib.h bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -160,7 +160,7 @@ bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h bf_null.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index ad36267e2..dd5c35bf6 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -35,15 +35,15 @@ TEST=bntest.c exptest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ +LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ - bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \ - bn_mpi.c bn_exp2.c + bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c -LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o \ +LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ - bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \ - bn_mpi.o bn_exp2.o + bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ + bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o SRC= $(LIBSRC) @@ -230,6 +230,8 @@ bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bn_gcd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h +bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/opensslconf.h +bn_kron.o: bn_lcl.h bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h @@ -237,6 +239,13 @@ bn_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bn_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h +bn_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_mod.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +bn_mod.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +bn_mod.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h @@ -304,6 +313,13 @@ bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bn_sqr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h +bn_sqrt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_sqrt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +bn_sqrt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +bn_sqrt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h diff --git a/crypto/bn/asm/vms.mar b/crypto/bn/asm/vms.mar index ac9d57d7b..754ab5347 100644 --- a/crypto/bn/asm/vms.mar +++ b/crypto/bn/asm/vms.mar @@ -162,442 +162,236 @@ n=12 ;(AP) n by value (input) movl #1,r0 ; return SS$_NORMAL ret - .title (generated) - - .psect code,nowrt - -.entry BN_DIV_WORDS,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10> - subl2 #4,sp - - clrl r9 - movl #2,r8 - - tstl 12(ap) - bneq noname.2 - mnegl #1,r10 - brw noname.3 - tstl r0 - nop -noname.2: - - pushl 12(ap) - calls #1,BN_NUM_BITS_WORD - movl r0,r7 - - cmpl r7,#32 - beql noname.4 - ashl r7,#1,r2 - cmpl 4(ap),r2 - blequ noname.4 - - pushl r7 - calls #1,BN_DIV_WORDS_ABORT -noname.4: - - subl3 r7,#32,r7 - - movl 12(ap),r2 - cmpl 4(ap),r2 - blssu noname.5 - subl2 r2,4(ap) -noname.5: - - tstl r7 - beql noname.6 - - ashl r7,r2,12(ap) - - ashl r7,4(ap),r4 - subl3 r7,#32,r3 - subl3 r3,#32,r2 - extzv r3,r2,8(ap),r2 - bisl3 r4,r2,4(ap) - - ashl r7,8(ap),8(ap) -noname.6: - - bicl3 #65535,12(ap),r2 - extzv #16,#16,r2,r5 - - bicl3 #-65536,12(ap),r6 - -noname.7: - - moval 4(ap),r2 - movzwl 2(r2),r0 - cmpl r0,r5 - bneq noname.8 - - movzwl #65535,r4 - brb noname.9 -noname.8: - - clrl r1 - movl (r2),r0 - movl r5,r2 - bgeq vcg.1 - cmpl r2,r0 - bgtru vcg.2 - incl r1 - brb vcg.2 - nop -vcg.1: - ediv r2,r0,r1,r0 -vcg.2: - movl r1,r4 -noname.9: - -noname.10: - - mull3 r5,r4,r0 - subl3 r0,4(ap),r3 - - bicl3 #65535,r3,r0 - bneq noname.13 - mull3 r6,r4,r2 - ashl #16,r3,r1 - bicl3 #65535,8(ap),r0 - extzv #16,#16,r0,r0 - addl2 r0,r1 - cmpl r2,r1 - bgtru noname.12 -noname.11: - - brb noname.13 - nop -noname.12: - - decl r4 - brb noname.10 -noname.13: - - mull3 r5,r4,r1 - - mull3 r6,r4,r0 - - extzv #16,#16,r0,r3 - - ashl #16,r0,r2 - bicl3 #65535,r2,r0 - - addl2 r3,r1 - - moval 8(ap),r3 - cmpl (r3),r0 - bgequ noname.15 - incl r1 -noname.15: - - subl2 r0,(r3) - - cmpl 4(ap),r1 - bgequ noname.16 - - addl2 12(ap),4(ap) - - decl r4 -noname.16: + .title vax_bn_div_words unsigned divide +; +; Richard Levitte 20-Nov-2000 +; +; ULONG bn_div_words(ULONG h, ULONG l, ULONG d) +; { +; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d); +; } +; +; Using EDIV would be very easy, if it didn't do signed calculations. +; Therefore, som extra things have to happen around it. The way to +; handle that is to shift all operands right one step (basically dividing +; them by 2) and handle the different cases depending on what the lowest +; bit of each operand was. +; +; To start with, let's define the following: +; +; a' = l & 1 +; a2 = <h,l> >> 1 # UNSIGNED shift! +; b' = d & 1 +; b2 = d >> 1 # UNSIGNED shift! +; +; Now, use EDIV to calculate a quotient and a remainder: +; +; q'' = a2/b2 +; r'' = a2 - q''*b2 +; +; If b' is 0, the quotient is already correct, we just need to adjust the +; remainder: +; +; if (b' == 0) +; { +; r = 2*r'' + a' +; q = q'' +; } +; +; If b' is 1, we need to do other adjustements. The first thought is the +; following (note that r' will not always have the right value, but an +; adjustement follows further down): +; +; if (b' == 1) +; { +; q' = q'' +; r' = a - q'*b +; +; However, one can note the folowing relationship: +; +; r'' = a2 - q''*b2 +; => 2*r'' = 2*a2 - 2*q''*b2 +; = { a = 2*a2 + a', b = 2*b2 + b' = 2*b2 + 1, +; q' = q'' } +; = a - a' - q'*(b - 1) +; = a - q'*b - a' + q' +; = r' - a' + q' +; => r' = 2*r'' - q' + a' +; +; This enables us to use r'' instead of discarding and calculating another +; modulo: +; +; if (b' == 1) +; { +; q' = q'' +; r' = (r'' << 1) - q' + a' +; +; Now, all we have to do is adjust r', because it might be < 0: +; +; while (r' < 0) +; { +; r' = r' + b +; q' = q' - 1 +; } +; } +; +; return q' - subl2 r1,4(ap) +h=4 ;(AP) h by value (input) +l=8 ;(AP) l by value (input) +d=12 ;(AP) d by value (input) - decl r8 - beql noname.18 -noname.17: +;aprim=r5 +;a2=r6 +;a20=r6 +;a21=r7 +;bprim=r8 +;b2=r9 +;qprim=r10 ; initially used as q'' +;rprim=r11 ; initially used as r'' - ashl #16,r4,r9 - ashl #16,4(ap),r2 - movzwl 2(r3),r0 - bisl2 r0,r2 - bicl3 #0,r2,4(ap) + .psect code,nowrt - bicl3 #-65536,(r3),r0 - ashl #16,r0,(r3) - brw noname.7 - nop -noname.18: +.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> + movl l(ap),r2 + movl h(ap),r3 + movl d(ap),r4 - bisl2 r4,r9 + movl #0,r5 + movl #0,r8 + movl #0,r0 - movl r9,r10 + rotl #-1,r2,r6 ; a20 = l >> 1 (almost) + rotl #-1,r3,r7 ; a21 = h >> 1 (almost) + rotl #-1,r4,r9 ; b2 = d >> 1 (almost) -noname.3: + tstl r6 + bgeq 1$ + xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 0 + incl r5 ; a' = 1 +1$: + tstl r7 + bgeq 2$ + xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 1, + ; since that's what was lowest in a21 + xorl2 #^X80000000,r7 ; fixup a21 so highest bit is 1 +2$: + tstl r9 + bgeq 666$ ; Uh-oh, the divisor is 0... + bgtr 3$ + xorl2 #^X80000000,r9 ; fixup b2 so highest bit is 1 + incl r8 +3$: + tstl r9 + bneq 4$ ; if b2 is 0, we know that bprim is 1 + tstl r7 + bneq 666$ ; if higher half isn't 0, we overflow + movl r0,r6 ; otherwise, we have our result + brb 42$ +4$: + ediv r9,r6,r10,r11 + + tstl r8 + bneq 5$ ; If b' != 0, go to the other part +; addl3 r11,r11,r1 +; addl2 r5,r1 + brb 42$ +5$: + ashl #1,r11,r11 + subl2 r10,r11 + addl2 r5,r11 + bgeq 7$ +6$: + decl r10 + addl2 r4,r11 + blss 6$ +7$: +; movl r11,r1 +42$: movl r10,r0 - ret - tstl r0 - +666$: + ret - .psect code,nowrt - -.entry BN_ADD_WORDS,^m<r2,r3,r4,r5,r6,r7> - - tstl 16(ap) - bgtr noname.21 - clrl r7 - brw noname.22 -noname.21: - - clrl r4 - - tstl r0 -noname.23: - - movl 8(ap),r6 - addl3 r4,(r6),r2 - - bicl2 #0,r2 - - clrl r0 - cmpl r2,r4 - bgequ vcg.3 - incl r0 -vcg.3: - movl r0,r4 - - movl 12(ap),r5 - addl3 (r5),r2,r1 - bicl2 #0,r1 - - clrl r0 - cmpl r1,r2 - bgequ vcg.4 - incl r0 -vcg.4: - addl2 r0,r4 - - movl 4(ap),r3 - movl r1,(r3) - - decl 16(ap) - bgtr gen.1 - brw noname.25 -gen.1: -noname.24: - - addl3 r4,4(r6),r2 - - bicl2 #0,r2 - - clrl r0 - cmpl r2,r4 - bgequ vcg.5 - incl r0 -vcg.5: - movl r0,r4 - - addl3 4(r5),r2,r1 - bicl2 #0,r1 - - clrl r0 - cmpl r1,r2 - bgequ vcg.6 - incl r0 -vcg.6: - addl2 r0,r4 - - movl r1,4(r3) - - decl 16(ap) - bleq noname.25 -noname.26: - - addl3 r4,8(r6),r2 - - bicl2 #0,r2 - - clrl r0 - cmpl r2,r4 - bgequ vcg.7 - incl r0 -vcg.7: - movl r0,r4 - - addl3 8(r5),r2,r1 - bicl2 #0,r1 - - clrl r0 - cmpl r1,r2 - bgequ vcg.8 - incl r0 -vcg.8: - addl2 r0,r4 - - movl r1,8(r3) - - decl 16(ap) - bleq noname.25 -noname.27: - - addl3 r4,12(r6),r2 - - bicl2 #0,r2 - - clrl r0 - cmpl r2,r4 - bgequ vcg.9 - incl r0 -vcg.9: - movl r0,r4 - - addl3 12(r5),r2,r1 - bicl2 #0,r1 - - clrl r0 - cmpl r1,r2 - bgequ vcg.10 - incl r0 -vcg.10: - addl2 r0,r4 + .title vax_bn_add_words unsigned add of two arrays +; +; Richard Levitte 20-Nov-2000 +; +; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) { +; ULONG c = 0; +; int i; +; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c; +; return(c); +; } - movl r1,12(r3) +r=4 ;(AP) r by reference (output) +a=8 ;(AP) a by reference (input) +b=12 ;(AP) b by reference (input) +n=16 ;(AP) n by value (input) - decl 16(ap) - bleq noname.25 -noname.28: - addl3 #16,r6,8(ap) + .psect code,nowrt - addl3 #16,r5,12(ap) +.entry bn_add_words,^m<r2,r3,r4,r5,r6> - addl3 #16,r3,4(ap) - brw noname.23 - tstl r0 -noname.25: + moval @r(ap),r2 + moval @a(ap),r3 + moval @b(ap),r4 + movl n(ap),r5 ; assumed >0 by C code + clrl r0 ; c - movl r4,r7 + tstl r5 ; carry = 0 + bleq 666$ -noname.22: - movl r7,r0 - ret - nop +0$: + movl (r3)+,r6 ; carry untouched + adwc (r4)+,r6 ; carry used and touched + movl r6,(r2)+ ; carry untouched + sobgtr r5,0$ ; carry untouched + adwc #0,r0 +666$: + ret + .title vax_bn_sub_words unsigned add of two arrays +; +; Richard Levitte 20-Nov-2000 +; +; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) { +; ULONG c = 0; +; int i; +; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c; +; return(c); +; } -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) +r=4 ;(AP) r by reference (output) +a=8 ;(AP) a by reference (input) +b=12 ;(AP) b by reference (input) +n=16 ;(AP) n by value (input) - .psect code,nowrt -.entry BN_SUB_WORDS,^m<r2,r3,r4,r5,r6,r7> + .psect code,nowrt - clrl r6 +.entry bn_sub_words,^m<r2,r3,r4,r5,r6> - tstl 16(ap) - bgtr noname.31 - clrl r7 - brw noname.32 - tstl r0 -noname.31: + moval @r(ap),r2 + moval @a(ap),r3 + moval @b(ap),r4 + movl n(ap),r5 ; assumed >0 by C code + clrl r0 ; c -noname.33: + tstl r5 ; carry = 0 + bleq 666$ - movl 8(ap),r5 - movl (r5),r1 - movl 12(ap),r4 - movl (r4),r2 - - movl 4(ap),r3 - subl3 r2,r1,r0 - subl2 r6,r0 - bicl3 #0,r0,(r3) - - cmpl r1,r2 - beql noname.34 - clrl r0 - cmpl r1,r2 - bgequ vcg.11 - incl r0 -vcg.11: - movl r0,r6 -noname.34: - - decl 16(ap) - bgtr gen.2 - brw noname.36 -gen.2: -noname.35: - - movl 4(r5),r2 - movl 4(r4),r1 - - subl3 r1,r2,r0 - subl2 r6,r0 - bicl3 #0,r0,4(r3) - - cmpl r2,r1 - beql noname.37 - clrl r0 - cmpl r2,r1 - bgequ vcg.12 - incl r0 -vcg.12: - movl r0,r6 -noname.37: - - decl 16(ap) - bleq noname.36 -noname.38: - - movl 8(r5),r1 - movl 8(r4),r2 - - subl3 r2,r1,r0 - subl2 r6,r0 - bicl3 #0,r0,8(r3) - - cmpl r1,r2 - beql noname.39 - clrl r0 - cmpl r1,r2 - bgequ vcg.13 - incl r0 -vcg.13: - movl r0,r6 -noname.39: - - decl 16(ap) - bleq noname.36 -noname.40: - - movl 12(r5),r1 - movl 12(r4),r2 - - subl3 r2,r1,r0 - subl2 r6,r0 - bicl3 #0,r0,12(r3) - - cmpl r1,r2 - beql noname.41 - clrl r0 - cmpl r1,r2 - bgequ vcg.14 - incl r0 -vcg.14: - movl r0,r6 -noname.41: - - decl 16(ap) - bleq noname.36 -noname.42: - - addl3 #16,r5,8(ap) - - addl3 #16,r4,12(ap) - - addl3 #16,r3,4(ap) - brw noname.33 - tstl r0 -noname.36: - - movl r6,r7 - -noname.32: - movl r7,r0 - ret - nop +0$: + movl (r3)+,r6 ; carry untouched + sbwc (r4)+,r6 ; carry used and touched + movl r6,(r2)+ ; carry untouched + sobgtr r5,0$ ; carry untouched + adwc #0,r0 +666$: + ret ;r=4 ;(AP) @@ -6615,81 +6409,3 @@ noname.610: ; For now, the code below doesn't work, so I end this prematurely. .end - - .title vax_bn_div64 division 64/32=>32 -; -; r.l. 16-jan-1998 -; -; unsigned int bn_div64(unsigned long h, unsigned long l, unsigned long d) -; return <h,l>/d; -; - - .psect code,nowrt - -h=4 ;(AP) by value (input) -l=8 ;(AP) by value (input) -d=12 ;(AP) by value (input) - -.entry bn_div64,^m<r2,r3,r4,r5,r6,r7,r8,r9> - - movl l(ap),r2 ; l - movl h(ap),r3 ; h - movl d(ap),r4 ; d - clrl r5 ; q - clrl r6 ; r - - ; Treat "negative" specially - tstl r3 - blss 30$ - - tstl r4 - beql 90$ - - ediv r4,r2,r5,r6 - bvs 666$ - - movl r5,r0 - ret - -30$: - ; The theory here is to do some harmless shifting and a little - ; bit of rounding (brackets are to designate when decimals are - ; cut off): - ; - ; result = 2 * [ ([<h,0>/2] + [d/2]) / d ] + [ l / d ] - - movl #0,r7 - movl r3,r8 ; copy h - ashq #-1,r7,r7 ; [<h,0>/2] => <r8,r7> - bicl2 #^X80000000,r8 ; Remove "sign" - - movl r4,r9 ; copy d - ashl #-1,r9,r9 ; [d/2] => r9 - bicl2 #^X80000000,r9 ; Remove "sign" - - addl2 r9,r7 - adwc #0,r8 ; [<h,0>/2] + [d/2] => <r8,r7> - - ediv r4,r7,r5,r6 ; [ ([<h,0>/2] + [d/2]) / d ] => <r5,r6> - bvs 666$ - - movl #0,r6 - ashq #1,r5,r5 ; 2 * [ ([<h,0>/2] + [d/2]) / d ] => r5 - - movl #0,r3 - ediv r4,r2,r8,r9 ; [ l / d ] => <r8,r9> - - addl2 r8,r5 ; - bcs 666$ - - movl r5,r0 - ret - -90$: - movl #-1,r0 - ret - -666$: - - -.end diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 1eb8395b2..47e355ea9 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -75,8 +75,6 @@ extern "C" { #define BN_MUL_COMBA #define BN_SQR_COMBA #define BN_RECURSION -#define RECP_MUL_MOD -#define MONT_MUL_MOD /* This next option uses the C libraries (2 word)/(1 word) function. * If it is not defined, I use my C version (which is slower). @@ -90,6 +88,7 @@ extern "C" { * be on. Again this in only really a problem on machines * using "long long's", are 32bit, and are not using my assembler code. */ #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux) +#undef BN_DIV2W #define BN_DIV2W #endif @@ -239,7 +238,7 @@ typedef struct bignum_st } BIGNUM; /* Used for temp variables */ -#define BN_CTX_NUM 12 +#define BN_CTX_NUM 20 #define BN_CTX_NUM_POS 12 typedef struct bignum_ctx { @@ -283,9 +282,6 @@ typedef struct bn_recp_ctx_st int flags; } BN_RECP_CTX; -#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - r,a,&((mont)->RR),(mont),ctx) - #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -308,10 +304,15 @@ typedef struct bn_recp_ctx_st /* b >= 100 */ 27) #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_is_word(a,0)) -#define BN_is_one(a) (BN_is_word((a),1)) -#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + +/* Note that BN_abs_is_word does not work reliably for w == 0 */ +#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) +#define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) +#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +#define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ + BN_is_zero((a))) +#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + #define BN_one(a) (BN_set_word((a),1)) #define BN_zero(a) (BN_set_word((a),0)) @@ -334,44 +335,62 @@ BIGNUM *BN_new(void); void BN_init(BIGNUM *); void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); -BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret); +BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx); + BN_CTX *ctx); +#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); int BN_mul_word(BIGNUM *a, BN_ULONG w); int BN_add_word(BIGNUM *a, BN_ULONG w); int BN_sub_word(BIGNUM *a, BN_ULONG w); int BN_set_word(BIGNUM *a, BN_ULONG w); -BN_ULONG BN_get_word(BIGNUM *a); +BN_ULONG BN_get_word(const BIGNUM *a); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); void BN_free(BIGNUM *a); int BN_is_bit_set(const BIGNUM *a, int n); int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -int BN_lshift1(BIGNUM *r, BIGNUM *a); -int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx); -int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m,BN_CTX *ctx); -int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2, - BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx); -int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, - BIGNUM *m,BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, + BN_CTX *ctx,BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); + int BN_mask_bits(BIGNUM *a,int n); -int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); #ifndef NO_FP_API int BN_print_fp(FILE *fp, const BIGNUM *a); #endif @@ -380,9 +399,9 @@ int BN_print(BIO *fp, const BIGNUM *a); #else int BN_print(void *fp, const BIGNUM *a); #endif -int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx); -int BN_rshift(BIGNUM *r, BIGNUM *a, int n); -int BN_rshift1(BIGNUM *r, BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); void BN_clear(BIGNUM *a); BIGNUM *BN_dup(const BIGNUM *a); int BN_ucmp(const BIGNUM *a, const BIGNUM *b); @@ -392,23 +411,31 @@ char * BN_bn2hex(const BIGNUM *a); char * BN_bn2dec(const BIGNUM *a); int BN_hex2bn(BIGNUM **a, const char *str); int BN_dec2bn(BIGNUM **a, const char *str); -int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx); -BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add, - BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg); +int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *),void *cb_arg); int BN_is_prime(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *), - BN_CTX *ctx,void *cb_arg); + void (*callback)(int,int,void *), + BN_CTX *ctx,void *cb_arg); int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, - int do_trial_division); + void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, + int do_trial_division); void ERR_load_BN_strings(void ); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont, - BN_CTX *ctx); -int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); @@ -426,12 +453,12 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp); BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, - BN_RECP_CTX *recp,BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp,BN_CTX *ctx); int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); /* library internal functions */ @@ -439,6 +466,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, (a):bn_expand2((a),(bits)/BN_BITS2+1)) #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) BIGNUM *bn_expand2(BIGNUM *a, int words); +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); #define bn_fix_top(a) \ { \ @@ -450,15 +478,15 @@ BIGNUM *bn_expand2(BIGNUM *a, int words); } \ } -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); #ifdef BN_DEBUG - void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n); +void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n); # define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ fprintf(stderr,"\n");} # define bn_dump(a,n) bn_dump1(stderr,#a,a,n); @@ -467,6 +495,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); # define bn_dump(a,b) #endif +int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -485,11 +515,14 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); #define BN_F_BN_CTX_NEW 106 #define BN_F_BN_DIV 107 #define BN_F_BN_EXPAND2 108 +#define BN_F_BN_EXPAND_INTERNAL 120 #define BN_F_BN_MOD_EXP2_MONT 118 #define BN_F_BN_MOD_EXP_MONT 109 #define BN_F_BN_MOD_EXP_MONT_WORD 117 #define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_LSHIFT_QUICK 119 #define BN_F_BN_MOD_MUL_RECIPROCAL 111 +#define BN_F_BN_MOD_SQRT 121 #define BN_F_BN_MPI2BN 112 #define BN_F_BN_NEW 113 #define BN_F_BN_RAND 114 @@ -498,13 +531,18 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); /* Reason codes. */ #define BN_R_ARG2_LT_ARG3 100 #define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 #define BN_R_CALLED_WITH_EVEN_MODULUS 102 #define BN_R_DIV_BY_ZERO 103 #define BN_R_ENCODING_ERROR 104 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INPUT_NOT_REDUCED 110 #define BN_R_INVALID_LENGTH 106 +#define BN_R_NOT_A_SQUARE 111 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 +#define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_MANY_ITERATIONS 113 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 #ifdef __cplusplus diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index 44e52a40d..be8aa3ffc 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -68,7 +68,7 @@ #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -93,7 +93,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -117,7 +117,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { assert(n >= 0); if (n <= 0) return; @@ -139,7 +139,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) #else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c=0; BN_ULONG bl,bh; @@ -166,7 +166,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c); } -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG carry=0; BN_ULONG bl,bh; @@ -193,7 +193,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(carry); } -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { assert(n >= 0); if (n <= 0) return; @@ -296,7 +296,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ #ifdef BN_LLONG -BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) { BN_ULLONG ll=0; @@ -332,7 +332,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) return((BN_ULONG)ll); } #else /* !BN_LLONG */ -BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) { BN_ULONG c,l,t; @@ -382,7 +382,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) } #endif /* !BN_LLONG */ -BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) { BN_ULONG t1,t2; int c=0; @@ -673,7 +673,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) r[7]=c2; } -void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { #ifdef BN_LLONG BN_ULLONG t,tt; @@ -754,7 +754,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) r[15]=c1; } -void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { #ifdef BN_LLONG BN_ULLONG t,tt; diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index b1a8d7571..28b334fbd 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -112,8 +112,14 @@ void BN_CTX_start(BN_CTX *ctx) ctx->depth++; } + BIGNUM *BN_CTX_get(BN_CTX *ctx) { + /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically, + * make sure that if BN_CTX_get fails once it will return NULL again + * until BN_CTX_end is called. (This is so that callers have to check + * only the last return value.) + */ if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) { if (!ctx->too_many) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index c3772c243..2e600c7c5 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -61,6 +61,7 @@ #include "cryptlib.h" #include "bn_lcl.h" + /* The old slow way */ #if 0 int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, @@ -152,6 +153,14 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, # endif /* __GNUC__ */ #endif /* NO_ASM */ + +/* BN_div computes dv := num / divisor, rounding towards zero, and sets up + * rm such that dv*divisor + rm = num holds. + * Thus: + * dv->neg == num->neg ^ divisor->neg (unless the result is zero) + * rm->neg == num->neg (unless the remainder is zero) + * If 'dv' or 'rm' is NULL, the respective value is not returned. + */ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { @@ -180,13 +189,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX_start(ctx); tmp=BN_CTX_get(ctx); - tmp->neg=0; snum=BN_CTX_get(ctx); sdiv=BN_CTX_get(ctx); if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; - if (res == NULL) goto err; + if (sdiv == NULL || res == NULL) goto err; + tmp->neg=0; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); @@ -331,7 +340,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (rm != NULL) { BN_rshift(rm,snum,norm_shift); - rm->neg=num->neg; + if (!BN_is_zero(rm)) + rm->neg = num->neg; } BN_CTX_end(ctx); return(1); @@ -341,40 +351,3 @@ err: } #endif - -/* rem != m */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) - { -#if 0 /* The old slow way */ - int i,nm,nd; - BIGNUM *dv; - - if (BN_ucmp(m,d) < 0) - return((BN_copy(rem,m) == NULL)?0:1); - - BN_CTX_start(ctx); - dv=BN_CTX_get(ctx); - - if (!BN_copy(rem,m)) goto err; - - nm=BN_num_bits(rem); - nd=BN_num_bits(d); - if (!BN_lshift(dv,d,nm-nd)) goto err; - for (i=nm-nd; i>=0; i--) - { - if (BN_cmp(rem,dv) >= 0) - { - if (!BN_sub(rem,rem,dv)) goto err; - } - if (!BN_rshift1(dv,dv)) goto err; - } - BN_CTX_end(ctx); - return(1); - err: - BN_CTX_end(ctx); - return(0); -#else - return(BN_div(NULL,rem,m,d,ctx)); -#endif - } - diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 86550c4c2..d7f0493f4 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -76,11 +76,14 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, {ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, {ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, +{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, {ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, +{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, +{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, @@ -92,13 +95,18 @@ static ERR_STRING_DATA BN_str_reasons[]= { {BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, {BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, +{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, {BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, {BN_R_DIV_BY_ZERO ,"div by zero"}, {BN_R_ENCODING_ERROR ,"encoding error"}, {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, +{BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, {BN_R_INVALID_LENGTH ,"invalid length"}, +{BN_R_NOT_A_SQUARE ,"not a square"}, {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, +{BN_R_P_IS_NOT_PRIME ,"p is not prime"}, +{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, {0,NULL} }; diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index d2c91628a..1739be686 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -110,38 +110,13 @@ */ -#include <stdio.h> #include "cryptlib.h" #include "bn_lcl.h" #define TABLE_SIZE 32 -/* slow but works */ -int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) - { - BIGNUM *t; - int r=0; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(m); - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) goto err; - if (a == b) - { if (!BN_sqr(t,a,ctx)) goto err; } - else - { if (!BN_mul(t,a,b,ctx)) goto err; } - if (!BN_mod(ret,t,m,ctx)) goto err; - r=1; -err: - BN_CTX_end(ctx); - return(r); - } - - /* this one works - simple but works */ -int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx) +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { int i,bits,ret=0; BIGNUM *v,*rr; @@ -176,7 +151,7 @@ err: } -int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { int ret; @@ -185,6 +160,40 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(p); bn_check_top(m); + /* For even modulus m = 2^k*m_odd, it might make sense to compute + * a^p mod m_odd and a^p mod 2^k separately (with Montgomery + * exponentiation for the odd part), using appropriate exponent + * reductions, and combine the results using the CRT. + * + * For now, we use Montgomery only if the modulus is odd; otherwise, + * exponentiation using the reciprocal-based quick remaindering + * algorithm is used. + * + * (Timing obtained with expspeed.c [computations a^p mod m + * where a, p, m are of the same length: 256, 512, 1024, 2048, + * 4096, 8192 bits], compared to the running time of the + * standard algorithm: + * + * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] + * 55 .. 77 % [UltraSparc processor, but + * debug-solaris-sparcv8-gcc conf.] + * + * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] + * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] + * + * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont + * at 2048 and more bits, but at 512 and 1024 bits, it was + * slower even than the standard algorithm! + * + * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] + * should be obtained when the new Montgomery reduction code + * has been integrated into OpenSSL.) + */ + +#define MONT_MUL_MOD +#define MONT_EXP_WORD +#define RECP_MUL_MOD + #ifdef MONT_MUL_MOD /* I have finally been able to take out this pre-condition of * the top bit being set. It was caused by an error in BN_div @@ -194,12 +203,14 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { - if (a->top == 1) +# ifdef MONT_EXP_WORD + if (a->top == 1 && !a->neg) { BN_ULONG A = a->d[0]; ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); } else +# endif ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); } else @@ -227,8 +238,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (bits == 0) { - BN_one(r); - return(1); + ret = BN_one(r); + return ret; } BN_CTX_start(ctx); @@ -240,7 +251,12 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_init(&(val[0])); ts=1; - if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + if (BN_is_zero(&(val[0]))) + { + ret = BN_zero(r); + goto err; + } window = BN_window_bits_for_exponent_size(bits); if (window > 1) @@ -325,13 +341,13 @@ err: } -int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p, +int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { int i,j,bits,ret=0,wstart,wend,window,wvalue; int start=1,ts=0; BIGNUM *d,*r; - BIGNUM *aa; + const BIGNUM *aa; BIGNUM val[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; @@ -347,9 +363,10 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p, bits=BN_num_bits(p); if (bits == 0) { - BN_one(rr); - return(1); + ret = BN_one(rr); + return ret; } + BN_CTX_start(ctx); d = BN_CTX_get(ctx); r = BN_CTX_get(ctx); @@ -368,14 +385,19 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p, BN_init(&val[0]); ts=1; - if (BN_ucmp(a,m) >= 0) + if (a->neg || BN_ucmp(a,m) >= 0) { - if (!BN_mod(&(val[0]),a,m,ctx)) + if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; aa= &(val[0]); } else aa=a; + if (BN_is_zero(aa)) + { + ret = BN_zero(rr); + goto err; + } if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); @@ -484,17 +506,26 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - if (!(m->d[0] & 1)) + if (m->top == 0 || !(m->d[0] & 1)) { BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); } + if (m->top == 1) + a %= m->d[0]; /* make sure that 'a' is reduced */ + bits = BN_num_bits(p); if (bits == 0) { - BN_one(rr); - return(1); + ret = BN_one(rr); + return ret; + } + if (a == 0) + { + ret = BN_zero(rr); + return ret; } + BN_CTX_start(ctx); d = BN_CTX_get(ctx); r = BN_CTX_get(ctx); @@ -590,8 +621,9 @@ err: /* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, - BN_CTX *ctx) +int BN_mod_exp_simple(BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) { int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; int start=1; @@ -602,8 +634,8 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, if (bits == 0) { - BN_one(r); - return(1); + ret = BN_one(r); + return ret; } BN_CTX_start(ctx); @@ -611,7 +643,12 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_init(&(val[0])); ts=1; - if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + if (BN_is_zero(&(val[0]))) + { + ret = BN_zero(r); + goto err; + } window = BN_window_bits_for_exponent_size(bits); if (window > 1) diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 29029f4c7..73ccd58a8 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -115,13 +115,14 @@ #define TABLE_SIZE 32 -int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, - BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont) { int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; int r_is_one=1,ts1=0,ts2=0; BIGNUM *d,*r; - BIGNUM *a_mod_m; + const BIGNUM *a_mod_m; BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; @@ -140,9 +141,10 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, bits2=BN_num_bits(p2); if ((bits1 == 0) && (bits2 == 0)) { - BN_one(rr); - return(1); + ret = BN_one(rr); + return ret; } + bits=(bits1 > bits2)?bits1:bits2; BN_CTX_start(ctx); @@ -166,7 +168,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, */ BN_init(&val1[0]); ts1=1; - if (BN_ucmp(a1,m) >= 0) + if (a1->neg || BN_ucmp(a1,m) >= 0) { if (!BN_mod(&(val1[0]),a1,m,ctx)) goto err; @@ -174,6 +176,12 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, } else a_mod_m = a1; + if (BN_is_zero(a_mod_m)) + { + ret = BN_zero(rr); + goto err; + } + if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; if (window1 > 1) { @@ -195,7 +203,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, */ BN_init(&val2[0]); ts2=1; - if (BN_ucmp(a2,m) >= 0) + if (a2->neg || BN_ucmp(a2,m) >= 0) { if (!BN_mod(&(val2[0]),a2,m,ctx)) goto err; @@ -203,6 +211,11 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, } else a_mod_m = a2; + if (BN_is_zero(a_mod_m)) + { + ret = BN_zero(rr); + goto err; + } if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; if (window2 > 1) { diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 398207196..d5caf5136 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -55,14 +55,66 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ -#include <stdio.h> #include "cryptlib.h" #include "bn_lcl.h" static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); -int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx) +int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) { BIGNUM *a,*b,*t; int ret=0; @@ -77,6 +129,8 @@ int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx) if (BN_copy(a,in_a) == NULL) goto err; if (BN_copy(b,in_b) == NULL) goto err; + a->neg = 0; + b->neg = 0; if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } t=euclid(a,b); @@ -97,10 +151,10 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) bn_check_top(a); bn_check_top(b); - for (;;) + /* 0 <= b <= a */ + while (!BN_is_zero(b)) { - if (BN_is_zero(b)) - break; + /* 0 < b <= a */ if (BN_is_odd(a)) { @@ -133,7 +187,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) shifts++; } } + /* 0 <= b <= a */ } + if (shifts) { if (!BN_lshift(a,a,shifts)) goto err; @@ -143,11 +199,13 @@ err: return(NULL); } + /* solves ax == 1 (mod n) */ -BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL; - BIGNUM *T,*ret=NULL; + BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; + BIGNUM *ret=NULL; int sign; bn_check_top(a); @@ -160,7 +218,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) D = BN_CTX_get(ctx); M = BN_CTX_get(ctx); Y = BN_CTX_get(ctx); - if (Y == NULL) goto err; + T = BN_CTX_get(ctx); + if (T == NULL) goto err; if (in == NULL) R=BN_new(); @@ -168,34 +227,166 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) R=in; if (R == NULL) goto err; - BN_zero(X); - BN_one(Y); - if (BN_copy(A,a) == NULL) goto err; - if (BN_copy(B,n) == NULL) goto err; - sign=1; + BN_one(X); + BN_zero(Y); + if (BN_copy(B,a) == NULL) goto err; + if (BN_copy(A,n) == NULL) goto err; + A->neg = 0; + if (B->neg || (BN_ucmp(B, A) >= 0)) + { + if (!BN_nnmod(B, B, A, ctx)) goto err; + } + sign = -1; + /* From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * sign*X*a == B (mod |n|), + * -sign*Y*a == A (mod |n|). + */ while (!BN_is_zero(B)) { - if (!BN_div(D,M,A,B,ctx)) goto err; - T=A; + BIGNUM *tmp; + + /* + * 0 < B < A, + * (*) sign*X*a == B (mod |n|), + * -sign*Y*a == A (mod |n|) + */ + + /* (D, M) := (A/B, A%B) ... */ + if (BN_num_bits(A) == BN_num_bits(B)) + { + if (!BN_one(D)) goto err; + if (!BN_sub(M,A,B)) goto err; + } + else if (BN_num_bits(A) == BN_num_bits(B) + 1) + { + /* A/B is 1, 2, or 3 */ + if (!BN_lshift1(T,B)) goto err; + if (BN_ucmp(A,T) < 0) + { + /* A < 2*B, so D=1 */ + if (!BN_one(D)) goto err; + if (!BN_sub(M,A,B)) goto err; + } + else + { + /* A >= 2*B, so D=2 or D=3 */ + if (!BN_sub(M,A,T)) goto err; + if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ + if (BN_ucmp(A,D) < 0) + { + /* A < 3*B, so D=2 */ + if (!BN_set_word(D,2)) goto err; + /* M (= A - 2*B) already has the correct value */ + } + else + { + /* only D=3 remains */ + if (!BN_set_word(D,3)) goto err; + /* currently M = A - 2*B, but we need M = A - 3*B */ + if (!BN_sub(M,M,B)) goto err; + } + } + } + else + { + if (!BN_div(D,M,A,B,ctx)) goto err; + } + + /* Now + * A = D*B + M; + * thus we have + * (**) -sign*Y*a == D*B + M (mod |n|). + */ + + tmp=A; /* keep the BIGNUM object, the value does not matter */ + + /* (A, B) := (B, A mod B) ... */ A=B; B=M; - /* T has a struct, M does not */ + /* ... so we have 0 <= B < A again */ + + /* Since the former M is now B and the former B is now A, + * (**) translates into + * -sign*Y*a == D*A + B (mod |n|), + * i.e. + * -sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * sign*X*a == A (mod |n|). + * + * Thus, + * -sign*Y*a - D*sign*X*a == B (mod |n|), + * i.e. + * -sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * sign*X*a == B (mod |n|), + * -sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ - if (!BN_mul(T,D,X,ctx)) goto err; - if (!BN_add(T,T,Y)) goto err; - M=Y; + /* most of the time D is very small, so we can optimize tmp := D*X+Y */ + if (BN_is_one(D)) + { + if (!BN_add(tmp,X,Y)) goto err; + } + else + { + if (BN_is_word(D,2)) + { + if (!BN_lshift1(tmp,X)) goto err; + } + else if (BN_is_word(D,4)) + { + if (!BN_lshift(tmp,X,2)) goto err; + } + else if (D->top == 1) + { + if (!BN_copy(tmp,X)) goto err; + if (!BN_mul_word(tmp,D->d[0])) goto err; + } + else + { + if (!BN_mul(tmp,D,X,ctx)) goto err; + } + if (!BN_add(tmp,tmp,Y)) goto err; + } + + M=Y; /* keep the BIGNUM object, the value does not matter */ Y=X; - X=T; - sign= -sign; + X=tmp; + sign = -sign; } + + /* + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * -sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + if (sign < 0) { if (!BN_sub(Y,n,Y)) goto err; } + /* Now Y*a == A (mod |n|). */ + if (BN_is_one(A)) - { if (!BN_mod(R,Y,n,ctx)) goto err; } + { + /* Y*a == 1 (mod |n|) */ + if (BN_ucmp(Y,n) < 0) + { + if (!BN_copy(R,Y)) goto err; + } + else + { + if (!BN_nnmod(R,Y,n,ctx)) goto err; + } + } else { BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); @@ -207,4 +398,3 @@ err: BN_CTX_end(ctx); return(ret); } - diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c new file mode 100644 index 000000000..49f75594a --- /dev/null +++ b/crypto/bn/bn_kron.c @@ -0,0 +1,182 @@ +/* crypto/bn/bn_kron.c */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "bn_lcl.h" + + +/* least significant word */ +#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) + +/* Returns -2 for errors because both -1 and 0 are valid results. */ +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + int i; + int ret = -2; /* avoid 'uninitialized' warning */ + int err = 0; + BIGNUM *A, *B, *tmp; + /* In 'tab', only odd-indexed entries are relevant: + * For any odd BIGNUM n, + * tab[BN_lsw(n) & 7] + * is $(-1)^{(n^2-1)/8}$ (using TeX notation). + * Note that the sign of n does not matter. + */ + static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + if (B == NULL) goto end; + + err = !BN_copy(A, a); + if (err) goto end; + err = !BN_copy(B, b); + if (err) goto end; + + /* + * Kronecker symbol, imlemented according to Henri Cohen, + * "A Course in Computational Algebraic Number Theory" + * (algorithm 1.4.10). + */ + + /* Cohen's step 1: */ + + if (BN_is_zero(B)) + { + ret = BN_abs_is_word(A, 1); + goto end; + } + + /* Cohen's step 2: */ + + if (!BN_is_odd(A) && !BN_is_odd(B)) + { + ret = 0; + goto end; + } + + /* now B is non-zero */ + i = 0; + while (!BN_is_bit_set(B, i)) + i++; + err = !BN_rshift(B, B, i); + if (err) goto end; + if (i & 1) + { + /* i is odd */ + /* (thus B was even, thus A must be odd!) */ + + /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ + ret = tab[BN_lsw(A) & 7]; + } + else + { + /* i is even */ + ret = 1; + } + + if (B->neg) + { + B->neg = 0; + if (A->neg) + ret = -ret; + } + + /* now B is positive and odd, so what remains to be done is + * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ + + while (1) + { + /* Cohen's step 3: */ + + /* B is positive and odd */ + + if (BN_is_zero(A)) + { + ret = BN_is_one(B) ? ret : 0; + goto end; + } + + /* now A is non-zero */ + i = 0; + while (!BN_is_bit_set(A, i)) + i++; + err = !BN_rshift(A, A, i); + if (err) goto end; + if (i & 1) + { + /* i is odd */ + /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ + ret = ret * tab[BN_lsw(B) & 7]; + } + + /* Cohen's step 4: */ + /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ + if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) + ret = -ret; + + /* (A, B) := (B mod |A|, |A|) */ + err = !BN_nnmod(B, B, A, ctx); + if (err) goto end; + tmp = A; A = B; B = tmp; + tmp->neg = 0; + } + + end: + BN_CTX_end(ctx); + if (err) + return -2; + else + return ret; + } diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 9c959921b..39ad05631 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -398,14 +398,17 @@ extern "C" { void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); -void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a); -void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a); -int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n); -void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t); +void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); +void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a); +void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); +int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); +int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl); +void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, + int dna,int dnb,BN_ULONG *t); void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, - int tn, int n,BN_ULONG *t); -void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t); + int n,int tna,int tnb,BN_ULONG *t); +void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, BN_ULONG *t); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b6b0ce4b3..e37b85bfc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -62,6 +62,7 @@ #endif #include <assert.h> +#include <limits.h> #include <stdio.h> #include "cryptlib.h" #include "bn_lcl.h" @@ -304,166 +305,168 @@ BIGNUM *BN_new(void) return(ret); } -/* This is an internal function that should not be used in applications. - * It ensures that 'b' has enough room for a 'words' word number number. - * It is mostly used by the various BIGNUM routines. If there is an error, - * NULL is returned. If not, 'b' is returned. */ - -BIGNUM *bn_expand2(BIGNUM *b, int words) +/* This is used both by bn_expand2() and bn_dup_expand() */ +/* The caller MUST check that words > b->dmax before calling this */ +static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) { - BN_ULONG *A,*a; + BN_ULONG *A,*a = NULL; const BN_ULONG *B; int i; - bn_check_top(b); + if (words > (INT_MAX/(4*BN_BITS2))) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); + return NULL; + } - if (words > b->dmax) + bn_check_top(b); + if (BN_get_flags(b,BN_FLG_STATIC_DATA)) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); + return(NULL); + } + a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); + if (A == NULL) { - bn_check_top(b); - if (BN_get_flags(b,BN_FLG_STATIC_DATA)) + BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); + return(NULL); + } +#if 1 + B=b->d; + /* Check if the previous number needs to be copied */ + if (B != NULL) + { + for (i=b->top>>2; i>0; i--,A+=4,B+=4) { - BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return(NULL); + /* + * The fact that the loop is unrolled + * 4-wise is a tribute to Intel. It's + * the one that doesn't have enough + * registers to accomodate more data. + * I'd unroll it 8-wise otherwise:-) + * + * <appro@fy.chalmers.se> + */ + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } - a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); - if (A == NULL) + switch (b->top&3) { - BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE); - return(NULL); + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 */ + ; } -#if 1 - B=b->d; - /* Check if the previous number needs to be copied */ - if (B != NULL) - { -#if 0 - /* This lot is an unrolled loop to copy b->top - * BN_ULONGs from B to A - */ -/* - * I have nothing against unrolling but it's usually done for - * several reasons, namely: - * - minimize percentage of decision making code, i.e. branches; - * - avoid cache trashing; - * - make it possible to schedule loads earlier; - * Now let's examine the code below. The cornerstone of C is - * "programmer is always right" and that's what we love it for:-) - * For this very reason C compilers have to be paranoid when it - * comes to data aliasing and assume the worst. Yeah, but what - * does it mean in real life? This means that loop body below will - * be compiled to sequence of loads immediately followed by stores - * as compiler assumes the worst, something in A==B+1 style. As a - * result CPU pipeline is going to starve for incoming data. Secondly - * if A and B happen to share same cache line such code is going to - * cause severe cache trashing. Both factors have severe impact on - * performance of modern CPUs and this is the reason why this - * particular piece of code is #ifdefed away and replaced by more - * "friendly" version found in #else section below. This comment - * also applies to BN_copy function. - * - * <appro@fy.chalmers.se> - */ - for (i=b->top&(~7); i>0; i-=8) - { - A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3]; - A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7]; - A+=8; - B+=8; - } - switch (b->top&7) - { - case 7: - A[6]=B[6]; - case 6: - A[5]=B[5]; - case 5: - A[4]=B[4]; - case 4: - A[3]=B[3]; - case 3: - A[2]=B[2]; - case 2: - A[1]=B[1]; - case 1: - A[0]=B[0]; - case 0: - /* I need the 'case 0' entry for utrix cc. - * If the optimizer is turned on, it does the - * switch table by doing - * a=top&7 - * a--; - * goto jump_table[a]; - * If top is 0, this makes us jump to 0xffffffc - * which is rather bad :-(. - * eric 23-Apr-1998 - */ - ; - } + } + + /* Now need to zero any data between b->top and b->max */ + /* XXX Why? */ + + A= &(a[b->top]); + for (i=(words - b->top)>>3; i>0; i--,A+=8) + { + A[0]=0; A[1]=0; A[2]=0; A[3]=0; + A[4]=0; A[5]=0; A[6]=0; A[7]=0; + } + for (i=(words - b->top)&7; i>0; i--,A++) + A[0]=0; #else - for (i=b->top>>2; i>0; i--,A+=4,B+=4) + memset(A,0,sizeof(BN_ULONG)*(words+1)); + memcpy(A,b->d,sizeof(b->d[0])*b->top); +#endif + + return(a); + } + +/* This is an internal function that can be used instead of bn_expand2() + * when there is a need to copy BIGNUMs instead of only expanding the + * data part, while still expanding them. + * Especially useful when needing to expand BIGNUMs that are declared + * 'const' and should therefore not be changed. + * The reason to use this instead of a BN_dup() followed by a bn_expand2() + * is memory allocation overhead. A BN_dup() followed by a bn_expand2() + * will allocate new memory for the BIGNUM data twice, and free it once, + * while bn_dup_expand() makes sure allocation is made only once. + */ + +BIGNUM *bn_dup_expand(const BIGNUM *b, int words) + { + BIGNUM *r = NULL; + + if (words > b->dmax) + { + BN_ULONG *a = bn_expand_internal(b, words); + + if (a) + { + r = BN_new(); + if (r) { - /* - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough - * registers to accomodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * <appro@fy.chalmers.se> - */ - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + r->top = b->top; + r->dmax = words; + r->neg = b->neg; + r->d = a; } - switch (b->top&3) + else { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see above */ + /* r == NULL, BN_new failure */ + OPENSSL_free(a); } -#endif - OPENSSL_free(b->d); } + /* If a == NULL, there was an error in allocation in + bn_expand_internal(), and NULL should be returned */ + } + else + { + r = BN_dup(b); + } + + return r; + } - b->d=a; - b->dmax=words; +/* This is an internal function that should not be used in applications. + * It ensures that 'b' has enough room for a 'words' word number number. + * It is mostly used by the various BIGNUM routines. If there is an error, + * NULL is returned. If not, 'b' is returned. */ - /* Now need to zero any data between b->top and b->max */ +BIGNUM *bn_expand2(BIGNUM *b, int words) + { + if (words > b->dmax) + { + BN_ULONG *a = bn_expand_internal(b, words); - A= &(b->d[b->top]); - for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) + if (a) { - A[0]=0; A[1]=0; A[2]=0; A[3]=0; - A[4]=0; A[5]=0; A[6]=0; A[7]=0; - } - for (i=(b->dmax - b->top)&7; i>0; i--,A++) - A[0]=0; -#else - memset(A,0,sizeof(BN_ULONG)*(words+1)); - memcpy(A,b->d,sizeof(b->d[0])*b->top); + if (b->d) + OPENSSL_free(b->d); b->d=a; - b->max=words; -#endif - -/* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */ -/* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */ - + b->dmax=words; + } + else + b = NULL; } - return(b); + return b; } BIGNUM *BN_dup(const BIGNUM *a) { - BIGNUM *r; + BIGNUM *r, *t; if (a == NULL) return NULL; bn_check_top(a); - r=BN_new(); - if (r == NULL) return(NULL); - return((BIGNUM *)BN_copy(r,a)); + t = BN_new(); + if (t == NULL) return(NULL); + r = BN_copy(t, a); + /* now r == t || r == NULL */ + if (r == NULL) + BN_free(t); + return r; } BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) @@ -491,7 +494,7 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */ + case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ } #else memcpy(a->d,b->d,sizeof(b->d[0])*b->top); @@ -505,6 +508,35 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) return(a); } +void BN_swap(BIGNUM *a, BIGNUM *b) + { + int flags_old_a, flags_old_b; + BN_ULONG *tmp_d; + int tmp_top, tmp_dmax, tmp_neg; + + flags_old_a = a->flags; + flags_old_b = b->flags; + + tmp_d = a->d; + tmp_top = a->top; + tmp_dmax = a->dmax; + tmp_neg = a->neg; + + a->d = b->d; + a->top = b->top; + a->dmax = b->dmax; + a->neg = b->neg; + + b->d = tmp_d; + b->top = tmp_top; + b->dmax = tmp_dmax; + b->neg = tmp_neg; + + a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); + b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + } + + void BN_clear(BIGNUM *a) { if (a->d != NULL) @@ -513,7 +545,7 @@ void BN_clear(BIGNUM *a) a->neg=0; } -BN_ULONG BN_get_word(BIGNUM *a) +BN_ULONG BN_get_word(const BIGNUM *a) { int i,n; BN_ULONG ret=0; @@ -561,7 +593,6 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) return(1); } -/* ignore negative */ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) { unsigned int i,m; @@ -582,6 +613,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) i=((n-1)/BN_BYTES)+1; m=((n-1)%(BN_BYTES)); ret->top=i; + ret->neg=0; while (n-- > 0) { l=(l<<8L)| *(s++); @@ -736,7 +768,7 @@ int BN_mask_bits(BIGNUM *a, int n) return(1); } -int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n) +int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) { int i; BN_ULONG aa,bb; @@ -753,3 +785,34 @@ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n) return(0); } +/* Here follows a specialised variants of bn_cmp_words(). It has the + property of performing the operation on arrays of different sizes. + The sizes of those arrays is expressed through cl, which is the + common length ( basicall, min(len(a),len(b)) ), and dl, which is the + delta between the two lengths, calculated as len(a)-len(b). + All lengths are the number of BN_ULONGs... */ + +int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + int n,i; + n = cl-1; + + if (dl < 0) + { + for (i=dl; i<0; i++) + { + if (b[n-i] != 0) + return -1; /* a < b */ + } + } + if (dl > 0) + { + for (i=dl; i>0; i--) + { + if (a[n+i] != 0) + return 1; /* a > b */ + } + } + return bn_cmp_words(a,b,cl); + } diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c new file mode 100644 index 000000000..92fe11684 --- /dev/null +++ b/crypto/bn/bn_mod.c @@ -0,0 +1,296 @@ +/* crypto/bn/bn_mod.c */ +/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> + * for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "cryptlib.h" +#include "bn_lcl.h" + + +#if 0 /* now just a #define */ +int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) + { + return(BN_div(NULL,rem,m,d,ctx)); + /* note that rem->neg == m->neg (unless the remainder is zero) */ + } +#endif + + +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) + { + /* like BN_mod, but returns non-negative remainder + * (i.e., 0 <= r < |d| always holds) */ + + if (!(BN_mod(r,m,d,ctx))) + return 0; + if (!r->neg) + return 1; + /* now -|d| < r < 0, so we have to set r := r + |d| */ + return (d->neg ? BN_sub : BN_add)(r, r, d); +} + + +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) + { + if (!BN_add(r, a, b)) return 0; + return BN_nnmod(r, r, m, ctx); + } + + +/* BN_mod_add variant that may be used if both a and b are non-negative + * and less than m */ +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) + { + if (!BN_add(r, a, b)) return 0; + if (BN_cmp(r, m) >= 0) + return BN_sub(r, r, m); + return 1; + } + + +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) + { + if (!BN_sub(r, a, b)) return 0; + return BN_nnmod(r, r, m, ctx); + } + + +/* BN_mod_sub variant that may be used if both a and b are non-negative + * and less than m */ +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) + { + if (!BN_sub(r, a, b)) return 0; + if (r->neg) + return BN_add(r, r, m); + return 1; + } + + +/* slow but works */ +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx) + { + BIGNUM *t; + int ret=0; + + bn_check_top(a); + bn_check_top(b); + bn_check_top(m); + + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) == NULL) goto err; + if (a == b) + { if (!BN_sqr(t,a,ctx)) goto err; } + else + { if (!BN_mul(t,a,b,ctx)) goto err; } + if (!BN_nnmod(r,t,m,ctx)) goto err; + ret=1; +err: + BN_CTX_end(ctx); + return(ret); + } + + +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) + { + if (!BN_sqr(r, a, ctx)) return 0; + /* r->neg == 0, thus we don't need BN_nnmod */ + return BN_mod(r, r, m, ctx); + } + + +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) + { + if (!BN_lshift1(r, a)) return 0; + return BN_nnmod(r, r, m, ctx); + } + + +/* BN_mod_lshift1 variant that may be used if a is non-negative + * and less than m */ +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) + { + if (!BN_lshift1(r, a)) return 0; + if (BN_cmp(r, m) >= 0) + return BN_sub(r, r, m); + return 1; + } + + +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) + { + BIGNUM *abs_m = NULL; + int ret; + + if (!BN_nnmod(r, a, m, ctx)) return 0; + + if (m->neg) + { + abs_m = BN_dup(m); + if (abs_m == NULL) return 0; + abs_m->neg = 0; + } + + ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + + if (abs_m) + BN_free(abs_m); + return ret; + } + + +/* BN_mod_lshift variant that may be used if a is non-negative + * and less than m */ +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) + { + if (r != a) + { + if (BN_copy(r, a) == NULL) return 0; + } + + while (n > 0) + { + int max_shift; + + /* 0 < r < m */ + max_shift = BN_num_bits(m) - BN_num_bits(r); + /* max_shift >= 0 */ + + if (max_shift < 0) + { + BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); + return 0; + } + + if (max_shift > n) + max_shift = n; + + if (max_shift) + { + if (!BN_lshift(r, r, max_shift)) return 0; + n -= max_shift; + } + else + { + if (!BN_lshift1(r, r)) return 0; + --n; + } + + /* BN_num_bits(r) <= BN_num_bits(m) */ + + if (BN_cmp(r, m) >= 0) + { + if (!BN_sub(r, r, m)) return 0; + } + } + + return 1; + } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 8cf1febac..7f8296c89 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -69,20 +69,17 @@ #define MONT_WORD /* use the faster word-based algorithm */ -int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { - BIGNUM *tmp,*tmp2; + BIGNUM *tmp; int ret=0; BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - if (tmp == NULL || tmp2 == NULL) goto err; + if (tmp == NULL) goto err; bn_check_top(tmp); - bn_check_top(tmp2); - if (a == b) { if (!BN_sqr(tmp,a,ctx)) goto err; @@ -99,7 +96,7 @@ err: return(ret); } -int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, +int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { int retn=0; @@ -144,7 +141,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, n0=mont->n0; #ifdef BN_COUNT - printf("word BN_from_montgomery %d * %d\n",nl,nl); + fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); #endif for (i=0; i<nl; i++) { diff --git a/crypto/bn/bn_mont2.c b/crypto/bn/bn_mont2.c new file mode 100644 index 000000000..367eb09c5 --- /dev/null +++ b/crypto/bn/bn_mont2.c @@ -0,0 +1,349 @@ +/* + * + * bn_mont2.c + * + * Montgomery Modular Arithmetic Functions. + * + * Copyright (C) Lenka Fibikova 2000 + * + * + */ + + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> + +#include "bn_lcl.h" +#include "bn_mont2.h" + +#define BN_mask_word(x, m) ((x->d[0]) & (m)) + +BN_MONTGOMERY *BN_mont_new() + { + BN_MONTGOMERY *ret; + + ret=(BN_MONTGOMERY *)malloc(sizeof(BN_MONTGOMERY)); + + if (ret == NULL) return NULL; + + if ((ret->p = BN_new()) == NULL) + { + free(ret); + return NULL; + } + + return ret; + } + + +void BN_mont_clear_free(BN_MONTGOMERY *mont) + { + if (mont == NULL) return; + + if (mont->p != NULL) BN_clear_free(mont->p); + + mont->p_num_bytes = 0; + mont->R_num_bits = 0; + mont->p_inv_b_neg = 0; + } + + +int BN_to_mont(BIGNUM *x, BN_MONTGOMERY *mont, BN_CTX *ctx) + { + assert(x != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (!BN_lshift(x, x, mont->R_num_bits)) return 0; + if (!BN_mod(x, x, mont->p, ctx)) return 0; + + return 1; + } + + +static BN_ULONG BN_mont_inv(BIGNUM *a, int e, BN_CTX *ctx) +/* y = a^{-1} (mod 2^e) for an odd number a */ + { + BN_ULONG y, exp, mask; + BIGNUM *x, *xy, *x_sh; + int i; + + assert(a != NULL && ctx != NULL); + assert(e <= BN_BITS2); + assert(BN_is_odd(a)); + assert(!BN_is_zero(a) && !a->neg); + + + y = 1; + exp = 2; + mask = 3; + if((x = BN_dup(a)) == NULL) return 0; + if(!BN_mask_bits(x, e)) return 0; + + BN_CTX_start(ctx); + xy = BN_CTX_get(ctx); + x_sh = BN_CTX_get(ctx); + if (x_sh == NULL) goto err; + + if (BN_copy(xy, x) == NULL) goto err; + if (!BN_lshift1(x_sh, x)) goto err; + + + for (i = 2; i <= e; i++) + { + if (exp < BN_mask_word(xy, mask)) + { + y = y + exp; + if (!BN_add(xy, xy, x_sh)) goto err; + } + + exp <<= 1; + if (!BN_lshift1(x_sh, x_sh)) goto err; + mask <<= 1; + mask++; + } + + +#ifdef TEST + if (xy->d[0] != 1) goto err; +#endif + + if (x != NULL) BN_clear_free(x); + BN_CTX_end(ctx); + return y; + + +err: + if (x != NULL) BN_clear_free(x); + BN_CTX_end(ctx); + return 0; + } + + +int BN_mont_set(BIGNUM *p, BN_MONTGOMERY *mont, BN_CTX *ctx) + { + assert(p != NULL && ctx != NULL); + assert(mont != NULL); + assert(mont->p != NULL); + assert(!BN_is_zero(p) && !p->neg); + + + mont->p_num_bytes = p->top; + mont->R_num_bits = (mont->p_num_bytes) * BN_BITS2; + + if (BN_copy(mont->p, p) == NULL); + + mont->p_inv_b_neg = BN_mont_inv(p, BN_BITS2, ctx); + mont->p_inv_b_neg = 0 - mont->p_inv_b_neg; + + return 1; + } + + +#ifdef BN_LLONG +#define cpy_mul_add(r, b, a, w, c) { \ + BN_ULLONG t; \ + t = (BN_ULLONG)w * (a) + (b) + (c); \ + (r)= Lw(t); \ + (c)= Hw(t); \ + } + +BN_ULONG BN_mul_add_rshift(BN_ULONG *r, BN_ULONG *a, int num, BN_ULONG w) +/* r = (r + a * w) >> BN_BITS2 */ + { + BN_ULONG c = 0; + + mul_add(r[0], a[0], w, c); + if (--num == 0) return c; + a++; + + for (;;) + { + cpy_mul_add(r[0], r[1], a[0], w, c); + if (--num == 0) break; + cpy_mul_add(r[1], r[2], a[1], w, c); + if (--num == 0) break; + cpy_mul_add(r[2], r[3], a[2], w, c); + if (--num == 0) break; + cpy_mul_add(r[3], r[4], a[3], w, c); + if (--num == 0) break; + a += 4; + r += 4; + } + + return c; + } +#else + +#define cpy_mul_add(r, b, a, bl, bh, c) { \ + BN_ULONG l,h; \ + \ + h=(a); \ + l=LBITS(h); \ + h=HBITS(h); \ + mul64(l,h,(bl),(bh)); \ + \ + /* non-multiply part */ \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=(b); \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=h&BN_MASK2; \ + (r)=l; \ + } + +static BN_ULONG BN_mul_add_rshift(BN_ULONG *r, BN_ULONG *a, int num, BN_ULONG w) +/* ret = (ret + a * w) << shift * BN_BITS2 */ + { + BN_ULONG c = 0; + BN_ULONG bl, bh; + + bl = LBITS(w); + bh = HBITS(w); + + mul_add(r[0], a[0], bl, bh, c); + if (--num == 0) return c; + a++; + + for (;;) + { + cpy_mul_add(r[0], r[1], a[0], bl, bh, c); + if (--num == 0) break; + cpy_mul_add(r[1], r[2], a[1], bl, bh, c); + if (--num == 0) break; + cpy_mul_add(r[2], r[3], a[2], bl, bh, c); + if (--num == 0) break; + cpy_mul_add(r[3], r[4], a[3], bl, bh, c); + if (--num == 0) break; + a += 4; + r += 4; + } + return c; + } +#endif /* BN_LLONG */ + + + +int BN_mont_red(BIGNUM *y, BN_MONTGOMERY *mont) +/* yR^{-1} (mod p) */ + { + BIGNUM *p; + BN_ULONG c; + int i, max; + + assert(y != NULL && mont != NULL); + assert(mont->p != NULL); + assert(BN_cmp(y, mont->p) < 0); + assert(!y->neg); + + + if (BN_is_zero(y)) return 1; + + p = mont->p; + max = mont->p_num_bytes; + + if (bn_wexpand(y, max) == NULL) return 0; + for (i = y->top; i < max; i++) y->d[i] = 0; + y->top = max; + + /* r = [r + (y_0 * p') * p] / b */ + for (i = 0; i < max; i++) + { + c = BN_mul_add_rshift(y->d, p->d, max, ((y->d[0]) * mont->p_inv_b_neg) & BN_MASK2); + y->d[max - 1] = c; + } + + while (y->d[y->top - 1] == 0) y->top--; + + if (BN_cmp(y, p) >= 0) + { + if (!BN_sub(y, y, p)) return 0; + } + + return 1; + } + + +int BN_mont_mod_mul(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_MONTGOMERY *mont) +/* r = x * y mod p */ +/* r != x && r! = y !!! */ + { + BN_ULONG c; + BIGNUM *p; + int i, j, max; + + assert(r != x && r != y); + assert(r != NULL && x != NULL && y != NULL && mont != NULL); + assert(mont->p != NULL); + assert(BN_cmp(x, mont->p) < 0); + assert(BN_cmp(y, mont->p) < 0); + assert(!x->neg); + assert(!y->neg); + + if (BN_is_zero(x) || BN_is_zero(y)) + { + if (!BN_zero(r)) return 0; + return 1; + } + + p = mont->p; + max = mont->p_num_bytes; + + /* for multiplication we need at most max + 2 words + the last one --- max + 3 --- is only as a backstop + for incorrect input + */ + if (bn_wexpand(r, max + 3) == NULL) return 0; + for (i = 0; i < max + 3; i++) r->d[i] = 0; + r->top = max + 2; + + for (i = 0; i < x->top; i++) + { + /* r = r + (r_0 + x_i * y_0) * p' * p */ + c = bn_mul_add_words(r->d, p->d, max, \ + ((r->d[0] + x->d[i] * y->d[0]) * mont->p_inv_b_neg) & BN_MASK2); + if (c) + { + if (((r->d[max] += c) & BN_MASK2) < c) + if (((r->d[max + 1] ++) & BN_MASK2) == 0) return 0; + } + + /* r = (r + x_i * y) / b */ + c = BN_mul_add_rshift(r->d, y->d, y->top, x->d[i]); + for(j = y->top; j <= max + 1; j++) r->d[j - 1] = r->d[j]; + if (c) + { + if (((r->d[y->top - 1] += c) & BN_MASK2) < c) + { + j = y->top; + while (((++ (r->d[j]) ) & BN_MASK2) == 0) + j++; + if (j > max) return 0; + } + } + r->d[max + 1] = 0; + } + + for (i = x->top; i < max; i++) + { + /* r = (r + r_0 * p' * p) / b */ + c = BN_mul_add_rshift(r->d, p->d, max, ((r->d[0]) * mont->p_inv_b_neg) & BN_MASK2); + j = max - 1; + r->d[j] = c + r->d[max]; + if (r->d[j++] < c) r->d[j] = r->d[++j] + 1; + else r->d[j] = r->d[++j]; + r->d[max + 1] = 0; + } + + while (r->d[r->top - 1] == 0) r->top--; + + if (BN_cmp(r, mont->p) >= 0) + { + if (!BN_sub(r, r, mont->p)) return 0; + } + + return 1; + } diff --git a/crypto/bn/bn_mont2.h b/crypto/bn/bn_mont2.h new file mode 100644 index 000000000..cb42d67ad --- /dev/null +++ b/crypto/bn/bn_mont2.h @@ -0,0 +1,36 @@ +/* + * + * bn_mont2.h + * + * Montgomery Modular Arithmetic Functions. + * + * Copyright (C) Lenka Fibikova 2000 + * + * + */ + +#ifndef HEADER_MONT2_H +#define HEADER_MONT2_H + +#define MONTGOMERY + +#include <openssl/bn.h> + +typedef struct bn_mont_st{ + int R_num_bits; + int p_num_bytes; + BIGNUM *p; + BN_ULONG p_inv_b_neg; /* p' = p^{-1} mod b; b = 2^BN_BITS */ +} BN_MONTGOMERY; + +#define BN_from_mont(x, mont) (BN_mont_red((x), (mont))) + + +BN_MONTGOMERY *BN_mont_new(); +int BN_to_mont(BIGNUM *x, BN_MONTGOMERY *mont, BN_CTX *ctx); +void BN_mont_clear_free(BN_MONTGOMERY *mont); +int BN_mont_set(BIGNUM *p, BN_MONTGOMERY *mont, BN_CTX *ctx); +int BN_mont_red(BIGNUM *y, BN_MONTGOMERY *mont); +int BN_mont_mod_mul(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_MONTGOMERY *mont); + +#endif diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 80e1dca6b..05fa9d1e9 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -88,7 +88,7 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) return(num+4+ext); } -BIGNUM *BN_mpi2bn(unsigned char *d, int n, BIGNUM *a) +BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { long len; int neg=0; diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 3e8d8b956..eb5d52561 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -56,10 +56,323 @@ * [including the GNU Public Licence.] */ +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + #include <stdio.h> +#include <assert.h> #include "cryptlib.h" #include "bn_lcl.h" +/* Here follows specialised variants of bn_add_words() and + bn_sub_words(). They have the property performing operations on + arrays of different sizes. The sizes of those arrays is expressed through + cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, + which is the delta between the two lengths, calculated as len(a)-len(b). + All lengths are the number of BN_ULONGs... For the operations that require + a result array as parameter, it must have the length cl+abs(dl). + These functions should probably end up in bn_asm.c as soon as there are + assembler counterparts for the systems that use assembler files. */ + +BN_ULONG bn_sub_part_words(BN_ULONG *r, + const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + BN_ULONG c, t; + + assert(cl >= 0); + c = bn_sub_words(r, a, b, cl); + + if (dl == 0) + return c; + + r += cl; + a += cl; + b += cl; + + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); +#endif + for (;;) + { + t = b[0]; + r[0] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[1]; + r[1] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[2]; + r[2] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[3]; + r[3] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + b += 4; + r += 4; + } + } + else + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); +#endif + while(c) + { + t = a[0]; + r[0] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[1]; + r[1] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[2]; + r[2] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[3]; + r[3] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + save_dl = dl; + a += 4; + r += 4; + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); +#endif + if (save_dl > dl) + { + switch (save_dl - dl) + { + case 1: + r[1] = a[1]; + if (--dl <= 0) break; + case 2: + r[2] = a[2]; + if (--dl <= 0) break; + case 3: + r[3] = a[3]; + if (--dl <= 0) break; + } + a += 4; + r += 4; + } + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = a[0]; + if (--dl <= 0) break; + r[1] = a[1]; + if (--dl <= 0) break; + r[2] = a[2]; + if (--dl <= 0) break; + r[3] = a[3]; + if (--dl <= 0) break; + + a += 4; + r += 4; + } + } + } + return c; + } + +BN_ULONG bn_add_part_words(BN_ULONG *r, + const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + BN_ULONG c, l, t; + + assert(cl >= 0); + c = bn_add_words(r, a, b, cl); + + if (dl == 0) + return c; + + r += cl; + a += cl; + b += cl; + + if (dl < 0) + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); +#endif + while (c) + { + l=(c+b[0])&BN_MASK2; + c=(l < c); + r[0]=l; + if (++dl >= 0) break; + + l=(c+b[1])&BN_MASK2; + c=(l < c); + r[1]=l; + if (++dl >= 0) break; + + l=(c+b[2])&BN_MASK2; + c=(l < c); + r[2]=l; + if (++dl >= 0) break; + + l=(c+b[3])&BN_MASK2; + c=(l < c); + r[3]=l; + if (++dl >= 0) break; + + save_dl = dl; + b+=4; + r+=4; + } + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); +#endif + if (save_dl < dl) + { + switch (dl - save_dl) + { + case 1: + r[1] = b[1]; + if (++dl >= 0) break; + case 2: + r[2] = b[2]; + if (++dl >= 0) break; + case 3: + r[3] = b[3]; + if (++dl >= 0) break; + } + b += 4; + r += 4; + } + } + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = b[0]; + if (++dl >= 0) break; + r[1] = b[1]; + if (++dl >= 0) break; + r[2] = b[2]; + if (++dl >= 0) break; + r[3] = b[3]; + if (++dl >= 0) break; + + b += 4; + r += 4; + } + } + } + else + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); +#endif + while (c) + { + t=(a[0]+c)&BN_MASK2; + c=(t < c); + r[0]=t; + if (--dl <= 0) break; + + t=(a[1]+c)&BN_MASK2; + c=(t < c); + r[1]=t; + if (--dl <= 0) break; + + t=(a[2]+c)&BN_MASK2; + c=(t < c); + r[2]=t; + if (--dl <= 0) break; + + t=(a[3]+c)&BN_MASK2; + c=(t < c); + r[3]=t; + if (--dl <= 0) break; + + save_dl = dl; + a+=4; + r+=4; + } +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); +#endif + if (dl > 0) + { + if (save_dl > dl) + { + switch (save_dl - dl) + { + case 1: + r[1] = a[1]; + if (--dl <= 0) break; + case 2: + r[2] = a[2]; + if (--dl <= 0) break; + case 3: + r[3] = a[3]; + if (--dl <= 0) break; + } + a += 4; + r += 4; + } + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = a[0]; + if (--dl <= 0) break; + r[1] = a[1]; + if (--dl <= 0) break; + r[2] = a[2]; + if (--dl <= 0) break; + r[3] = a[3]; + if (--dl <= 0) break; + + a += 4; + r += 4; + } + } + } + return c; + } + #ifdef BN_RECURSION /* Karatsuba recursive multiplication algorithm * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ @@ -75,14 +388,15 @@ * a[1]*b[1] */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) + int dna, int dnb, BN_ULONG *t) { int n=n2/2,c1,c2; + int tna=n+dna, tnb=n+dnb; unsigned int neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - printf(" bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); # endif # ifdef BN_MUL_COMBA # if 0 @@ -105,21 +419,21 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); + c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); + c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: zero=1; break; case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ neg=1; break; case -1: @@ -128,16 +442,16 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, zero=1; break; case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ neg=1; break; case 3: zero=1; break; case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); break; } @@ -167,11 +481,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, { p= &(t[n2*2]); if (!zero) - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); else memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_mul_recursive(r,a,b,n,p); - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p); + bn_mul_recursive(r,a,b,n,0,0,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); } /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign @@ -220,39 +534,39 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* n+tn is the word length * t needs to be n*4 is size, as does r */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, - int n, BN_ULONG *t) +void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; unsigned int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); + fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", + tna, n, tnb, n); # endif if (n < 8) { - i=tn+n; - bn_mul_normal(r,a,i,b,i); + bn_mul_normal(r,a,n+tna,b,n+tnb); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); + c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); + c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: zero=1; /* break; */ case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ neg=1; break; case -1: @@ -261,16 +575,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, zero=1; /* break; */ case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ neg=1; break; case 3: zero=1; /* break; */ case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); break; } /* The zero case isn't yet implemented here. The speedup @@ -289,54 +603,59 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, { bn_mul_comba8(&(t[n2]),t,&(t[n])); bn_mul_comba8(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); + bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); + memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); } else { p= &(t[n2*2]); - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); - bn_mul_recursive(r,a,b,n,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); + bn_mul_recursive(r,a,b,n,0,0,p); i=n/2; /* If there is only a bottom half to the number, * just do it */ - j=tn-i; + if (tna > tnb) + j = tna - i; + else + j = tnb - i; if (j == 0) { - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), + i,tna-i,tnb-i,p); memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); } else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ { bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), - j,i,p); - memset(&(r[n2+tn*2]),0, - sizeof(BN_ULONG)*(n2-tn*2)); + i,tna-i,tnb-i,p); + memset(&(r[n2+tna+tnb]),0, + sizeof(BN_ULONG)*(n2-tna-tnb)); } else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ { memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); - if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL) + if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL + && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); + bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); } else { for (;;) { i/=2; - if (i < tn) + if (i < tna && i < tnb) { bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), - tn-i,i,p); + i,tna-i,tnb-i,p); break; } - else if (i == tn) + else if (i <= tna && i <= tnb) { bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), - i,p); + i,tna-i,tnb-i,p); break; } } @@ -397,10 +716,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int n=n2/2; # ifdef BN_COUNT - printf(" bn_mul_low_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); # endif - bn_mul_recursive(r,a,b,n,&(t[0])); + bn_mul_recursive(r,a,b,n,0,0,&(t[0])); if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); @@ -431,7 +750,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, BN_ULONG ll,lc,*lp,*mp; # ifdef BN_COUNT - printf(" bn_mul_high %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); # endif n=n2/2; @@ -484,8 +803,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, else # endif { - bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); - bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); + bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); + bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); } /* s0 == low(al*bl) @@ -608,11 +927,11 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, } #endif /* BN_RECURSION */ -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { + int ret=0; int top,al,bl; BIGNUM *rr; - int ret = 0; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) int i; #endif @@ -622,7 +941,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) #endif #ifdef BN_COUNT - printf("BN_mul %d * %d\n",a->top,b->top); + fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); #endif bn_check_top(a); @@ -675,17 +994,55 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) #ifdef BN_RECURSION if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { + if (i >= -1 && i <= 1) + { + int sav_j =0; + /* Find out the power of two lower or equal + to the longest of the two numbers */ + if (i >= 0) + { + j = BN_num_bits_word((BN_ULONG)al); + } + if (i == -1) + { + j = BN_num_bits_word((BN_ULONG)bl); + } + sav_j = j; + j = 1<<(j-1); + assert(j <= al || j <= bl); + k = j+j; + t = BN_CTX_get(ctx); + if (al > j || bl > j) + { + bn_wexpand(t,k*4); + bn_wexpand(rr,k*4); + bn_mul_part_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + else /* al <= j || bl <= j */ + { + bn_wexpand(t,k*2); + bn_wexpand(rr,k*2); + bn_mul_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + rr->top=top; + goto end; + } +#if 0 if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) { - bn_wexpand(b,al); - b->d[bl]=0; + BIGNUM *tmp_bn = (BIGNUM *)b; + bn_wexpand(tmp_bn,al); + tmp_bn->d[bl]=0; bl++; i--; } else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) { - bn_wexpand(a,bl); - a->d[al]=0; + BIGNUM *tmp_bn = (BIGNUM *)a; + bn_wexpand(tmp_bn,bl); + tmp_bn->d[al]=0; al++; i++; } @@ -705,19 +1062,14 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) } else { - bn_wexpand(a,k); - bn_wexpand(b,k); bn_wexpand(t,k*4); bn_wexpand(rr,k*4); - for (i=a->top; i<k; i++) - a->d[i]=0; - for (i=b->top; i<k; i++) - b->d[i]=0; bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); } rr->top=top; goto end; } +#endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr,top) == NULL) goto err; @@ -740,7 +1092,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) BN_ULONG *rr; #ifdef BN_COUNT - printf(" bn_mul_normal %d * %d\n",na,nb); + fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); #endif if (na < nb) @@ -774,7 +1126,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { #ifdef BN_COUNT - printf(" bn_mul_low_normal %d * %d\n",n,n); + fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); #endif bn_mul_words(r,a,n,b[0]); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index a5f01b92e..b75e58c6a 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -125,12 +125,13 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); static int probable_prime(BIGNUM *rnd, int bits); static int probable_prime_dh(BIGNUM *rnd, int bits, - BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); static int probable_prime_dh_safe(BIGNUM *rnd, int bits, - BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add, - BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *), void *cb_arg) { BIGNUM *rnd=NULL; BIGNUM t; @@ -376,8 +377,8 @@ again: return(1); } -static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem, - BN_CTX *ctx) +static int probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) { int i,ret=0; BIGNUM *t1; @@ -413,8 +414,8 @@ err: return(ret); } -static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd, - BIGNUM *rem, BN_CTX *ctx) +static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, + const BIGNUM *rem, BN_CTX *ctx) { int i,ret=0; BIGNUM *t1,*qadd,*q; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 532e66bcc..d1986d72d 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -321,7 +321,7 @@ end: #endif #ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n) +void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n) { int i; fprintf(o, "%s=", a); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 21ecbc04e..bab451034 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -100,6 +100,27 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; } +#if 1 + if (pseudorand == 2) + { + /* generate patterns that are more likely to trigger BN + library bugs */ + int i; + unsigned char c; + + for (i = 0; i < bytes; i++) + { + RAND_pseudo_bytes(&c, 1); + if (c >= 128 && i > 0) + buf[i] = buf[i-1]; + else if (c < 42) + buf[i] = 0; + else if (c < 84) + buf[i] = 255; + } + } +#endif + if (top) { if (bit == 0) @@ -140,3 +161,10 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(1, rnd, bits, top, bottom); } + +#if 1 +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) + { + return bnrand(2, rnd, bits, top, bottom); + } +#endif diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index d019941d6..0700a0f06 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -100,11 +100,12 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) return(1); } -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp, - BN_CTX *ctx) +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx) { int ret=0; BIGNUM *a; + const BIGNUM *ca; BN_CTX_start(ctx); if ((a = BN_CTX_get(ctx)) == NULL) goto err; @@ -114,19 +115,20 @@ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp, { if (!BN_sqr(a,x,ctx)) goto err; } else { if (!BN_mul(a,x,y,ctx)) goto err; } + ca = a; } else - a=x; /* Just do the mod */ + ca=x; /* Just do the mod */ - BN_div_recp(NULL,r,a,recp,ctx); + BN_div_recp(NULL,r,ca,recp,ctx); ret=1; err: BN_CTX_end(ctx); return(ret); } -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp, - BN_CTX *ctx) +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx) { int i,j,ret=0; BIGNUM *a,*b,*d,*r; @@ -165,7 +167,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp, if (i != recp->shift) recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), - i,ctx); + i,ctx); /* BN_reciprocal returns i, or -1 for an error */ + if (recp->shift == -1) goto err; if (!BN_rshift(a,m,j)) goto err; if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; @@ -201,7 +204,8 @@ err: * We actually calculate with an extra word of precision, so * we can do faster division if the remainder is not required. */ -int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx) +/* r := 2^len / m */ +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) { int ret= -1; BIGNUM t; diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 088324738..70f785ea1 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include "bn_lcl.h" -int BN_lshift1(BIGNUM *r, BIGNUM *a) +int BN_lshift1(BIGNUM *r, const BIGNUM *a) { register BN_ULONG *ap,*rp,t,c; int i; @@ -92,7 +92,7 @@ int BN_lshift1(BIGNUM *r, BIGNUM *a) return(1); } -int BN_rshift1(BIGNUM *r, BIGNUM *a) +int BN_rshift1(BIGNUM *r, const BIGNUM *a) { BN_ULONG *ap,*rp,t,c; int i; @@ -128,8 +128,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG l; r->neg=a->neg; - if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0); nw=n/BN_BITS2; + if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); lb=n%BN_BITS2; rb=BN_BITS2-lb; f=a->d; @@ -153,7 +153,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) return(1); } -int BN_rshift(BIGNUM *r, BIGNUM *a, int n) +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { int i,j,nw,lb,rb; BN_ULONG *t,*f; @@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n) r->neg=a->neg; if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); } + else + { + if (n == 0) + return 1; /* or the copying loop will go berserk */ + } f= &(a->d[nw]); t=r->d; diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 75f4f3839..b75e6194d 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -62,14 +62,14 @@ /* r must not be a */ /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ -int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx) +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { int max,al; int ret = 0; BIGNUM *tmp,*rr; #ifdef BN_COUNT -printf("BN_sqr %d * %d\n",a->top,a->top); + fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); #endif bn_check_top(a); @@ -88,7 +88,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top); max=(al+al); if (bn_wexpand(rr,max+1) == NULL) goto err; - r->neg=0; if (al == 4) { #ifndef BN_SQR_COMBA @@ -124,7 +123,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top); k=j+j; if (al == j) { - if (bn_wexpand(a,k*2) == NULL) goto err; if (bn_wexpand(tmp,k*2) == NULL) goto err; bn_sqr_recursive(rr->d,a->d,al,tmp->d); } @@ -141,6 +139,7 @@ printf("BN_sqr %d * %d\n",a->top,a->top); } rr->top=max; + rr->neg=0; if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; if (rr != r) BN_copy(r,rr); ret = 1; @@ -150,10 +149,11 @@ printf("BN_sqr %d * %d\n",a->top,a->top); } /* tmp must have 2*n words */ -void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp) +void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) { int i,j,max; - BN_ULONG *ap,*rp; + const BN_ULONG *ap; + BN_ULONG *rp; max=n*2; ap=a; @@ -197,14 +197,14 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp) * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ -void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t) +void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) { int n=n2/2; int zero,c1; BN_ULONG ln,lo,*p; #ifdef BN_COUNT -printf(" bn_sqr_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); #endif if (n2 == 4) { diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c new file mode 100644 index 000000000..2a72c189c --- /dev/null +++ b/crypto/bn/bn_sqrt.c @@ -0,0 +1,308 @@ +/* crypto/bn/bn_mod.c */ +/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> + * and Bodo Moeller for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include "bn_lcl.h" + + +BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +/* Returns 'ret' such that + * ret^2 == a (mod p), + * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course + * in Algebraic Computational Number Theory", algorithm 1.5.1). + * 'p' must be prime! + */ + { + BIGNUM *ret = in; + int err = 1; + int r; + BIGNUM *b, *q, *t, *x, *y; + int e, i, j; + + if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) + { + if (BN_abs_is_word(p, 2)) + { + if (ret == NULL) + ret = BN_new(); + if (ret == NULL) + goto end; + if (!BN_set_word(ret, BN_is_bit_set(a, 0))) + { + BN_free(ret); + return NULL; + } + return ret; + } + + BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); + return(NULL); + } + +#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */ + r = BN_kronecker(a, p, ctx); + if (r < -1) return NULL; + if (r == -1) + { + BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + return(NULL); + } +#endif + + BN_CTX_start(ctx); + b = BN_CTX_get(ctx); + q = BN_CTX_get(ctx); + t = BN_CTX_get(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) goto end; + + if (ret == NULL) + ret = BN_new(); + if (ret == NULL) goto end; + + /* now write |p| - 1 as 2^e*q where q is odd */ + e = 1; + while (!BN_is_bit_set(p, e)) + e++; + if (!BN_rshift(q, p, e)) goto end; + q->neg = 0; + + if (e == 1) + { + /* The easy case: (p-1)/2 is odd, so 2 has an inverse + * modulo (p-1)/2, and square roots can be computed + * directly by modular exponentiation. + * We have + * 2 * (p+1)/4 == 1 (mod (p-1)/2), + * so we can use exponent (p+1)/4, i.e. (q+1)/2. + */ + if (!BN_add_word(q,1)) goto end; + if (!BN_rshift1(q,q)) goto end; + if (!BN_mod_exp(ret, a, q, p, ctx)) goto end; + err = 0; + goto end; + } + + /* e > 1, so we really have to use the Tonelli/Shanks algorithm. + * First, find some y that is not a square. */ + i = 2; + do + { + /* For efficiency, try small numbers first; + * if this fails, try random numbers. + */ + if (i < 22) + { + if (!BN_set_word(y, i)) goto end; + } + else + { + if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end; + if (BN_ucmp(y, p) >= 0) + { + if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end; + } + /* now 0 <= y < |p| */ + if (BN_is_zero(y)) + if (!BN_set_word(y, i)) goto end; + } + + r = BN_kronecker(y, p, ctx); + if (r < -1) goto end; + if (r == 0) + { + /* m divides p */ + BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); + goto end; + } + } + while (r == 1 && ++i < 82); + + if (r != -1) + { + /* Many rounds and still no non-square -- this is more likely + * a bug than just bad luck. + * Even if p is not prime, we should have found some y + * such that r == -1. + */ + BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); + goto end; + } + + + /* Now that we have some non-square, we can find an element + * of order 2^e by computing its q'th power. */ + if (!BN_mod_exp(y, y, q, p, ctx)) goto end; + if (BN_is_one(y)) + { + BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); + goto end; + } + + /* Now we know that (if p is indeed prime) there is an integer + * k, 0 <= k < 2^e, such that + * + * a^q * y^k == 1 (mod p). + * + * As a^q is a square and y is not, k must be even. + * q+1 is even, too, so there is an element + * + * X := a^((q+1)/2) * y^(k/2), + * + * and it satisfies + * + * X^2 = a^q * a * y^k + * = a, + * + * so it is the square root that we are looking for. + */ + + /* t := (q-1)/2 (note that q is odd) */ + if (!BN_rshift1(t, q)) goto end; + + /* x := a^((q-1)/2) */ + if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ + { + if (!BN_nnmod(t, a, p, ctx)) goto end; + if (BN_is_zero(t)) + { + /* special case: a == 0 (mod p) */ + if (!BN_zero(ret)) goto end; + err = 0; + goto end; + } + else + if (!BN_one(x)) goto end; + } + else + { + if (!BN_mod_exp(x, a, t, p, ctx)) goto end; + if (BN_is_zero(x)) + { + /* special case: a == 0 (mod p) */ + if (!BN_zero(ret)) goto end; + err = 0; + goto end; + } + } + + /* b := a*x^2 (= a^q) */ + if (!BN_mod_sqr(b, x, p, ctx)) goto end; + if (!BN_mod_mul(b, b, a, p, ctx)) goto end; + + /* x := a*x (= a^((q+1)/2)) */ + if (!BN_mod_mul(x, x, a, p, ctx)) goto end; + + while (1) + { + /* Now b is a^q * y^k for some even k (0 <= k < 2^E + * where E refers to the original value of e, which we + * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). + * + * We have a*b = x^2, + * y^2^(e-1) = -1, + * b^2^(e-1) = 1. + */ + + if (BN_is_one(b)) + { + if (!BN_copy(ret, x)) goto end; + err = 0; + goto end; + } + + + /* find smallest i such that b^(2^i) = 1 */ + i = 1; + if (!BN_mod_sqr(t, b, p, ctx)) goto end; + while (!BN_is_one(t)) + { + i++; + if (i == e) + { + BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + goto end; + } + if (!BN_mod_mul(t, t, t, p, ctx)) goto end; + } + + + /* t := y^2^(e - i - 1) */ + if (!BN_copy(t, y)) goto end; + for (j = e - i - 1; j > 0; j--) + { + if (!BN_mod_sqr(t, t, p, ctx)) goto end; + } + if (!BN_mod_mul(y, t, t, p, ctx)) goto end; + if (!BN_mod_mul(x, x, t, p, ctx)) goto end; + if (!BN_mod_mul(b, b, y, p, ctx)) goto end; + e = i; + } + + end: + if (err) + { + if (ret != NULL && ret != in) + { + BN_clear_free(ret); + } + ret = NULL; + } + BN_CTX_end(ctx); + return ret; + } diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 0a97af69c..91563dd22 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -91,6 +91,8 @@ int test_mod(BIO *bp,BN_CTX *ctx); int test_mod_mul(BIO *bp,BN_CTX *ctx); int test_mod_exp(BIO *bp,BN_CTX *ctx); int test_exp(BIO *bp,BN_CTX *ctx); +int test_kron(BIO *bp,BN_CTX *ctx); +int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; @@ -122,9 +124,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ argc--; argv++; @@ -228,6 +228,14 @@ int main(int argc, char *argv[]) if (!test_exp(out,ctx)) goto err; BIO_flush(out); + message(out,"BN_kronecker"); + if (!test_kron(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_mod_sqrt"); + if (!test_sqrt(out,ctx)) goto err; + BIO_flush(out); + BN_CTX_free(ctx); BIO_free(out); @@ -247,21 +255,17 @@ int test_add(BIO *bp) { BIGNUM a,b,c; int i; - int j; BN_init(&a); BN_init(&b); BN_init(&c); - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); for (i=0; i<num0; i++) { - BN_rand(&b,450+i,0,0); + BN_bntest_rand(&b,450+i,0,0); a.neg=rand_neg(); b.neg=rand_neg(); - if (bp == NULL) - for (j=0; j<10000; j++) - BN_add(&c,&a,&b); BN_add(&c,&a,&b); if (bp != NULL) { @@ -295,7 +299,6 @@ int test_sub(BIO *bp) { BIGNUM a,b,c; int i; - int j; BN_init(&a); BN_init(&b); @@ -305,20 +308,17 @@ int test_sub(BIO *bp) { if (i < num1) { - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); BN_copy(&b,&a); if (BN_set_bit(&a,i)==0) return(0); BN_add_word(&b,i); } else { - BN_rand(&b,400+i-num1,0,0); + BN_bntest_rand(&b,400+i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); } - if (bp == NULL) - for (j=0; j<10000; j++) - BN_sub(&c,&a,&b); BN_sub(&c,&a,&b); if (bp != NULL) { @@ -350,7 +350,6 @@ int test_div(BIO *bp, BN_CTX *ctx) { BIGNUM a,b,c,d,e; int i; - int j; BN_init(&a); BN_init(&b); @@ -362,18 +361,15 @@ int test_div(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); - if (bp == NULL) - for (j=0; j<100; j++) - BN_div(&d,&c,&a,&b,ctx); BN_div(&d,&c,&a,&b,ctx); if (bp != NULL) { @@ -419,7 +415,6 @@ int test_div_recp(BIO *bp, BN_CTX *ctx) BIGNUM a,b,c,d,e; BN_RECP_CTX recp; int i; - int j; BN_RECP_CTX_init(&recp); BN_init(&a); @@ -432,19 +427,16 @@ int test_div_recp(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); BN_RECP_CTX_set(&recp,&b,ctx); - if (bp == NULL) - for (j=0; j<100; j++) - BN_div_recp(&d,&c,&a,&recp,ctx); BN_div_recp(&d,&c,&a,&recp,ctx); if (bp != NULL) { @@ -495,7 +487,6 @@ int test_mul(BIO *bp) { BIGNUM a,b,c,d,e; int i; - int j; BN_CTX ctx; BN_CTX_init(&ctx); @@ -509,16 +500,13 @@ int test_mul(BIO *bp) { if (i <= num1) { - BN_rand(&a,100,0,0); - BN_rand(&b,100,0,0); + BN_bntest_rand(&a,100,0,0); + BN_bntest_rand(&b,100,0,0); } else - BN_rand(&b,i-num1,0,0); + BN_bntest_rand(&b,i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); - if (bp == NULL) - for (j=0; j<100; j++) - BN_mul(&c,&a,&b,&ctx); BN_mul(&c,&a,&b,&ctx); if (bp != NULL) { @@ -553,7 +541,6 @@ int test_sqr(BIO *bp, BN_CTX *ctx) { BIGNUM a,c,d,e; int i; - int j; BN_init(&a); BN_init(&c); @@ -562,11 +549,8 @@ int test_sqr(BIO *bp, BN_CTX *ctx) for (i=0; i<num0; i++) { - BN_rand(&a,40+i*10,0,0); + BN_bntest_rand(&a,40+i*10,0,0); a.neg=rand_neg(); - if (bp == NULL) - for (j=0; j<100; j++) - BN_sqr(&c,&a,ctx); BN_sqr(&c,&a,ctx); if (bp != NULL) { @@ -600,7 +584,6 @@ int test_mont(BIO *bp, BN_CTX *ctx) BIGNUM a,b,c,d,A,B; BIGNUM n; int i; - int j; BN_MONT_CTX *mont; BN_init(&a); @@ -613,23 +596,23 @@ int test_mont(BIO *bp, BN_CTX *ctx) mont=BN_MONT_CTX_new(); - BN_rand(&a,100,0,0); /**/ - BN_rand(&b,100,0,0); /**/ + BN_bntest_rand(&a,100,0,0); /**/ + BN_bntest_rand(&b,100,0,0); /**/ for (i=0; i<num2; i++) { int bits = (200*(i+1))/num2; if (bits == 0) continue; - BN_rand(&n,bits,0,1); + BN_bntest_rand(&n,bits,0,1); BN_MONT_CTX_set(mont,&n,ctx); + BN_nnmod(&a,&a,&n,ctx); + BN_nnmod(&b,&b,&n,ctx); + BN_to_montgomery(&A,&a,mont,ctx); BN_to_montgomery(&B,&b,mont,ctx); - if (bp == NULL) - for (j=0; j<100; j++) - BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/ BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/ BN_from_montgomery(&A,&c,mont,ctx);/**/ if (bp != NULL) @@ -675,7 +658,6 @@ int test_mod(BIO *bp, BN_CTX *ctx) { BIGNUM *a,*b,*c,*d,*e; int i; - int j; a=BN_new(); b=BN_new(); @@ -683,15 +665,12 @@ int test_mod(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(a,1024,0,0); /**/ + BN_bntest_rand(a,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(b,450+i*10,0,0); /**/ + BN_bntest_rand(b,450+i*10,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); - if (bp == NULL) - for (j=0; j<100; j++) - BN_mod(c,a,b,ctx);/**/ BN_mod(c,a,b,ctx);/**/ if (bp != NULL) { @@ -732,17 +711,13 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,1024,0,0); /**/ + BN_bntest_rand(c,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(a,475+i*10,0,0); /**/ - BN_rand(b,425+i*11,0,0); /**/ + BN_bntest_rand(a,475+i*10,0,0); /**/ + BN_bntest_rand(b,425+i*11,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); - /* if (bp == NULL) - for (j=0; j<100; j++) - BN_mod_mul(d,a,b,c,ctx);*/ /**/ - if (!BN_mod_mul(e,a,b,c,ctx)) { unsigned long l; @@ -761,6 +736,16 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) BN_print(bp,b); BIO_puts(bp," % "); BN_print(bp,c); + if ((a->neg ^ b->neg) && !BN_is_zero(e)) + { + /* If (a*b) % c is negative, c must be added + * in order to obtain the normalized remainder + * (new with OpenSSL 0.9.7, previous versions of + * BN_mod_mul could generate negative results) + */ + BIO_puts(bp," + "); + BN_print(bp,c); + } BIO_puts(bp," - "); } BN_print(bp,e); @@ -772,6 +757,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) if(!BN_is_zero(b)) { fprintf(stderr,"Modulo multiply test failed!\n"); + ERR_print_errors_fp(stderr); return 0; } } @@ -794,11 +780,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,30,0,1); /* must be odd for montgomery */ + BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */ for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_mod_exp(d,a,b,c,ctx)) return(00); @@ -848,8 +834,8 @@ int test_exp(BIO *bp, BN_CTX *ctx) for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_exp(d,a,b,ctx)) return(00); @@ -884,6 +870,172 @@ int test_exp(BIO *bp, BN_CTX *ctx) return(1); } +static void genprime_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + putc(c, stderr); + fflush(stderr); + (void)n; + (void)arg; + } + +int test_kron(BIO *bp, BN_CTX *ctx) + { + BIGNUM *a,*b,*r,*t; + int i; + int legendre, kronecker; + int ret = 0; + + a = BN_new(); + b = BN_new(); + r = BN_new(); + t = BN_new(); + if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; + + /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). + * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) + * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). + * So we generate a random prime b and compare these values + * for a number of random a's. (That is, we run the Solovay-Strassen + * primality test to confirm that b is prime, except that we + * don't want to test whether b is prime but whether BN_kronecker + * works.) */ + + if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err; + putc('\n', stderr); + + for (i = 0; i < num0; i++) + { + if (!BN_bntest_rand(a, 512, 0, 0)) goto err; + a->neg = rand_neg(); + + /* t := (b-1)/2 (note that b is odd) */ + if (!BN_copy(t, b)) goto err; + if (!BN_sub_word(t, 1)) goto err; + if (!BN_rshift1(t, t)) goto err; + /* r := a^t mod b */ + if (!BN_mod_exp(r, a, t, b, ctx)) goto err; + + if (BN_is_word(r, 1)) + legendre = 1; + else if (BN_is_zero(r)) + legendre = 0; + else + { + if (!BN_add_word(r, 1)) goto err; + if (0 != BN_cmp(r, b)) + { + fprintf(stderr, "Legendre symbol computation failed\n"); + goto err; + } + legendre = -1; + } + + kronecker = BN_kronecker(a, b, ctx); + if (kronecker < -1) goto err; + + if (legendre != kronecker) + { + fprintf(stderr, "legendre != kronecker; a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", b = "); + BN_print_fp(stderr, b); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + ret = 1; + err: + if (a != NULL) BN_free(a); + if (b != NULL) BN_free(b); + if (r != NULL) BN_free(r); + if (t != NULL) BN_free(t); + return ret; + } + +int test_sqrt(BIO *bp, BN_CTX *ctx) + { + BIGNUM *a,*p,*r; + int i, j; + int ret = 0; + + a = BN_new(); + p = BN_new(); + r = BN_new(); + if (a == NULL || p == NULL || r == NULL) goto err; + + for (i = 0; i < 16; i++) + { + if (i < 8) + { + unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; + + if (!BN_set_word(p, primes[i])) goto err; + } + else + { + if (!BN_set_word(a, 32)) goto err; + if (!BN_set_word(r, 2*i + 1)) goto err; + + if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; + putc('\n', stderr); + } + + for (j = 0; j < num2; j++) + { + /* construct 'a' such that it is a square modulo p, + * but in general not a proper square and not reduced modulo p */ + if (!BN_bntest_rand(r, 256, 0, 3)) goto err; + if (!BN_nnmod(r, r, p, ctx)) goto err; + if (!BN_mod_sqr(r, r, p, ctx)) goto err; + if (!BN_bntest_rand(a, 256, 0, 3)) goto err; + if (!BN_nnmod(a, a, p, ctx)) goto err; + if (!BN_mod_sqr(a, a, p, ctx)) goto err; + if (!BN_mul(a, a, r, ctx)) goto err; + + if (!BN_mod_sqrt(r, a, p, ctx)) goto err; + if (!BN_mod_sqr(r, r, p, ctx)) goto err; + + if (!BN_nnmod(a, a, p, ctx)) goto err; + + if (BN_cmp(a, r) != 0) + { + fprintf(stderr, "BN_mod_sqrt failed: a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", r = "); + BN_print_fp(stderr, r); + fprintf(stderr, ", p = "); + BN_print_fp(stderr, p); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + } + ret = 1; + err: + if (a != NULL) BN_free(a); + if (p != NULL) BN_free(p); + if (r != NULL) BN_free(r); + return ret; + } + int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) { BIGNUM *a,*b,*c,*d; @@ -899,7 +1051,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) else { a=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); } for (i=0; i<num0; i++) @@ -951,7 +1103,7 @@ int test_lshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -995,7 +1147,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx) e=BN_new(); BN_one(c); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -1038,7 +1190,7 @@ int test_rshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { diff --git a/crypto/bn/expspeed.c b/crypto/bn/expspeed.c index 2044ab9bf..c55347e29 100644 --- a/crypto/bn/expspeed.c +++ b/crypto/bn/expspeed.c @@ -61,6 +61,28 @@ /* most of this code has been pilfered from my libdes speed.c program */ #define BASENUM 5000 +#define NUM_START 0 + + +/* determine timings for modexp, gcd, or modular inverse */ +#define TEST_EXP +#undef TEST_GCD +#undef TEST_KRON +#undef TEST_INV +#undef TEST_SQRT +#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */ + +#if defined(TEST_EXP) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1 +# error "choose one test" +#endif + +#if defined(TEST_INV) || defined(TEST_SQRT) +# define C_PRIME +static void genprime_cb(int p, int n, void *arg); +#endif + + + #undef PROG #define PROG bnspeed_main @@ -70,6 +92,7 @@ #include <string.h> #include <openssl/crypto.h> #include <openssl/err.h> +#include <openssl/rand.h> #if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) #define TIMES @@ -161,11 +184,16 @@ static double Time_F(int s) #endif } -#define NUM_SIZES 6 -static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192}; -static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1}; +#define NUM_SIZES 7 +#if NUM_START > NUM_SIZES +# error "NUM_START > NUM_SIZES" +#endif +static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192}; +static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1}; /*static int sizes[NUM_SIZES]={59,179,299,419,539}; */ +#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } + void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); int main(int argc, char **argv) @@ -173,13 +201,23 @@ int main(int argc, char **argv) BN_CTX *ctx; BIGNUM *a,*b,*c,*r; +#if 1 + if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0)) + abort(); +#endif + ctx=BN_CTX_new(); a=BN_new(); b=BN_new(); c=BN_new(); r=BN_new(); + while (!RAND_status()) + /* not enough bits */ + RAND_SEED("I demand a manual recount!"); + do_mul_exp(r,a,b,c,ctx); + return 0; } void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) @@ -187,29 +225,107 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) int i,k; double tm; long num; - BN_MONT_CTX m; - - memset(&m,0,sizeof(m)); num=BASENUM; - for (i=0; i<NUM_SIZES; i++) + for (i=NUM_START; i<NUM_SIZES; i++) { - BN_rand(a,sizes[i],1,0); - BN_rand(b,sizes[i],1,0); - BN_rand(c,sizes[i],1,1); - BN_mod(a,a,c,ctx); - BN_mod(b,b,c,ctx); - - BN_MONT_CTX_set(&m,c,ctx); +#ifdef C_PRIME +# ifdef TEST_SQRT + if (!BN_set_word(a, 64)) goto err; + if (!BN_set_word(b, P_MOD_64)) goto err; +# define ADD a +# define REM b +# else +# define ADD NULL +# define REM NULL +# endif + if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err; + putc('\n', stderr); + fflush(stderr); +#endif - Time_F(START); for (k=0; k<num; k++) - BN_mod_exp_mont(r,a,b,c,ctx,&m); + { + if (k%50 == 0) /* Average over num/50 different choices of random numbers. */ + { + if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err; + + if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err; + +#ifndef C_PRIME + if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err; +#endif + +#ifdef TEST_SQRT + if (!BN_mod_sqr(a,a,c,ctx)) goto err; + if (!BN_mod_sqr(b,b,c,ctx)) goto err; +#else + if (!BN_nnmod(a,a,c,ctx)) goto err; + if (!BN_nnmod(b,b,c,ctx)) goto err; +#endif + + if (k == 0) + Time_F(START); + } + +#if defined(TEST_EXP) + if (!BN_mod_exp(r,a,b,c,ctx)) goto err; +#elif defined(TEST_GCD) + if (!BN_gcd(r,a,b,ctx)) goto err; + if (!BN_gcd(r,b,c,ctx)) goto err; + if (!BN_gcd(r,c,a,ctx)) goto err; +#elif defined(TEST_KRON) + if (-2 == BN_kronecker(a,b,ctx)) goto err; + if (-2 == BN_kronecker(b,c,ctx)) goto err; + if (-2 == BN_kronecker(c,a,ctx)) goto err; +#elif defined(TEST_INV) + if (!BN_mod_inverse(r,a,c,ctx)) goto err; + if (!BN_mod_inverse(r,b,c,ctx)) goto err; +#else /* TEST_SQRT */ + if (!BN_mod_sqrt(r,a,c,ctx)) goto err; + if (!BN_mod_sqrt(r,b,c,ctx)) goto err; +#endif + } tm=Time_F(STOP); - printf("mul %4d ^ %4d %% %d -> %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num); + printf( +#if defined(TEST_EXP) + "modexp %4d ^ %4d %% %4d" +#elif defined(TEST_GCD) + "3*gcd %4d %4d %4d" +#elif defined(TEST_KRON) + "3*kronecker %4d %4d %4d" +#elif defined(TEST_INV) + "2*inv %4d %4d mod %4d" +#else /* TEST_SQRT */ + "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" +#endif + " -> %8.3fms %5.1f (%ld)\n", +#ifdef TEST_SQRT + P_MOD_64, +#endif + sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num); num/=7; if (num <= 0) num=1; } + return; + err: + ERR_print_errors_fp(stderr); } + +#ifdef C_PRIME +static void genprime_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + putc(c, stderr); + fflush(stderr); + (void)n; + (void)arg; + } +#endif diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c index 1a819e373..efd366fa2 100644 --- a/crypto/comp/c_rle.c +++ b/crypto/comp/c_rle.c @@ -17,6 +17,7 @@ static COMP_METHOD rle_method={ rle_compress_block, rle_expand_block, NULL, + NULL, }; COMP_METHOD *COMP_rle(void) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 6684ab484..c2ff6c701 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -6,11 +6,10 @@ COMP_METHOD *COMP_zlib(void ); -#ifndef ZLIB - -static COMP_METHOD zlib_method={ +static COMP_METHOD zlib_method_nozlib={ NID_undef, - "(null)", + "(undef)", + NULL, NULL, NULL, NULL, @@ -18,6 +17,8 @@ static COMP_METHOD zlib_method={ NULL, }; +#ifndef ZLIB +#undef ZLIB_SHARED #else #include <zlib.h> @@ -38,8 +39,56 @@ static COMP_METHOD zlib_method={ zlib_compress_block, zlib_expand_block, NULL, + NULL, }; +/* + * When OpenSSL is built on Windows, we do not want to require that + * the ZLIB.DLL be available in order for the OpenSSL DLLs to + * work. Therefore, all ZLIB routines are loaded at run time + * and we do not link to a .LIB file. + */ +#if defined(WINDOWS) || defined(WIN32) +# include <windows.h> + +# define Z_CALLCONV _stdcall +# define ZLIB_SHARED +#else +# define Z_CALLCONV +#endif /* !(WINDOWS || WIN32) */ + +#ifdef ZLIB_SHARED +#include <openssl/dso.h> + +/* Prototypes for built in stubs */ +static int stub_compress(Bytef *dest,uLongf *destLen, + const Bytef *source, uLong sourceLen); +static int stub_inflateEnd(z_streamp strm); +static int stub_inflate(z_streamp strm, int flush); +static int stub_inflateInit_(z_streamp strm, const char * version, + int stream_size); + +/* Function pointers */ +typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, + const Bytef *source, uLong sourceLen); +typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); +typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); +typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, + const char * version, int stream_size); +static compress_ft p_compress=NULL; +static inflateEnd_ft p_inflateEnd=NULL; +static inflate_ft p_inflate=NULL; +static inflateInit__ft p_inflateInit_=NULL; + +static int zlib_loaded = 0; /* only attempt to init func pts once */ +static DSO *zlib_dso = NULL; + +#define compress stub_compress +#define inflateEnd stub_inflateEnd +#define inflate stub_inflate +#define inflateInit_ stub_inflateInit_ +#endif /* ZLIB_SHARED */ + static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { @@ -66,7 +115,10 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, memcpy(&(out[1]),in,ilen); l=ilen+1; } -fprintf(stderr,"compress(%4d)->%4d %s\n",ilen,(int)l,(clear)?"clear":"zlib"); +#ifdef DEBUG_ZLIB + fprintf(stderr,"compress(%4d)->%4d %s\n", + ilen,(int)l,(clear)?"clear":"zlib"); +#endif return((int)l); } @@ -88,7 +140,10 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, memcpy(out,&(in[1]),ilen-1); l=ilen-1; } - fprintf(stderr,"expand (%4d)->%4d %s\n",ilen,(int)l,in[0]?"zlib":"clear"); +#ifdef DEBUG_ZLIB + fprintf(stderr,"expand (%4d)->%4d %s\n", + ilen,(int)l,in[0]?"zlib":"clear"); +#endif return((int)l); } @@ -128,6 +183,78 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, COMP_METHOD *COMP_zlib(void) { - return(&zlib_method); + COMP_METHOD *meth = &zlib_method_nozlib; + +#ifdef ZLIB_SHARED + if (!zlib_loaded) + { +#if defined(WINDOWS) || defined(WIN32) + zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); +#else + zlib_dso = DSO_load(NULL, "z", NULL, 0); +#endif + if (zlib_dso != NULL) + { + p_compress + = (compress_ft) DSO_bind_func(zlib_dso, + "compress"); + p_inflateEnd + = (inflateEnd_ft) DSO_bind_func(zlib_dso, + "inflateEnd"); + p_inflate + = (inflate_ft) DSO_bind_func(zlib_dso, + "inflate"); + p_inflateInit_ + = (inflateInit__ft) DSO_bind_func(zlib_dso, + "inflateInit_"); + zlib_loaded++; + meth = &zlib_method; + } + } + +#elif defined(ZLIB) + meth = &zlib_method; +#endif + + return(meth); + } + +#ifdef ZLIB_SHARED +/* Stubs for each function to be dynamicly loaded */ +static int +stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) + { + if (p_compress) + return(p_compress(dest,destLen,source,sourceLen)); + else + return(Z_MEM_ERROR); + } + +static int +stub_inflateEnd(z_streamp strm) + { + if ( p_inflateEnd ) + return(p_inflateEnd(strm)); + else + return(Z_MEM_ERROR); + } + +static int +stub_inflate(z_streamp strm, int flush) + { + if ( p_inflate ) + return(p_inflate(strm,flush)); + else + return(Z_MEM_ERROR); + } + +static int +stub_inflateInit_(z_streamp strm, const char * version, int stream_size) + { + if ( p_inflateInit_ ) + return(p_inflateInit_(strm,version,stream_size)); + else + return(Z_MEM_ERROR); } +#endif /* ZLIB_SHARED */ diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h index 092260954..aee8fcdef 100644 --- a/crypto/comp/comp.h +++ b/crypto/comp/comp.h @@ -39,9 +39,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); COMP_METHOD *COMP_rle(void ); -#ifdef ZLIB COMP_METHOD *COMP_zlib(void ); -#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c index e907cc224..efbb61373 100644 --- a/crypto/conf/cnf_save.c +++ b/crypto/conf/cnf_save.c @@ -73,7 +73,7 @@ main() exit(1); } - lh_doall(conf,print_conf); + lh_doall(conf,(LHASH_DOALL_FN_TYPE)print_conf); } diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 7abeeced0..64bbd971a 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -73,6 +73,9 @@ static void value_free_stack(CONF_VALUE *a,LHASH *conf); static unsigned long hash(CONF_VALUE *v); static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); +static IMPLEMENT_LHASH_HASH_FN(hash, CONF_VALUE *) +static IMPLEMENT_LHASH_COMP_FN(cmp_conf, CONF_VALUE *) + /* Up until OpenSSL 0.9.5a, this was get_section */ CONF_VALUE *_CONF_get_section(CONF *conf, char *section) { @@ -181,7 +184,8 @@ int _CONF_new_data(CONF *conf) return 0; } if (conf->data == NULL) - if ((conf->data = lh_new(hash,cmp_conf)) == NULL) + if ((conf->data = lh_new(LHASH_HASH_FN(hash), + LHASH_COMP_FN(cmp_conf))) == NULL) { return 0; } @@ -194,12 +198,14 @@ void _CONF_free_data(CONF *conf) conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' * works as expected */ - lh_doall_arg(conf->data,(void (*)())value_free_hash,conf->data); + lh_doall_arg(conf->data, (LHASH_DOALL_ARG_FN_TYPE)value_free_hash, + conf->data); /* We now have only 'section' entries in the hash table. * Due to problems with */ - lh_doall_arg(conf->data,(void (*)())value_free_stack,conf->data); + lh_doall_arg(conf->data, (LHASH_DOALL_ARG_FN_TYPE)value_free_stack, + conf->data); lh_free(conf->data); } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 6825d9645..1d30f6f77 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -712,7 +712,7 @@ static void dump_value(CONF_VALUE *a, BIO *out) static int def_dump(CONF *conf, BIO *out) { - lh_doall_arg(conf->data, (void (*)())dump_value, out); + lh_doall_arg(conf->data, (LHASH_DOALL_ARG_FN_TYPE)dump_value, out); return 1; } diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 70e3c91b3..70544994d 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -196,7 +196,7 @@ $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" -$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,"+ - +$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,bn_kron,bn_sqrt"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+",bn_recp,bn_mont,"+ - "bn_mpi,bn_exp2" @@ -206,9 +206,9 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl" $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err" $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - "dso_openssl,dso_win32,dso_vms" -$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ - - "hw_atalla,hw_cswift,hw_ncipher" -$ LIB_RIJNDAEL = "rijndael-alg-fst" +$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_all,engine_openssl,"+ - + "hw_atalla,hw_cswift,hw_ncipher,hw_nuron" +$ LIB_RIJNDAEL = "rd_fst" $ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - @@ -223,7 +223,7 @@ $ LIB_ERR = "err,err_all,err_prn" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - "e_des,e_bf,e_idea,e_des3,"+ - - "e_rc4,names,"+ - + "e_rc4,e_rd,names,"+ - "e_xcbc_d,e_rc2,e_cast,e_rc5" $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - "m_dss,m_dss1,m_mdc2,m_ripemd,"+ - @@ -896,6 +896,7 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! +$ P2 = "NORSAREF" $ IF (P2.EQS."NORSAREF") $ THEN $! diff --git a/crypto/crypto.h b/crypto/crypto.h index 52ee97b71..08bb1fc83 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -281,7 +281,7 @@ unsigned long SSLeay(void); int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); -void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from); void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad); diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 2e26f8b40..ccbac65a9 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -125,7 +125,7 @@ dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -144,7 +144,7 @@ dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 7a8d9f88c..7e732e1c3 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -81,9 +81,9 @@ typedef struct dh_method { const char *name; /* Methods here */ int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, + int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ int (*init)(DH *dh); @@ -152,13 +152,13 @@ struct dh_st (unsigned char *)(x)) #endif -DH_METHOD *DH_OpenSSL(void); +const DH_METHOD *DH_OpenSSL(void); -void DH_set_default_openssl_method(DH_METHOD *meth); -DH_METHOD *DH_get_default_openssl_method(void); +void DH_set_default_openssl_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_openssl_method(void); #if 0 -DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); -DH *DH_new_method(DH_METHOD *meth); +const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(const DH_METHOD *meth); #else int DH_set_method(DH *dh, struct engine_st *engine); DH *DH_new_method(struct engine_st *engine); @@ -166,27 +166,27 @@ DH *DH_new_method(struct engine_st *engine); DH * DH_new(void); void DH_free(DH *dh); -int DH_size(DH *dh); +int DH_size(const DH *dh); int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); -int DH_check(DH *dh,int *codes); +int DH_check(const DH *dh,int *codes); int DH_generate_key(DH *dh); -int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh); -DH * d2i_DHparams(DH **a,unsigned char **pp, long length); -int i2d_DHparams(DH *a,unsigned char **pp); +int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); +DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); +int i2d_DHparams(const DH *a,unsigned char **pp); #ifndef NO_FP_API -int DHparams_print_fp(FILE *fp, DH *x); +int DHparams_print_fp(FILE *fp, const DH *x); #endif #ifndef NO_BIO -int DHparams_print(BIO *bp, DH *x); +int DHparams_print(BIO *bp, const DH *x); #else -int DHparams_print(char *bp, DH *x); +int DHparams_print(char *bp, const DH *x); #endif -void ERR_load_DH_strings(void ); +void ERR_load_DH_strings(void); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 20aa68f98..1f26be7ae 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -84,4 +84,4 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = { ASN1_OPT(DH, length, ZLONG), } ASN1_SEQUENCE_END_cb(DH, DHparams); -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DH, DHparams, DHparams) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 7e5cfd8bf..f0373f7d6 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -70,7 +70,7 @@ * should hold. */ -int DH_check(DH *dh, int *ret) +int DH_check(const DH *dh, int *ret) { int ok=0; BN_CTX *ctx=NULL; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 6915d79dc..0e4fee101 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -64,8 +64,9 @@ #include <openssl/engine.h> static int generate_key(DH *dh); -static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); -static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int dh_init(DH *dh); @@ -76,7 +77,7 @@ int DH_generate_key(DH *dh) return ENGINE_get_DH(dh->engine)->generate_key(dh); } -int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh); } @@ -92,7 +93,7 @@ dh_finish, NULL }; -DH_METHOD *DH_OpenSSL(void) +const DH_METHOD *DH_OpenSSL(void) { return &dh_ossl; } @@ -155,7 +156,7 @@ err: return(ok); } -static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { BN_CTX ctx; BN_MONT_CTX *mont; @@ -193,7 +194,8 @@ err: return(ret); } -static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 66803b556..c0a247275 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -64,11 +64,11 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; -static DH_METHOD *default_DH_method; +static const DH_METHOD *default_DH_method; static int dh_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; -void DH_set_default_openssl_method(DH_METHOD *meth) +void DH_set_default_openssl_method(const DH_METHOD *meth) { ENGINE *e; /* We'll need to notify the "openssl" ENGINE of this @@ -87,7 +87,7 @@ void DH_set_default_openssl_method(DH_METHOD *meth) } } -DH_METHOD *DH_get_default_openssl_method(void) +const DH_METHOD *DH_get_default_openssl_method(void) { if(!default_DH_method) default_DH_method = DH_OpenSSL(); return default_DH_method; @@ -107,7 +107,7 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) int DH_set_method(DH *dh, ENGINE *engine) { ENGINE *mtmp; - DH_METHOD *meth; + const DH_METHOD *meth; mtmp = dh->engine; meth = ENGINE_get_DH(mtmp); if (!ENGINE_init(engine)) @@ -133,7 +133,7 @@ DH *DH_new_method(DH_METHOD *meth) DH *DH_new_method(ENGINE *engine) #endif { - DH_METHOD *meth; + const DH_METHOD *meth; DH *ret; ret=(DH *)OPENSSL_malloc(sizeof(DH)); @@ -168,19 +168,19 @@ DH *DH_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references = 1; ret->flags=meth->flags; + CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); return(ret); } void DH_free(DH *r) { - DH_METHOD *meth; + const DH_METHOD *meth; int i; if(r == NULL) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); @@ -196,12 +196,12 @@ void DH_free(DH *r) } #endif - CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); - meth = ENGINE_get_DH(r->engine); if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); if (r->q != NULL) BN_clear_free(r->q); @@ -231,7 +231,7 @@ void *DH_get_ex_data(DH *d, int idx) return(CRYPTO_get_ex_data(&d->ex_data,idx)); } -int DH_size(DH *dh) +int DH_size(const DH *dh) { return(BN_num_bytes(dh->p)); } diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 07994477b..e7351630e 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -129,7 +129,7 @@ dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h dsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -148,8 +148,7 @@ dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dsa_ossl.o: ../../include/openssl/rc5.h -dsa_ossl.o: ../../include/openssl/rijndael-alg-fst.h +dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h dsa_ossl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -168,8 +167,7 @@ dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dsa_sign.o: ../../include/openssl/rc5.h -dsa_sign.o: ../../include/openssl/rijndael-alg-fst.h +dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h dsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -189,8 +187,8 @@ dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -dsa_vrf.o: ../../include/openssl/rijndael-alg-fst.h -dsa_vrf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h +dsa_vrf.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_vrf.o: ../cryptlib.h diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index af4ee835c..9d7264780 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -154,19 +154,19 @@ struct dsa_st DSA_SIG * DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); -int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); -DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); int DSA_do_verify(const unsigned char *dgst,int dgst_len, DSA_SIG *sig,DSA *dsa); -DSA_METHOD *DSA_OpenSSL(void); +const DSA_METHOD *DSA_OpenSSL(void); -void DSA_set_default_openssl_method(DSA_METHOD *); -DSA_METHOD *DSA_get_default_openssl_method(void); +void DSA_set_default_openssl_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_openssl_method(void); #if 0 -DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *); +const DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *); #else int DSA_set_method(DSA *dsa, struct engine_st *engine); #endif @@ -177,13 +177,13 @@ DSA * DSA_new_method(DSA_METHOD *meth); #else DSA * DSA_new_method(struct engine_st *engine); #endif -int DSA_size(DSA *); +int DSA_size(const DSA *); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); int DSA_sign(int type,const unsigned char *dgst,int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int DSA_verify(int type,const unsigned char *dgst,int dgst_len, - unsigned char *sigbuf, int siglen, DSA *dsa); + const unsigned char *sigbuf, int siglen, DSA *dsa); void DSA_free (DSA *r); int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -192,24 +192,25 @@ void *DSA_get_ex_data(DSA *d, int idx); void ERR_load_DSA_strings(void ); -DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, +DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +DSA * DSA_generate_parameters(int bits, + unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); int DSA_generate_key(DSA *a); -int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -int i2d_DSAparams(DSA *a,unsigned char **pp); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a,unsigned char **pp); #ifndef NO_BIO -int DSAparams_print(BIO *bp, DSA *x); -int DSA_print(BIO *bp, DSA *x, int off); +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); #endif #ifndef NO_FP_API -int DSAparams_print_fp(FILE *fp, DSA *x); -int DSA_print_fp(FILE *bp, DSA *x, int off); +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); #endif #define DSS_prime_checks 50 @@ -221,7 +222,7 @@ int DSA_print_fp(FILE *bp, DSA *x, int off); #ifndef NO_DH /* Convert DSA structure (key or just parameters) into DH structure * (be careful to avoid small subgroup attacks when using this!) */ -DH *DSA_dup_DH(DSA *r); +DH *DSA_dup_DH(const DSA *r); #endif /* BEGIN ERROR CODES */ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 186932b00..fba2f7302 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -83,7 +83,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG); -IMPLEMENT_ASN1_FUNCTIONS(DSA_SIG) +IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -109,7 +109,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { ASN1_SIMPLE(DSA, priv_key, BIGNUM) } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey); -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { ASN1_SIMPLE(DSA, p, BIGNUM), @@ -117,7 +117,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { ASN1_SIMPLE(DSA, g, BIGNUM), } ASN1_SEQUENCE_END_cb(DSA, DSAparams); -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) /* DSA public key is a bit trickier... its effectively a CHOICE type * decided by a field called write_params which can either write out @@ -137,4 +137,4 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { ASN1_EX_COMBINE(0, 0, dsa_pub_internal) } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params); -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 2294a362d..e911e5ae7 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -79,7 +79,8 @@ #include <openssl/dsa.h> #include <openssl/rand.h> -DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, +DSA *DSA_generate_parameters(int bits, + unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), void *cb_arg) diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index b31b946ad..600271166 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -67,11 +67,11 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; -static DSA_METHOD *default_DSA_method; +static const DSA_METHOD *default_DSA_method; static int dsa_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; -void DSA_set_default_openssl_method(DSA_METHOD *meth) +void DSA_set_default_openssl_method(const DSA_METHOD *meth) { ENGINE *e; /* We'll need to notify the "openssl" ENGINE of this @@ -90,7 +90,7 @@ void DSA_set_default_openssl_method(DSA_METHOD *meth) } } -DSA_METHOD *DSA_get_default_openssl_method(void) +const DSA_METHOD *DSA_get_default_openssl_method(void) { if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); return default_DSA_method; @@ -115,7 +115,7 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth) int DSA_set_method(DSA *dsa, ENGINE *engine) { ENGINE *mtmp; - DSA_METHOD *meth; + const DSA_METHOD *meth; mtmp = dsa->engine; meth = ENGINE_get_DSA(mtmp); if (!ENGINE_init(engine)) @@ -137,7 +137,7 @@ DSA *DSA_new_method(DSA_METHOD *meth) DSA *DSA_new_method(ENGINE *engine) #endif { - DSA_METHOD *meth; + const DSA_METHOD *meth; DSA *ret; ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); @@ -173,20 +173,20 @@ DSA *DSA_new_method(ENGINE *engine) ret->references=1; ret->flags=meth->flags; + CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); return(ret); } void DSA_free(DSA *r) { - DSA_METHOD *meth; + const DSA_METHOD *meth; int i; if (r == NULL) return; @@ -204,12 +204,12 @@ void DSA_free(DSA *r) } #endif - CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); - meth = ENGINE_get_DSA(r->engine); if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->g != NULL) BN_clear_free(r->g); @@ -220,7 +220,7 @@ void DSA_free(DSA *r) OPENSSL_free(r); } -int DSA_size(DSA *r) +int DSA_size(const DSA *r) { int ret,i; ASN1_INTEGER bs; @@ -258,7 +258,7 @@ void *DSA_get_ex_data(DSA *d, int idx) } #ifndef NO_DH -DH *DSA_dup_DH(DSA *r) +DH *DSA_dup_DH(const DSA *r) { /* DSA has p, q, g, optional pub_key, optional priv_key. * DH has p, optional length, g, optional pub_key, optional priv_key. diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 96295dc24..4b600fa73 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -92,7 +92,7 @@ dsa_finish, NULL }; -DSA_METHOD *DSA_OpenSSL(void) +const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 2e891ae49..28b671234 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -80,7 +80,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, * -1: error */ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - unsigned char *sigbuf, int siglen, DSA *dsa) + const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; int ret=-1; diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index c38d8863e..4dbb51fb8 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -126,7 +126,7 @@ static int dl_load(DSO *dso) DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE, NULL); + ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c new file mode 100644 index 000000000..df54b47c0 --- /dev/null +++ b/crypto/ec/ec.c @@ -0,0 +1,120 @@ +/* + * + * ec.c + * + * Elliptic Curve Arithmetic Functions + * + * Copyright (C) Lenka Fibikova 2000 + * + * + */ + + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> + +#include "ec.h" + + + +EC *EC_new() +{ + EC *ret; + + ret=(EC *)malloc(sizeof(EC)); + if (ret == NULL) return NULL; + ret->A = BN_new(); + ret->B = BN_new(); + ret->p = BN_new(); + ret->h = BN_new(); + ret->is_in_mont = 0; + + if (ret->A == NULL || ret->B == NULL || ret->p == NULL || ret->h == NULL) + { + if (ret->A != NULL) BN_free(ret->A); + if (ret->B != NULL) BN_free(ret->B); + if (ret->p != NULL) BN_free(ret->p); + if (ret->h != NULL) BN_free(ret->h); + free(ret); + return(NULL); + } + return(ret); +} + + +void EC_clear_free(EC *E) +{ + if (E == NULL) return; + + if (E->A != NULL) BN_clear_free(E->A); + if (E->B != NULL) BN_clear_free(E->B); + if (E->p != NULL) BN_clear_free(E->p); + if (E->h != NULL) BN_clear_free(E->h); + E->is_in_mont = 0; + free(E); +} + + +#ifdef MONTGOMERY +int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +{ + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (E->is_in_mont) return 1; + + if (!BN_lshift(E->A, E->A, mont->R_num_bits)) return 0; + if (!BN_mod(E->A, E->A, mont->p, ctx)) return 0; + + if (!BN_lshift(E->B, E->B, mont->R_num_bits)) return 0; + if (!BN_mod(E->B, E->B, mont->p, ctx)) return 0; + + if (!BN_lshift(E->h, E->h, mont->R_num_bits)) return 0; + if (!BN_mod(E->h, E->h, mont->p, ctx)) return 0; + + E->is_in_mont = 1; + return 1; + +} + + +int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +{ + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (!E->is_in_mont) return 1; + + if (!BN_mont_red(E->A, mont)) return 0; + if (!BN_mont_red(E->B, mont)) return 0; + if (!BN_mont_red(E->h, mont)) return 0; + + E->is_in_mont = 0; + return 1; +} +#endif /* MONTGOMERY */ + +int EC_set_half(EC *E) +/* h <- 1/2 mod p = (p + 1)/2 */ +{ + assert(E != NULL); + assert(E->p != NULL); + assert(E->h != NULL); + assert(!E->is_in_mont); + + if (BN_copy(E->h, E->p) == NULL) return 0; + if (!BN_add_word(E->h, 1)) return 0; + if (!BN_rshift1(E->h, E->h)) return 0; + return 1; +} diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h new file mode 100644 index 000000000..dd7a4b892 --- /dev/null +++ b/crypto/ec/ec.h @@ -0,0 +1,86 @@ +/* + * + * ec.h + * + * Elliptic Curve Arithmetic Functions + * + * Copyright (C) Lenka Fibikova 2000 + * + * + */ + + +#ifndef HEADER_EC_H +#define HEADER_EC_H + + +#include <openssl/bn.h> +#include "../bn/bn_mont2.h" /* XXX */ + +typedef struct bn_ec_struct /* E: y^2 = x^3 + Ax + B (mod p) */ +{ + BIGNUM *A, *B, *p, *h; /* h = 1/2 mod p = (p + 1)/2 */ + int is_in_mont; +} EC; + +typedef struct bn_ec_point_struct /* P = [X, Y, Z] */ +{ + BIGNUM *X, *Y, *Z; + int is_in_mont; +} EC_POINT; + +typedef struct bn_ecp_precompute_struct /* Pi[i] = [2i + 1]P i = 0..2^{r-1} - 1 */ +{ + int r; + EC_POINT **Pi; +} ECP_PRECOMPUTE; + + +#define ECP_is_infty(P) (BN_is_zero(P->Z)) +#define ECP_is_norm(P) (BN_is_one(P->Z)) + +#define ECP_mont_minus(P, mont) (ECP_minus((P), (mont)->p)) + + +EC *EC_new(); +void EC_clear_free(EC *E); +int EC_set_half(EC *E); +#ifdef MONTGOMERY +int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +#endif /* MONTGOMERY */ + + +EC_POINT *ECP_new(); +void ECP_clear_free(EC_POINT *P); +void ECP_clear_free_precompute(ECP_PRECOMPUTE *prec); + +EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z, EC *E, BN_CTX *ctx); +EC_POINT *ECP_dup(EC_POINT *P); +int ECP_copy(EC_POINT *R, EC_POINT *P); +int ECP_normalize(EC_POINT *P, EC *E, BN_CTX *ctx); +EC_POINT *ECP_minus(EC_POINT *P, BIGNUM *p); +int ECP_is_on_ec(EC_POINT *P, EC *E, BN_CTX *ctx); +int ECP_ecp2bin(EC_POINT *P, unsigned char *to, int form); /* form(ANSI 9.62): 1-compressed; 2-uncompressed; 3-hybrid */ +int ECP_bin2ecp(unsigned char *from, int len, EC_POINT *P, EC *E, BN_CTX *ctx); + +#ifdef SIMPLE +int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx); +int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx); +int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx); +ECP_PRECOMPUTE *ECP_precompute(int r, EC_POINT *P, EC *E, BN_CTX *ctx); +int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ctx); +#endif /* SIMPLE */ + +#ifdef MONTGOMERY +int ECP_to_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_from_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +ECP_PRECOMPUTE *ECP_mont_precompute(int r, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +int ECP_mont_multiply2(EC_POINT *R, BIGNUM *k, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx); +#endif /* MONTGOMERY */ + +#endif diff --git a/crypto/ec/ec_point.c b/crypto/ec/ec_point.c new file mode 100644 index 000000000..5dd2da3b1 --- /dev/null +++ b/crypto/ec/ec_point.c @@ -0,0 +1,1477 @@ +/* + * + * ec_point.c + * + * Elliptic Curve Arithmetic Functions + * + * Copyright (C) Lenka Fibikova 2000 + * + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <memory.h> + +#include <openssl/bn.h> + +#include "../bn/bn_mont2.h" /* XXX */ +#include "ec.h" + + +EC_POINT *ECP_new() + { + EC_POINT *ret; + + ret=(EC_POINT *)malloc(sizeof(EC_POINT)); + if (ret == NULL) return NULL; + ret->X = BN_new(); + ret->Y = BN_new(); + ret->Z = BN_new(); + ret->is_in_mont = 0; + + if (ret->X == NULL || ret->Y == NULL || ret->Z == NULL) + { + if (ret->X != NULL) BN_free(ret->X); + if (ret->Y != NULL) BN_free(ret->Y); + if (ret->Z != NULL) BN_free(ret->Z); + free(ret); + return(NULL); + } + return(ret); + } + + +void ECP_clear_free(EC_POINT *P) + { + if (P == NULL) return; + + P->is_in_mont = 0; + if (P->X != NULL) BN_clear_free(P->X); + if (P->Y != NULL) BN_clear_free(P->Y); + if (P->Z != NULL) BN_clear_free(P->Z); + free(P); + } + + +void ECP_clear_free_precompute(ECP_PRECOMPUTE *prec) + { + int i; + int max; + + if (prec == NULL) return; + if (prec->Pi != NULL) + { + max = 1; + max <<= (prec->r - 1); + + for (i = 0; i < max; i++) + { + if (prec->Pi[i] != NULL) ECP_clear_free(prec->Pi[i]); + } + } + free(prec); + } + + +int ECP_is_on_ec(EC_POINT *P, EC *E, BN_CTX *ctx) + { + BIGNUM *n0, *n1, *n2, *p; + int Pnorm; + int ret = -1; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL); + + assert(ctx != NULL); + + assert(!P->is_in_mont); + + if (ECP_is_infty(P)) return 1; + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + if (n2 == NULL) + goto err; + + p = E->p; + + Pnorm = (ECP_is_norm(P)); + + if (!Pnorm) + { + if (!BN_mod_mul(n0, P->Z, P->Z, p, ctx)) goto err; + if (!BN_mod_mul(n1, n0, n0, p, ctx)) goto err; + if (!BN_mod_mul(n2, n0, n1, p, ctx)) goto err; + } + + if (!BN_mod_mul(n0, P->X, P->X, p, ctx)) goto err; + if (!BN_mod_mul(n0, n0, P->X, p, ctx)) goto err; + + if (Pnorm) + { + if (!BN_mod_mul(n1, P->X, E->A, p, ctx)) goto err; + } + else + { + if (!BN_mod_mul(n1, n1, P->X, p, ctx)) goto err; + if (!BN_mod_mul(n1, n1, E->A, p, ctx)) goto err; + } + if (!BN_mod_add(n0, n0, n1, p, ctx)) goto err; + + if (Pnorm) + { + if (!BN_mod_add(n0, n0, E->B, p, ctx)) goto err; + } + else + { + if (!BN_mod_mul(n2, n2, E->B, p, ctx)) goto err; + if (!BN_mod_add(n0, n0, n2, p, ctx)) goto err; + } + + if (!BN_mod_mul(n1, P->Y, P->Y, p, ctx)) goto err; + + if (BN_cmp(n0, n1)) + ret = 0; + else + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; + } + + +EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx) +/* x == NULL || z = 0 -> point of infinity */ +/* z == NULL || z = 1 -> normalized */ + { + BIGNUM *n0, *n1; + EC_POINT *ret = NULL; + int Pnorm, Pinfty, X0, A0; + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(ctx != NULL); + + Pinfty = (x == NULL); + Pnorm = (z == NULL); + if (!Pnorm) + { + Pnorm = BN_is_one(z); + Pinfty = (Pinfty || BN_is_zero(z)); + } + + if (Pinfty) + { + if ((ret = ECP_new()) == NULL) return NULL; + if (!BN_zero(ret->Z)) + { + ECP_clear_free(ret); + return NULL; + } + return ret; + } + + X0 = BN_is_zero(x); + A0 = BN_is_zero(E->A); + + if ((ret = ECP_new()) == NULL) return NULL; + + ret->is_in_mont = 0; + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + if (n1 == NULL) goto err; + + if (!BN_zero(n0)) goto err; + if (!BN_zero(n1)) goto err; + + if (!X0) + { + if (!BN_mod_sqr(n0, x, E->p, ctx)) goto err; + if (!BN_mod_mul(n0, n0, x, E->p, ctx)) goto err; /* x^3 */ + } + + if (!X0 && !A0) + { + if (!BN_mod_mul(n1, E->A, x, E->p, ctx)) goto err; /* Ax */ + if (!BN_mod_add(n0, n0, n1, E->p, ctx)) goto err; /* x^3 + Ax */ + } + + if (!BN_is_zero(E->B)) + if (!BN_mod_add(n0, n0, E->B, E->p, ctx)) goto err; /* x^3 + Ax +B */ + + if (!BN_mod_sqrt(ret->Y, n0, E->p, ctx)) goto err; + if (BN_copy(ret->X, x) == NULL) goto err; + + if (Pnorm) + { + if (!BN_one(ret->Z)) goto err; + } + else + { + if (BN_copy(ret->Z, z) == NULL) goto err; + if (!BN_mod_sqr(n0, z, E->p, ctx)) goto err; + if (!BN_mod_mul(ret->X, ret->X, n0, E->p, ctx)) goto err; + if (!BN_mod_mul(n0, n0, z, E->p, ctx)) goto err; + if (!BN_mod_mul(ret->Y, ret->Y, n0, E->p, ctx)) goto err; + } + +#ifdef TEST + if (!ECP_is_on_ec(ret, E, ctx)) goto err; +#endif + + BN_CTX_end(ctx); + return ret; + +err: + if (ret != NULL) ECP_clear_free(ret); + BN_CTX_end(ctx); + return NULL; + } + + +int ECP_ecp2bin(EC_POINT *P, unsigned char *to, int form) +/* form = 1 ... compressed + 2 ... uncompressed + 3 ... hybrid */ + { + int bytes, bx, by; + + assert (P != NULL); + assert (P->X != NULL && P->Y != NULL && P->Z != NULL); + assert (!P->is_in_mont); + assert (ECP_is_norm(P) || ECP_is_infty(P)); + assert (to != NULL); + assert (form > 0 && form < 4); + + if (BN_is_zero(P->Z)) + { + to[0] = 0; + return 1; + } + + bx = BN_num_bytes(P->X); + if (form == 1 ) bytes = bx + 1; + else + { + by = BN_num_bytes(P->Y); + bytes = (bx > by ? bx : by); + bytes = bytes * 2 + 1; + } + memset(to, 0, bytes); + + switch (form) + { + case 1: to[0] = 2; break; + case 2: to[0] = 4; break; + case 3: to[0] = 6; break; + } + if (form != 2) to[0] += BN_is_bit_set(P->Y, 0); + + + if ((BN_bn2bin(P->X, to + 1)) != bx) return 0; + if (form != 1) + { + if ((BN_bn2bin(P->Y, to + bx + 1)) != by) return 0; + } + + return bytes; + } + + +int ECP_bin2ecp(unsigned char *from, int len, EC_POINT *P, EC *E, BN_CTX *ctx) + { + int y; + BIGNUM *x; + EC_POINT *pp; + + assert (E != NULL); + assert (E->A != NULL && E->B != NULL && E->p != NULL); + assert (!E->is_in_mont); + + assert (ctx != NULL); + assert (from != NULL); + assert (P != NULL); + assert (P->X != NULL && P->Y != NULL && P->Z != NULL); + + if (len == 1 && from[0] != 0) return 0; + + if (len == 0 || len == 1) + { + if (!BN_zero(P->Z)) return 0; + return 1; + } + + switch (from[0]) + { + case 2: + case 3: + y = from[0] - 2; + if ((x = BN_new()) == NULL) return 0; + if (BN_bin2bn(from + 1, len - 1, x) == NULL) return 0; + + pp = ECP_generate(x, NULL, E, ctx); + BN_clear_free(x); + if (pp == NULL) return 0; + + ECP_copy(P, pp); + ECP_clear_free(pp); + + if (BN_is_bit_set(P->Y, 0) != y) + if (!BN_sub(P->Y, E->p, P->Y)) return 0; + break; + + case 4: + case 6: + case 7: + y = (len - 1)/2; + if (BN_bin2bn(from + 1, y, P->X) == NULL) return 0; + if (BN_bin2bn(from + y + 1, y, P->Y) == NULL) return 0; + if (!BN_set_word(P->Z, 1)) return 0; + break; + + default: + assert(0); + + } + + if (!ECP_is_on_ec(P, E, ctx)) return 0; + return 1; + } + + +int ECP_normalize(EC_POINT *P, EC *E, BN_CTX *ctx) + { + BIGNUM *z, *zm; + + assert (P != NULL); + assert (P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert (E != NULL); + assert (E->A != NULL && E->B != NULL && E->p != NULL); + + assert (ctx != NULL); + + if (ECP_is_norm(P)) return 1; + if (ECP_is_infty(P)) return 0; + + if ((zm = BN_mod_inverse(P->Z, P->Z, E->p, ctx)) == NULL) return 0; + + assert(!P->is_in_mont); + + + BN_CTX_start(ctx); + z = BN_CTX_get(ctx); + if (z == NULL) goto err; + + if (!BN_mod_mul(z, zm, zm, E->p, ctx)) goto err; + if (!BN_mod_mul(P->X, P->X, z, E->p, ctx)) goto err; + + if (!BN_mod_mul(z, z, zm, E->p, ctx)) goto err; + if (!BN_mod_mul(P->Y, P->Y, z, E->p, ctx)) goto err; + + if (!BN_one(P->Z)) goto err; + + if (zm != NULL) BN_clear_free(zm); + + BN_CTX_end(ctx); + return 1; + +err: + if (zm != NULL) BN_clear_free(zm); + BN_CTX_end(ctx); + return 0; + } + + +int ECP_copy(EC_POINT *R, EC_POINT *P) + { + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + if (BN_copy(R->X, P->X) == NULL) return 0; + if (BN_copy(R->Y, P->Y) == NULL) return 0; + if (BN_copy(R->Z, P->Z) == NULL) return 0; + R->is_in_mont = P->is_in_mont; + + return 1; + } + + +EC_POINT *ECP_dup(EC_POINT *P) + { + EC_POINT *ret; + + ret = ECP_new(); + if (ret == NULL) return NULL; + + if (!ECP_copy(ret, P)) + { + ECP_clear_free(ret); + return(NULL); + } + + return(ret); + } + + +EC_POINT *ECP_minus(EC_POINT *P, BIGNUM *p) /* mont || non-mont */ + { + EC_POINT *ret; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(p != NULL); + + assert(BN_cmp(P->Y, p) < 0); + + ret = ECP_dup(P); + if (ret == NULL) return NULL; + + if (BN_is_zero(ret->Y)) return ret; + + if (!BN_sub(ret->Y, p, ret->Y)) + { + ECP_clear_free(ret); + return NULL; + } + + return ret; + } + + +#ifdef SIMPLE +int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx) +/* return values: + -2 ... error + 0 ... P = Q + -1 ... P = -Q + 1 ... else +*/ + { + BIGNUM *n0, *n1, *n2, *n3, *n4; + int Pnorm, Qnorm; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(Q != NULL); + assert(Q->X != NULL && Q->Y != NULL && Q->Z != NULL); + + assert(p != NULL); + assert(ctx != NULL); + + assert(!P->is_in_mont); + assert(!Q->is_in_mont); + + if (ECP_is_infty(P) && ECP_is_infty(Q)) return 0; + if (ECP_is_infty(P) || ECP_is_infty(Q)) return 1; + + + Pnorm = (ECP_is_norm(P)); + Qnorm = (ECP_is_norm(Q)); + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + n4 = BN_CTX_get(ctx); + if (n4 == NULL) goto err; + + if (Qnorm) + { + if (BN_copy(n1, P->X) == NULL) goto err; /* L1 = x_p */ + if (BN_copy(n2, P->Y) == NULL) goto err; /* L2 = y_p */ + } + else + { + if (!BN_sqr(n0, Q->Z, ctx)) goto err; + if (!BN_mod_mul(n1, P->X, n0, p, ctx)) goto err; /* L1 = x_p * z_q^2 */ + + if (!BN_mod_mul(n0, n0, Q->Z, p, ctx)) goto err; + if (!BN_mod_mul(n2, P->Y, n0, p, ctx)) goto err; /* L2 = y_p * z_q^3 */ + } + + if (Pnorm) + { + if (BN_copy(n3, Q->X) == NULL) goto err; /* L3 = x_q */ + if (BN_copy(n4, Q->Y) == NULL) goto err; /* L4 = y_q */ + } + else + { + if (!BN_sqr(n0, P->Z, ctx)) goto err; + if (!BN_mod_mul(n3, Q->X, n0, p, ctx)) goto err; /* L3 = x_q * z_p^2 */ + + if (!BN_mod_mul(n0, n0, P->Z, p, ctx)) goto err; + if (!BN_mod_mul(n4, Q->Y, n0, p, ctx)) goto err; /* L4 = y_q * z_p^3 */ + } + + if (!BN_mod_sub(n0, n1, n3, p, ctx)) goto err; /* L5 = L1 - L3 */ + + if (!BN_is_zero(n0)) + { + BN_CTX_end(ctx); + return 1; + } + + if (!BN_mod_sub(n0, n2, n4, p, ctx)) goto err; /* L6 = L2 - L4 */ + + if (!BN_is_zero(n0)) + { + BN_CTX_end(ctx); + return -1; + } + + BN_CTX_end(ctx); + return 0; + +err: + BN_CTX_end(ctx); + return -2; + } + + +int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx) +/* R <- 2P (on E) */ + { + BIGNUM *n0, *n1, *n2, *n3, *p; + int Pnorm, A0; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(ctx != NULL); + + assert(!P->is_in_mont); + + if (ECP_is_infty(P)) + { + if (!BN_zero(R->Z)) return 0; + return 1; + } + + Pnorm = (ECP_is_norm(P)); + A0 = (BN_is_zero(E->A)); + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + if (n3 == NULL) goto err; + + p = E->p; + + /* L1 */ + if (Pnorm || A0) + { + if (!BN_mod_sqr(n1, P->X, p, ctx)) goto err; + if (!BN_mul_word(n1, 3)) goto err; + if (!A0) /* if A = 0: L1 = 3 * x^2 + a * z^4 = 3 * x ^2 */ + if (!BN_mod_add(n1, n1, E->A, p, ctx)) goto err; /* L1 = 3 * x^2 + a * z^4 = 3 * x^2 + a */ + } + else + { + if (!BN_mod_sqr(n0, P->Z, p, ctx)) goto err; + if (!BN_mod_mul(n0, n0, n0, p, ctx)) goto err; + if (!BN_mod_mul(n0, n0, E->A, p, ctx)) goto err; + if (!BN_mod_sqr(n1, P->X, p, ctx)) goto err; + if (!BN_mul_word(n1, 3)) goto err; + if (!BN_mod_add(n1, n1, n0, p, ctx)) goto err; /* L1 = 3 * x^2 + a * z^4 */ + } + + /* Z */ + if (Pnorm) + { + if (BN_copy(n0, P->Y) == NULL) goto err; + } + else + { + if (!BN_mod_mul(n0, P->Y, P->Z, p, ctx)) goto err; + } + if (!BN_lshift1(n0, n0)) goto err; + if (!BN_smod(R->Z, n0, p, ctx)) goto err; /* Z = 2 * y * z */ + + /* L2 */ + if (!BN_mod_sqr(n3, P->Y, p, ctx)) goto err; + if (!BN_mod_mul(n2, P->X, n3, p, ctx)) goto err; + if (!BN_lshift(n2, n2, 2)) goto err; + if (!BN_smod(n2, n2, p, ctx)) goto err; /* L2 = 4 * x * y^2 */ + + /* X */ + if (!BN_lshift1(n0, n2)) goto err; + if (!BN_mod_sqr(R->X, n1, p, ctx)) goto err; + if (!BN_mod_sub(R->X, R->X, n0, p, ctx)) goto err; /* X = L1^2 - 2 * L2 */ + + /* L3 */ + if (!BN_mod_sqr(n0, n3, p, ctx)) goto err; + if (!BN_lshift(n3, n0, 3)) goto err; + if (!BN_smod(n3, n3, p, ctx)) goto err; /* L3 = 8 * y^4 */ + + /* Y */ + if (!BN_mod_sub(n0, n2, R->X, p, ctx)) goto err; + if (!BN_mod_mul(n0, n1, n0, p, ctx)) goto err; + if (!BN_mod_sub(R->Y, n0, n3, p, ctx)) goto err; /* Y = L1 * (L2 - X) - L3 */ + + +#ifdef TEST + if (!ECP_is_on_ec(R, E, ctx)) return 0; +#endif + + BN_CTX_end(ctx); + return 1; + +err: + BN_CTX_end(ctx); + return 0; + } + + +int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx) +/* R <- P + Q (on E) */ + { + BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6, *p; + int Pnorm, Qnorm; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(Q != NULL); + assert(Q->X != NULL && Q->Y != NULL && Q->Z != NULL); + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + assert(!BN_is_zero(E->h));; + + assert(ctx != NULL); + + assert(!P->is_in_mont); + assert(!Q->is_in_mont); + + if (P == Q) return ECP_double(R, P, E, ctx); + + if (ECP_is_infty(P)) return ECP_copy(R, Q); + if (ECP_is_infty(Q)) return ECP_copy(R, P); + + Pnorm = (ECP_is_norm(P)); + Qnorm = (ECP_is_norm(Q)); + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + n4 = BN_CTX_get(ctx); + n5 = BN_CTX_get(ctx); + n6 = BN_CTX_get(ctx); + if (n6 == NULL) goto err; + + p = E->p; + + /* L1; L2 */ + if (Qnorm) + { + if (BN_copy(n1, P->X) == NULL) goto err; /* L1 = x_p */ + if (BN_copy(n2, P->Y) == NULL) goto err; /* L2 = y_p */ + } + else + { + if (!BN_sqr(n0, Q->Z, ctx)) goto err; + if (!BN_mod_mul(n1, P->X, n0, p, ctx)) goto err; /* L1 = x_p * z_q^2 */ + + if (!BN_mod_mul(n0, n0, Q->Z, p, ctx)) goto err; + if (!BN_mod_mul(n2, P->Y, n0, p, ctx)) goto err; /* L2 = y_p * z_q^3 */ + } + + /* L3; L4 */ + if (Pnorm) + { + if (BN_copy(n3, Q->X) == NULL) goto err; /* L3 = x_q */ + if (BN_copy(n4, Q->Y) == NULL) goto err; /* L4 = y_q */ + } + else + { + if (!BN_sqr(n0, P->Z, ctx)) goto err; + if (!BN_mod_mul(n3, Q->X, n0, p, ctx)) goto err; /* L3 = x_q * z_p^2 */ + + if (!BN_mod_mul(n0, n0, P->Z, p, ctx)) goto err; + if (!BN_mod_mul(n4, Q->Y, n0, p, ctx)) goto err; /* L4 = y_q * z_p^3 */ + } + + /* L5; L6 */ + if (!BN_mod_sub(n5, n1, n3, p, ctx)) goto err; /* L5 = L1 - L3 */ + if (!BN_mod_sub(n6, n2, n4, p, ctx)) goto err; /* L6 = L2 - L4 */ + + /* pata */ + if (BN_is_zero(n5)) + { + if (BN_is_zero(n6)) /* P = Q => P + Q = 2P */ + { + BN_CTX_end(ctx); + return ECP_double(R, P, E, ctx); + } + else /* P = -Q => P + Q = \infty */ + { + BN_CTX_end(ctx); + if (!BN_zero(R->Z)) return 0; + return 1; + } + } + + /* L7; L8 */ + if (!BN_mod_add(n1, n1, n3, p, ctx)) goto err; /* L7 = L1 + L3 */ + if (!BN_mod_add(n2, n2, n4, p, ctx)) goto err; /* L8 = L2 + L4 */ + + /* Z */ + if (Pnorm) + { + if (BN_copy(n0, Q->Z) == NULL) goto err; + } + else + { + if (!BN_mod_mul(n0, P->Z, Q->Z, p, ctx)) goto err; + } + if (!BN_mod_mul(R->Z, n0, n5, p, ctx)) goto err; /* Z = z_p * z_q * L_5 */ + + /* X */ + if (!BN_mod_sqr(n0, n6, p, ctx)) goto err; + if (!BN_mod_sqr(n4, n5, p, ctx)) goto err; + if (!BN_mod_mul(n3, n1, n4, p, ctx)) goto err; + if (!BN_mod_sub(R->X, n0, n3, p, ctx)) goto err; /* X = L6^2 - L5^2 * L7 */ + + /* L9 */ + if (!BN_lshift1(n0, R->X)) goto err; + if (!BN_mod_sub(n0, n3, n0, p, ctx)) goto err; /* L9 = L5^2 * L7 - 2X */ + + /* Y */ + if (!BN_mod_mul(n0, n0, n6, p, ctx)) goto err; + if (!BN_mod_mul(n5, n4, n5, p, ctx)) goto err; + if (!BN_mod_mul(n1, n2, n5, p, ctx)) goto err; + if (!BN_mod_sub(n0, n0, n1, p, ctx)) goto err; + if (!BN_mod_mul(R->Y, n0, E->h, p, ctx)) goto err; /* Y = (L6 * L9 - L8 * L5^3) / 2 */ + + + +#ifdef TEST + if (!ECP_is_on_ec(R, E, ctx)) return 0; +#endif + + BN_CTX_end(ctx); + return 1; + +err: + BN_CTX_end(cxt); + return 0; + } + + +ECP_PRECOMPUTE *ECP_precompute(int r, EC_POINT *P, EC *E, BN_CTX *ctx) + { + ECP_PRECOMPUTE *ret; + EC_POINT *P2; + int i, max; + + assert(r > 2); + assert(!P->is_in_mont); + assert(!E->is_in_mont); + + ret=(ECP_PRECOMPUTE *)malloc(sizeof(ECP_PRECOMPUTE)); + if (ret == NULL) return NULL; + + max = 1; + max <<= (r - 1); + + ret->r = 0; + + ret->Pi=(EC_POINT **)malloc(sizeof(EC_POINT *) * max); + if (ret->Pi == NULL) goto err; + + + /* P2 = [2]P */ + if ((P2 = ECP_new()) == NULL) goto err; + if (!ECP_double(P2, P, E, ctx)) goto err; + + /* P_0 = P */ + if((ret->Pi[0] = ECP_dup(P)) == NULL) goto err; + + + /* P_i = P_(i-1) + P2 */ + for (i = 1; i < max; i++) + { + if ((ret->Pi[i] = ECP_new()) == NULL) goto err; + + if (!ECP_add(ret->Pi[i], P2, ret->Pi[i - 1], E, ctx)) goto err; + } + + ret->r = r; + ECP_clear_free(P2); + + return ret; + +err: + ECP_clear_free(P2); + ECP_clear_free_precompute(ret); + return NULL; + } + + +int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ctx) +/* R = [k]P */ + { + int j; + int t, nextw, h, r; + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(k != NULL); + assert(!k->neg); + + assert(ctx != NULL); + assert(prec != NULL); + + assert(!E->is_in_mont); + + if (BN_is_zero(k)) + { + if (!BN_zero(R->Z)) return 0; + R->is_in_mont = 0; + return 1; + } + + + j = BN_num_bits(k); + j--; + + r = prec->r; + + if (!BN_zero(R->Z)) return 0; + R->is_in_mont = 0; + + while(j >= 0) + { + if (!BN_is_bit_set(k, j)) + { + if (!ECP_double(R, R, E, ctx)) return 0; + j--; + } + else + { + nextw = j - r; + if (nextw < -1) nextw = -1; + t = nextw + 1; + while(!BN_is_bit_set(k, t)) + t++; + + if (!ECP_double(R, R, E, ctx)) return 0; + + j--; + if (j < t) h = 0; + else + { + h = 1; + for(; j > t; j--) + { + h <<= 1; + if (BN_is_bit_set(k, j)) h++; + if (!ECP_double(R, R, E, ctx)) return 0; + } + if (!ECP_double(R, R, E, ctx)) return 0; + j--; + } + + if (!ECP_add(R, R, prec->Pi[h], E, ctx)) return 0; + + for (; j > nextw; j--) + { + if (!ECP_double(R, R, E, ctx)) return 0; + } + + } + } + + return 1; + } + +#endif /* SIMPLE */ + + +#ifdef MONTGOMERY + +int ECP_to_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx) + { + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (P->is_in_mont) return 1; + + if (!BN_lshift(P->X, P->X, mont->R_num_bits)) return 0; + if (!BN_mod(P->X, P->X, mont->p, ctx)) return 0; + + if (!BN_lshift(P->Y, P->Y, mont->R_num_bits)) return 0; + if (!BN_mod(P->Y, P->Y, mont->p, ctx)) return 0; + + if (!BN_lshift(P->Z, P->Z, mont->R_num_bits)) return 0; + if (!BN_mod(P->Z, P->Z, mont->p, ctx)) return 0; + + P->is_in_mont = 1; + return 1; + } + + +int ECP_from_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx) + { + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (!P->is_in_mont) return 1; + + if (!BN_mont_red(P->X, mont)) return 0; + if (!BN_mont_red(P->Y, mont)) return 0; + if (!BN_mont_red(P->Z, mont)) return 0; + + P->is_in_mont = 0; + return 1; + } + + +int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx) +/* return values: + -2 ... error + 0 ... P = Q + -1 ... P = -Q + 1 ... else +*/ + { + BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *p; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(Q != NULL); + assert(Q->X != NULL && Q->Y != NULL && Q->Z != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + assert(ctx != NULL); + + if (!P->is_in_mont) + if (!ECP_to_montgomery(P, mont, ctx)) return 0; + + if (!Q->is_in_mont) + if (!ECP_to_montgomery(Q, mont, ctx)) return 0; + + + if (ECP_is_infty(P) && ECP_is_infty(Q)) return 0; + if (ECP_is_infty(P) || ECP_is_infty(Q)) return 1; + + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + n4 = BN_CTX_get(ctx); + n5 = BN_CTX_get(ctx); + if (n5 == 0) goto err; + + + p = mont->p; + + + if (!BN_mont_mod_mul(n5, Q->Z, Q->Z, mont)) goto err; + if (!BN_mont_mod_mul(n1, P->X, n5, mont)) goto err; /* L1 = x_p * z_q^2 */ + + if (!BN_mont_mod_mul(n0, n5, Q->Z, mont)) goto err; + if (!BN_mont_mod_mul(n2, P->Y, n0, mont)) goto err; /* L2 = y_p * z_q^3 */ + + if (!BN_mont_mod_mul(n5, P->Z, P->Z, mont)) goto err; + if (!BN_mont_mod_mul(n3, Q->X, n5, mont)) goto err; /* L3 = x_q * z_p^2 */ + + if (!BN_mont_mod_mul(n0, n5, P->Z, mont)) goto err; + if (!BN_mont_mod_mul(n4, Q->Y, n0, mont)) goto err; /* L4 = y_q * z_p^3 */ + + + if (!BN_mod_sub_quick(n0, n1, n3, p)) goto err; /* L5 = L1 - L3 */ + + if (!BN_is_zero(n0)) + { + BN_CTX_end(ctx); + return 1; + } + + if (!BN_mod_sub_quick(n0, n2, n4, p)) goto err; /* L6 = L2 - L4 */ + + if (!BN_is_zero(n0)) + { + BN_CTX_end(ctx); + return -1; + } + + BN_CTX_end(ctx); + return 0; + +err: + BN_CTX_end(ctx); + return -2; + } + + +int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +/* R <- 2P (on E) */ + { + BIGNUM *n0, *n1, *n2, *n3, *p; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(ctx != NULL); + + if (!P->is_in_mont) + if (!ECP_to_montgomery(P, mont, ctx)) return 0; + + if (!E->is_in_mont) + if (!EC_to_montgomery(E, mont, ctx)) return 0; + + R->is_in_mont = 1; + + if (ECP_is_infty(P)) + { + if (!BN_zero(R->Z)) return 0; + return 1; + } + + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + if (n3 == 0) goto err; + + p = E->p; + + /* L1 */ + if (!BN_mont_mod_mul(n0, P->Z, P->Z, mont)) goto err; + if (!BN_mont_mod_mul(n2, n0, n0, mont)) goto err; + if (!BN_mont_mod_mul(n0, n2, E->A, mont)) goto err; + if (!BN_mont_mod_mul(n1, P->X, P->X, mont)) goto err; + if (!BN_mod_lshift1_quick(n2, n1, p)) goto err; + if (!BN_mod_add_quick(n1, n1, n2, p)) goto err; + if (!BN_mod_add_quick(n1, n1, n0, p)) goto err; /* L1 = 3 * x^2 + a * z^4 */ + + /* Z */ + if (!BN_mont_mod_mul(n0, P->Y, P->Z, mont)) goto err; + if (!BN_mod_lshift1_quick(R->Z, n0, p)) goto err; /* Z = 2 * y * z */ + + /* L2 */ + if (!BN_mont_mod_mul(n3, P->Y, P->Y, mont)) goto err; + if (!BN_mont_mod_mul(n2, P->X, n3, mont)) goto err; + if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err; /* L2 = 4 * x * y^2 */ + + /* X */ + if (!BN_mod_lshift1_quick(n0, n2, p)) goto err; + if (!BN_mont_mod_mul(R->X, n1, n1, mont)) goto err; + if (!BN_mod_sub_quick(R->X, R->X, n0, p)) goto err; /* X = L1^2 - 2 * L2 */ + + /* L3 */ + if (!BN_mont_mod_mul(n0, n3, n3, mont)) goto err; + if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err; /* L3 = 8 * y^4 */ + + + /* Y */ + if (!BN_mod_sub_quick(n2, n2, R->X, p)) goto err; + if (!BN_mont_mod_mul(n0, n1, n2, mont)) goto err; + if (!BN_mod_sub_quick(R->Y, n0, n3, p)) goto err; /* Y = L1 * (L2 - X) - L3 */ + + BN_CTX_end(ctx); + return 1; + +err: + BN_CTX_end(ctx); + return 0; + } + + +int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +/* R <- P + Q (on E) */ + { + BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6, *p; + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(Q != NULL); + assert(Q->X != NULL && Q->Y != NULL && Q->Z != NULL); + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + assert(!BN_is_zero(E->h));; + + assert(ctx != NULL); + + if (!Q->is_in_mont) + if (!ECP_to_montgomery(Q, mont, ctx)) return 0; + + if (!P->is_in_mont) + if (!ECP_to_montgomery(P, mont, ctx)) return 0; + + if (!E->is_in_mont) + if (!EC_to_montgomery(E, mont, ctx)) return 0; + + if (P == Q) return ECP_mont_double(R, P, E, mont, ctx); + + if (ECP_is_infty(P)) return ECP_copy(R, Q); + if (ECP_is_infty(Q)) return ECP_copy(R, P); + + + BN_CTX_start(ctx); + n0 = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + n2 = BN_CTX_get(ctx); + n3 = BN_CTX_get(ctx); + n4 = BN_CTX_get(ctx); + n5 = BN_CTX_get(ctx); + n6 = BN_CTX_get(ctx); + if (n6 == NULL) goto err; + + + p = E->p; + + R->is_in_mont = 1; + + /* L1; L2 */ + if (!BN_mont_mod_mul(n6, Q->Z, Q->Z, mont)) goto err; + if (!BN_mont_mod_mul(n1, P->X, n6, mont)) goto err; /* L1 = x_p * z_q^2 */ + + if (!BN_mont_mod_mul(n0, n6, Q->Z, mont)) goto err; + if (!BN_mont_mod_mul(n2, P->Y, n0, mont)) goto err; /* L2 = y_p * z_q^3 */ + + + /* L3; L4 */ + if (!BN_mont_mod_mul(n6, P->Z, P->Z, mont)) goto err; + if (!BN_mont_mod_mul(n3, Q->X, n6, mont)) goto err; /* L3 = x_q * z_p^2 */ + + if (!BN_mont_mod_mul(n0, n6, P->Z, mont)) goto err; + if (!BN_mont_mod_mul(n4, Q->Y, n0, mont)) goto err; /* L4 = y_q * z_p^3 */ + + + /* L5; L6 */ + if (!BN_mod_sub_quick(n5, n1, n3, p)) goto err; /* L5 = L1 - L3 */ + if (!BN_mod_sub_quick(n6, n2, n4, p)) goto err; /*L6 = L2 - L4 */ + + + /* pata */ + if (BN_is_zero(n5)) + { + if (BN_is_zero(n6)) /* P = Q => P + Q = 2P */ + { + BN_CTX_end(ctx); + return ECP_mont_double(R, P, E, mont, ctx); + } + else /* P = -Q => P + Q = \infty */ + { + BN_CTX_end(ctx); + if (!BN_zero(R->Z)) return 0; + return 1; + } + } + + /* L7; L8 */ + if (!BN_mod_add_quick(n1, n1, n3, p)) goto err; /* L7 = L1 + L3 */ + if (!BN_mod_add_quick(n2, n2, n4, p)) goto err; /* L8 = L2 + L4 */ + + + /* Z */ + if (!BN_mont_mod_mul(n0, P->Z, Q->Z, mont)) goto err; + if (!BN_mont_mod_mul(R->Z, n0, n5, mont)) goto err; /* Z = z_p * z_q * L_5 */ + + + /* X */ + if (!BN_mont_mod_mul(n0, n6, n6, mont)) goto err; + if (!BN_mont_mod_mul(n4, n5, n5, mont)) goto err; + if (!BN_mont_mod_mul(n3, n1, n4, mont)) goto err; + if (!BN_mod_sub_quick(R->X, n0, n3, p)) goto err; /* X = L6^2 - L5^2 * L7 */ + + + /* L9 */ + if (!BN_mod_lshift1_quick(n0, R->X, p)) goto err; + if (!BN_mod_sub_quick(n3, n3, n0, p)) goto err; /* L9 = L5^2 * L7 - 2X */ + + + /* Y */ + if (!BN_mont_mod_mul(n0, n3, n6, mont)) goto err; + if (!BN_mont_mod_mul(n6, n4, n5, mont)) goto err; + if (!BN_mont_mod_mul(n1, n2, n6, mont)) goto err; + if (!BN_mod_sub_quick(n0, n0, n1, p)) goto err; + if (!BN_mont_mod_mul(R->Y, n0, E->h, mont)) goto err; /* Y = (L6 * L9 - L8 * L5^3) / 2 */ + + + BN_CTX_end(ctx); + return 1; + +err: + BN_CTX_end(ctx); + return 0; + } + + +ECP_PRECOMPUTE *ECP_mont_precompute(int r, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) + { + ECP_PRECOMPUTE *ret; + EC_POINT *P2; + int i, max; + + assert(r > 2); + assert(r < sizeof(unsigned int) * 8 - 1); + + assert(mont != NULL); + assert(mont->p != NULL); + + if (!P->is_in_mont) + if (!ECP_to_montgomery(P, mont, ctx)) return 0; + + if (!E->is_in_mont) + if (!EC_to_montgomery(E, mont, ctx)) return 0; + + ret=(ECP_PRECOMPUTE *)malloc(sizeof(ECP_PRECOMPUTE)); + if (ret == NULL) return NULL; + + max = 1; + max <<= (r - 1); + + ret->r = 0; + + ret->Pi=(EC_POINT **)malloc(sizeof(EC_POINT *) * max); + if (ret->Pi == NULL) goto err; + + + /* P2 = [2]P */ + if ((P2 = ECP_new()) == NULL) goto err; + if (!ECP_mont_double(P2, P, E, mont, ctx)) goto err; + + /* P_0 = P */ + if((ret->Pi[0] = ECP_dup(P)) == NULL) goto err; + + + /* P_i = P_(i-1) + P2 */ + for (i = 1; i < max; i++) + { + if ((ret->Pi[i] = ECP_new()) == NULL) goto err; + if (!ECP_mont_add(ret->Pi[i], P2, ret->Pi[i - 1], E, mont, ctx)) goto err; + } + + ret->r = r; + ECP_clear_free(P2); + + return ret; + +err: + ECP_clear_free(P2); + ECP_clear_free_precompute(ret); + return NULL; + } + + +int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +/* R = [k]P P = prec->Pi[0]*/ + { + int j; + int t, nextw, h, r; + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(k != NULL); + assert(!k->neg); + + assert(ctx != NULL); + assert(prec != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + if (!E->is_in_mont) + if (!EC_to_montgomery(E, mont, ctx)) return 0; + + + if (BN_is_zero(k)) + { + if (!BN_zero(R->Z)) return 0; + R->is_in_mont = 1; + return 1; + } + + j = BN_num_bits(k); + j--; + + r = prec->r; + + if (!BN_zero(R->Z)) return 0; + R->is_in_mont = 1; + + while(j >= 0) + { + if (!BN_is_bit_set(k, j)) + { + if (!ECP_mont_double(R, R, E, mont, ctx)) return 0; + j--; + } + else + { + nextw = j - r; + if (nextw < -1) nextw = -1; + t = nextw + 1; + while(!BN_is_bit_set(k, t)) + t++; + + if (!ECP_mont_double(R, R, E, mont, ctx)) return 0; + + j--; + if (j < t) h = 0; + else + { + h = 1; + for(; j > t; j--) + { + h <<= 1; + if (BN_is_bit_set(k, j)) h++; + if (!ECP_mont_double(R, R, E, mont, ctx)) return 0; + } + if (!ECP_mont_double(R, R, E, mont, ctx)) return 0; + j--; + } + + if (!ECP_mont_add(R, R, prec->Pi[h], E, mont, ctx)) return 0; + + for (; j > nextw; j--) + { + if (!ECP_mont_double(R, R, E, mont, ctx)) return 0; + } + + } + } + + return 1; + } + + +int ECP_mont_multiply2(EC_POINT *R, BIGNUM *k, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx) +/* R = [k]P */ + { + int j, hj, kj; + BIGNUM *h; + EC_POINT *mP; + + assert(R != NULL); + assert(R->X != NULL && R->Y != NULL && R->Z != NULL); + + assert(P != NULL); + assert(P->X != NULL && P->Y != NULL && P->Z != NULL); + + assert(E != NULL); + assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL); + + assert(k != NULL); + assert(!k->neg); + + assert(ctx != NULL); + + assert(mont != NULL); + assert(mont->p != NULL); + + if (!E->is_in_mont) + if (!EC_to_montgomery(E, mont, ctx)) return 0; + + if (!P->is_in_mont) + if (!ECP_to_montgomery(P, mont, ctx)) return 0; + + + if (BN_is_zero(k)) + { + if (!BN_zero(R->Z)) return 0; + R->is_in_mont = 1; + return 1; + } + + if ((h = BN_dup(k)) == NULL) return 0; + + if (!BN_lshift1(h, h)) goto err; + if (!BN_add(h, h, k)) goto err; + + if (!ECP_copy(R, P)) goto err; + if ((mP = ECP_mont_minus(P, mont)) == NULL) goto err; + + for(j = BN_num_bits(h) - 2; j > 0; j--) + { + if (!ECP_mont_double(R, R, E, mont, ctx)) goto err; + kj = BN_is_bit_set(k, j); + hj = BN_is_bit_set(h, j); + if (hj == 1 && kj == 0) + if (!ECP_mont_add(R, R, P, E, mont, ctx)) goto err; + if (hj == 0 && kj == 1) + if (!ECP_mont_add(R, R, mP, E, mont, ctx)) goto err; + } + + if (h != NULL) BN_free(h); + if (mP != NULL) ECP_clear_free(mP); + return 1; + +err: + if (h != NULL) BN_free(h); + if (mP != NULL) ECP_clear_free(mP); + return 0; + } + +#endif /* MONTGOMERY */ diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 2823cd958..90c12632f 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -80,6 +80,25 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +engine_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +engine_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +engine_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h +engine_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +engine_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h +engine_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +engine_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +engine_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +engine_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +engine_all.o: ../../include/openssl/objects.h +engine_all.o: ../../include/openssl/opensslconf.h +engine_all.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +engine_all.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h +engine_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h +engine_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +engine_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +engine_all.o: ../../include/openssl/symhacks.h engine_int.h engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h @@ -94,8 +113,7 @@ engine_err.o: ../../include/openssl/objects.h engine_err.o: ../../include/openssl/opensslconf.h engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -engine_err.o: ../../include/openssl/rc5.h -engine_err.o: ../../include/openssl/rijndael-alg-fst.h +engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h engine_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -115,8 +133,7 @@ engine_lib.o: ../../include/openssl/objects.h engine_lib.o: ../../include/openssl/opensslconf.h engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -engine_lib.o: ../../include/openssl/rc5.h -engine_lib.o: ../../include/openssl/rijndael-alg-fst.h +engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h engine_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -136,8 +153,7 @@ engine_list.o: ../../include/openssl/objects.h engine_list.o: ../../include/openssl/opensslconf.h engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -engine_list.o: ../../include/openssl/rc5.h -engine_list.o: ../../include/openssl/rijndael-alg-fst.h +engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h engine_list.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -158,8 +174,7 @@ engine_openssl.o: ../../include/openssl/objects.h engine_openssl.o: ../../include/openssl/opensslconf.h engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -engine_openssl.o: ../../include/openssl/rc5.h -engine_openssl.o: ../../include/openssl/rijndael-alg-fst.h +engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h engine_openssl.o: ../../include/openssl/rijndael.h engine_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h engine_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -180,8 +195,7 @@ hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h hw_atalla.o: ../../include/openssl/opensslconf.h hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hw_atalla.o: ../../include/openssl/rc5.h -hw_atalla.o: ../../include/openssl/rijndael-alg-fst.h +hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h hw_atalla.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -202,8 +216,7 @@ hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h hw_cswift.o: ../../include/openssl/opensslconf.h hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hw_cswift.o: ../../include/openssl/rc5.h -hw_cswift.o: ../../include/openssl/rijndael-alg-fst.h +hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h hw_cswift.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -226,13 +239,12 @@ hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -hw_ncipher.o: ../../include/openssl/rijndael-alg-fst.h -hw_ncipher.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h -hw_ncipher.o: vendor_defns/hwcryptohook.h +hw_ncipher.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +hw_ncipher.o: ../cryptlib.h engine_int.h vendor_defns/hwcryptohook.h hw_nuron.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h hw_nuron.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -248,8 +260,7 @@ hw_nuron.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h hw_nuron.o: ../../include/openssl/opensslconf.h hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h hw_nuron.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hw_nuron.o: ../../include/openssl/rc5.h -hw_nuron.o: ../../include/openssl/rijndael-alg-fst.h +hw_nuron.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h hw_nuron.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h hw_nuron.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h hw_nuron.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 25e6c240b..d57cdab59 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -89,6 +89,9 @@ extern "C" { * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ #define ENGINE_CTRL_SET_LOGSTREAM 1 #define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any + handles/connections etc. */ + /* Flags specific to the nCipher "chil" engine */ #define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 /* Depending on the value of the (long)i argument, this sets or @@ -105,12 +108,12 @@ extern "C" { /* mod_exp operation, calculates; r = a ^ p mod m * NB: ctx can be NULL, but if supplied, the implementation may use * it if it wishes. */ -typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +typedef int (*BN_MOD_EXP)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); /* private key operation for RSA, provided seperately in case other * RSA implementations wish to use it. */ -typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); @@ -178,9 +181,9 @@ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); -int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth); -int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth); -int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth); int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp); int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt); @@ -195,9 +198,9 @@ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); * reference may be problematic! */ const char *ENGINE_get_id(ENGINE *e); const char *ENGINE_get_name(ENGINE *e); -RSA_METHOD *ENGINE_get_RSA(ENGINE *e); -DSA_METHOD *ENGINE_get_DSA(ENGINE *e); -DH_METHOD *ENGINE_get_DH(ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(ENGINE *e); +const DH_METHOD *ENGINE_get_DH(ENGINE *e); RAND_METHOD *ENGINE_get_RAND(ENGINE *e); BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e); BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e); diff --git a/crypto/engine/engine_all.c b/crypto/engine/engine_all.c index 28da0c6d1..0860b1e34 100644 --- a/crypto/engine/engine_all.c +++ b/crypto/engine/engine_all.c @@ -56,12 +56,17 @@ * */ +#include <openssl/err.h> #include <openssl/engine.h> #include "engine_int.h" + static int engine_add(ENGINE *e) { if (!ENGINE_by_id(ENGINE_get_id(e))) + { + (void)ERR_get_error(); return ENGINE_add(e); + } return 1; } diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h index 9c7471beb..b04067992 100644 --- a/crypto/engine/engine_int.h +++ b/crypto/engine/engine_int.h @@ -82,9 +82,9 @@ struct engine_st { const char *id; const char *name; - RSA_METHOD *rsa_meth; - DSA_METHOD *dsa_meth; - DH_METHOD *dh_meth; + const RSA_METHOD *rsa_meth; + const DSA_METHOD *dsa_meth; + const DH_METHOD *dh_meth; RAND_METHOD *rand_meth; BN_MOD_EXP bn_mod_exp; BN_MOD_EXP_CRT bn_mod_exp_crt; diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c index 1df07af03..48c4fb10c 100644 --- a/crypto/engine/engine_lib.c +++ b/crypto/engine/engine_lib.c @@ -286,8 +286,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, return pkey; } -/* Initialise a engine type for use (or up its functional reference count - * if it's already in use). */ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { if(e == NULL) diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c index 799ea13b0..8be1cb6d4 100644 --- a/crypto/engine/engine_list.c +++ b/crypto/engine/engine_list.c @@ -430,7 +430,7 @@ int ENGINE_set_name(ENGINE *e, const char *name) return 1; } -int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth) +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) { if((e == NULL) || (rsa_meth == NULL)) { @@ -442,7 +442,7 @@ int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth) return 1; } -int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth) +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) { if((e == NULL) || (dsa_meth == NULL)) { @@ -454,7 +454,7 @@ int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth) return 1; } -int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth) +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) { if((e == NULL) || (dh_meth == NULL)) { @@ -560,7 +560,7 @@ const char *ENGINE_get_name(ENGINE *e) return e->name; } -RSA_METHOD *ENGINE_get_RSA(ENGINE *e) +const RSA_METHOD *ENGINE_get_RSA(ENGINE *e) { if(e == NULL) { @@ -571,7 +571,7 @@ RSA_METHOD *ENGINE_get_RSA(ENGINE *e) return e->rsa_meth; } -DSA_METHOD *ENGINE_get_DSA(ENGINE *e) +const DSA_METHOD *ENGINE_get_DSA(ENGINE *e) { if(e == NULL) { @@ -582,7 +582,7 @@ DSA_METHOD *ENGINE_get_DSA(ENGINE *e) return e->dsa_meth; } -DH_METHOD *ENGINE_get_DH(ENGINE *e) +const DH_METHOD *ENGINE_get_DH(ENGINE *e) { if(e == NULL) { diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index 9636f5116..a6292a0af 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -72,7 +72,7 @@ /* This is the only function we need to implement as OpenSSL * doesn't have a native CRT mod_exp. Perhaps this should be * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */ -static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); @@ -112,7 +112,7 @@ ENGINE *ENGINE_openssl() } /* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */ -static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) { diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index e53642048..4bea8e8cc 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -76,13 +76,13 @@ static int atalla_init(void); static int atalla_finish(void); /* BIGNUM stuff */ -static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); /* RSA stuff */ -static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa); +static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* DSA stuff */ @@ -95,7 +95,8 @@ static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ -static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -170,9 +171,9 @@ static ENGINE engine_atalla = * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_atalla() { - RSA_METHOD *meth1; - DSA_METHOD *meth2; - DH_METHOD *meth3; + const RSA_METHOD *meth1; + const DSA_METHOD *meth2; + const DH_METHOD *meth3; /* We know that the "PKCS1_SSLeay()" functions hook properly * to the atalla-specific mod_exp and mod_exp_crt so we use @@ -215,7 +216,7 @@ static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL; static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL; /* (de)initialisation functions. */ -static int atalla_init() +static int atalla_init(void) { tfnASI_GetHardwareConfig *p1; tfnASI_RSAPrivateKeyOpFn *p2; @@ -274,7 +275,7 @@ err: return 0; } -static int atalla_finish() +static int atalla_finish(void) { if(atalla_dso == NULL) { @@ -293,7 +294,7 @@ static int atalla_finish() return 1; } -static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { /* I need somewhere to store temporary serialised values for @@ -366,7 +367,7 @@ err: return to_return; } -static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BN_CTX *ctx = NULL; int to_return = 0; @@ -426,14 +427,15 @@ static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return atalla_mod_exp(r, a, p, m, ctx); } /* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return atalla_mod_exp(r, a, p, m, ctx); diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 5747973c7..ebb0ab0f7 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -88,16 +88,16 @@ static int cswift_init(void); static int cswift_finish(void); /* BIGNUM stuff */ -static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); -static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); /* RSA stuff */ -static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa); +static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* DSA stuff */ @@ -107,7 +107,8 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ -static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -182,8 +183,8 @@ static ENGINE engine_cswift = * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_cswift() { - RSA_METHOD *meth1; - DH_METHOD *meth2; + const RSA_METHOD *meth1; + const DH_METHOD *meth2; /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use @@ -250,7 +251,7 @@ static void release_context(SW_CONTEXT_HANDLE hac) } /* (de)initialisation functions. */ -static int cswift_init() +static int cswift_init(void) { SW_CONTEXT_HANDLE hac; t_swAcquireAccContext *p1; @@ -307,7 +308,7 @@ err: return 0; } -static int cswift_finish() +static int cswift_finish(void) { if(cswift_dso == NULL) { @@ -328,7 +329,7 @@ static int cswift_finish() } /* Un petit mod_exp */ -static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { /* I need somewhere to store temporary serialised values for @@ -428,7 +429,7 @@ err: } /* Un petit mod_exp chinois */ -static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) { @@ -541,7 +542,7 @@ err: return to_return; } -static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BN_CTX *ctx; int to_return = 0; @@ -562,7 +563,7 @@ err: } /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return cswift_mod_exp(r, a, p, m, ctx); @@ -796,7 +797,8 @@ err: } /* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return cswift_mod_exp(r, a, p, m, ctx); diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index f6b06e468..0057ca966 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -93,19 +93,20 @@ static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); /* BIGNUM stuff */ -static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); /* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa); +static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ -static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* RAND stuff */ static int hwcrhk_rand_bytes(unsigned char *buf, int num); @@ -291,8 +292,8 @@ static HWCryptoHook_InitInfo hwcrhk_globals = { * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_ncipher() { - RSA_METHOD *meth1; - DH_METHOD *meth2; + const RSA_METHOD *meth1; + const DH_METHOD *meth2; /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use @@ -375,7 +376,7 @@ static void release_context(HWCryptoHook_ContextHandle hac) } /* (de)initialisation functions. */ -static int hwcrhk_init() +static int hwcrhk_init(void) { HWCryptoHook_Init_t *p1; HWCryptoHook_Finish_t *p2; @@ -474,7 +475,7 @@ err: return 0; } -static int hwcrhk_finish() +static int hwcrhk_finish(void) { int to_return = 1; if(hwcrhk_dso == NULL) @@ -681,7 +682,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase) } /* A little mod_exp */ -static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { char tempbuf[1024]; @@ -737,7 +738,7 @@ err: return to_return; } -static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa) +static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; @@ -853,14 +854,15 @@ err: } /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); } /* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c index 6887106e7..504febc1a 100644 --- a/crypto/engine/hw_nuron.c +++ b/crypto/engine/hw_nuron.c @@ -67,12 +67,12 @@ #ifndef NO_HW #ifndef NO_HW_NURON -typedef int tfnModExp(BIGNUM *r,BIGNUM *a,const BIGNUM *p,const BIGNUM *m); +typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m); static tfnModExp *pfnModExp = NULL; static DSO *pvDSOHandle = NULL; -static int nuron_init() +static int nuron_init(void) { if(pvDSOHandle != NULL) { @@ -98,7 +98,7 @@ static int nuron_init() return 1; } -static int nuron_finish() +static int nuron_finish(void) { if(pvDSOHandle == NULL) { @@ -115,7 +115,7 @@ static int nuron_finish() return 1; } -static int nuron_mod_exp(BIGNUM *r,BIGNUM *a,const BIGNUM *p, +static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p, const BIGNUM *m,BN_CTX *ctx) { if(!pvDSOHandle) @@ -126,7 +126,7 @@ static int nuron_mod_exp(BIGNUM *r,BIGNUM *a,const BIGNUM *p, return pfnModExp(r,a,p,m); } -static int nuron_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL); } @@ -170,15 +170,16 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } /* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int nuron_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return nuron_mod_exp(r, a, p, m, ctx); } /* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int nuron_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return nuron_mod_exp(r, a, p, m, ctx); } @@ -250,9 +251,9 @@ static ENGINE engine_nuron = * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_nuron() { - RSA_METHOD *meth1; - DSA_METHOD *meth2; - DH_METHOD *meth3; + const RSA_METHOD *meth1; + const DSA_METHOD *meth2; + const DH_METHOD *meth3; /* We know that the "PKCS1_SSLeay()" functions hook properly * to the nuron-specific mod_exp and mod_exp_crt so we use diff --git a/crypto/engine/vendor_defns/cswift.h b/crypto/engine/vendor_defns/cswift.h index 0af14a1a9..517d1a850 100644 --- a/crypto/engine/vendor_defns/cswift.h +++ b/crypto/engine/vendor_defns/cswift.h @@ -156,6 +156,27 @@ typedef struct _SW_LARGENUMBER { /* bytes in network (big endian) order */ } SW_LARGENUMBER; +#if defined(WIN32) + #include <windows.h> + typedef HANDLE SW_OSHANDLE; /* handle to kernel object */ + #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE + #define SW_CALLCONV _stdcall +#elif defined(MAC) + /* async callback mechanisms */ + /* swiftCallbackLevel */ + #define SW_MAC_CALLBACK_LEVEL_NO 0 + #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */ + #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */ + typedef int SW_MAC_CALLBACK_LEVEL; + typedef int SW_OSHANDLE; + #define SW_OS_INVALID_HANDLE (-1) + #define SW_CALLCONV +#else /* Unix variants */ + typedef int SW_OSHANDLE; /* handle to driver */ + #define SW_OS_INVALID_HANDLE (-1) + #define SW_CALLCONV +#endif + typedef struct _SW_CRT { SW_LARGENUMBER p; /* prime number p */ SW_LARGENUMBER q; /* prime number q */ @@ -196,16 +217,16 @@ typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */ /* Now the OpenSSL bits, these function types are the for the function * pointers that will bound into the Rainbow shared libraries. */ -typedef SW_STATUS t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac); -typedef SW_STATUS t_swAttachKeyParam(SW_CONTEXT_HANDLE hac, - SW_PARAM *key_params); -typedef SW_STATUS t_swSimpleRequest(SW_CONTEXT_HANDLE hac, - SW_COMMAND_CODE cmd, - SW_LARGENUMBER pin[], - SW_U32 pin_count, - SW_LARGENUMBER pout[], - SW_U32 pout_count); -typedef SW_STATUS t_swReleaseAccContext(SW_CONTEXT_HANDLE hac); +typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac); +typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac, + SW_PARAM *key_params); +typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac, + SW_COMMAND_CODE cmd, + SW_LARGENUMBER pin[], + SW_U32 pin_count, + SW_LARGENUMBER pout[], + SW_U32 pout_count); +typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac); #ifdef __cplusplus } diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index 00ee86f3c..58cd8f03e 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -103,12 +103,12 @@ err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -err_all.o: ../../include/openssl/rijndael-alg-fst.h -err_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +err_all.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/err/err.c b/crypto/err/err.c index 99272e437..3b4de2377 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -129,6 +129,12 @@ static unsigned long pid_hash(ERR_STATE *pid); static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); static unsigned long get_error_values(int inc,const char **file,int *line, const char **data,int *flags); + +static IMPLEMENT_LHASH_HASH_FN(err_hash, ERR_STRING_DATA *) +static IMPLEMENT_LHASH_COMP_FN(err_cmp, ERR_STRING_DATA *) +static IMPLEMENT_LHASH_HASH_FN(pid_hash, ERR_STATE *) +static IMPLEMENT_LHASH_COMP_FN(pid_cmp, ERR_STATE *) + static void ERR_STATE_free(ERR_STATE *s); #ifndef NO_ERR static ERR_STRING_DATA ERR_str_libraries[]= @@ -316,7 +322,8 @@ void ERR_load_strings(int lib, ERR_STRING_DATA *str) if (error_hash == NULL) { CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH); - error_hash=lh_new(err_hash,err_cmp); + error_hash=lh_new(LHASH_HASH_FN(err_hash), + LHASH_COMP_FN(err_cmp)); if (error_hash == NULL) { CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); @@ -706,7 +713,8 @@ ERR_STATE *ERR_get_state(void) /* no entry yet in thread_hash for current thread - * thus, it may have changed since we last looked at it */ if (thread_hash == NULL) - thread_hash = lh_new(pid_hash, pid_cmp); + thread_hash = lh_new(LHASH_HASH_FN(pid_hash), + LHASH_COMP_FN(pid_cmp)); if (thread_hash == NULL) thread_state_exists = 0; /* allocation error */ else diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index b8315d827..d4f169ec0 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -64,7 +64,7 @@ #ifndef NO_RSA #include <openssl/rsa.h> #endif -#ifdef RSAref +#if 0 /* was: #ifdef RSAref */ #include <openssl/rsaref.h> #endif #ifndef NO_DH @@ -98,7 +98,7 @@ void ERR_load_crypto_strings(void) ERR_load_BIO_strings(); ERR_load_CONF_strings(); #ifndef NO_RSA -#ifdef RSAref +#if 0 /* was: #ifdef RSAref */ ERR_load_RSAREF_strings(); #else ERR_load_RSA_strings(); diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 9bd267bda..717c6eeba 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -20,7 +20,6 @@ L CONF crypto/conf/conf.h crypto/conf/conf_err.c #L PROXY crypto/proxy/proxy.h crypto/proxy/proxy_err.c L PKCS7 crypto/pkcs7/pkcs7.h crypto/pkcs7/pkcs7err.c L PKCS12 crypto/pkcs12/pkcs12.h crypto/pkcs12/pk12err.c -L RSAREF rsaref/rsaref.h rsaref/rsar_err.c L SSL ssl/ssl.h ssl/ssl_err.c L COMP crypto/comp/comp.h crypto/comp/comp_err.c L RAND crypto/rand/rand.h crypto/rand/rand_err.c diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 0f059047a..71d7bd97f 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -111,7 +111,7 @@ bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_b64.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h bio_b64.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h bio_b64.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h bio_b64.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -129,7 +129,7 @@ bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h bio_enc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h bio_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h bio_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -147,7 +147,7 @@ bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h bio_md.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -166,11 +166,11 @@ bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -bio_ok.o: ../../include/openssl/rijndael-alg-fst.h -bio_ok.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -bio_ok.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -bio_ok.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h +bio_ok.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_ok.o: ../cryptlib.h c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -184,7 +184,7 @@ c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_all.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +c_all.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h c_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -203,7 +203,7 @@ c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h c_allc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -223,7 +223,7 @@ c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h c_alld.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -242,7 +242,7 @@ digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -digest.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +digest.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h digest.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -260,7 +260,7 @@ e_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_bf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -278,7 +278,7 @@ e_cast.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_cast.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -296,7 +296,7 @@ e_des.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_des.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_des.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_des.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -314,7 +314,7 @@ e_des3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_des3.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -332,7 +332,7 @@ e_idea.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_idea.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -350,7 +350,7 @@ e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_null.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_null.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_null.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -368,7 +368,7 @@ e_rc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_rc2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -386,7 +386,7 @@ e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_rc4.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -404,7 +404,7 @@ e_rc5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_rc5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rc5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_rc5.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -421,7 +421,7 @@ e_rd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h e_rd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rd.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +e_rd.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h e_rd.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h e_rd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_rd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -440,11 +440,11 @@ e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_xcbc_d.o: ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -e_xcbc_d.o: ../../include/openssl/rijndael-alg-fst.h -e_xcbc_d.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_xcbc_d.o: ../../include/openssl/symhacks.h ../cryptlib.h +e_xcbc_d.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +e_xcbc_d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_xcbc_d.o: ../cryptlib.h encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -458,7 +458,7 @@ encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -encode.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +encode.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h encode.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -476,7 +476,7 @@ evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h evp_enc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -493,7 +493,7 @@ evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h evp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h evp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h evp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -512,12 +512,12 @@ evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_key.o: ../../include/openssl/rijndael-alg-fst.h -evp_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +evp_key.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_key.o: ../cryptlib.h evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -531,7 +531,7 @@ evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h evp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h evp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h evp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -550,12 +550,12 @@ evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_pbe.o: ../../include/openssl/rijndael-alg-fst.h -evp_pbe.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +evp_pbe.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_pbe.o: ../cryptlib.h evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -571,12 +571,12 @@ evp_pkey.o: ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_pkey.o: ../../include/openssl/rijndael-alg-fst.h -evp_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +evp_pkey.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_pkey.o: ../cryptlib.h m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -591,12 +591,12 @@ m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_dss.o: ../../include/openssl/rijndael-alg-fst.h -m_dss.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_dss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_dss.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss.o: ../cryptlib.h m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -611,12 +611,12 @@ m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_dss1.o: ../../include/openssl/rijndael-alg-fst.h -m_dss1.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_dss1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_dss1.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss1.o: ../cryptlib.h m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -631,12 +631,12 @@ m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md2.o: ../../include/openssl/rijndael-alg-fst.h -m_md2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_md2.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md2.o: ../cryptlib.h m_md4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -651,12 +651,12 @@ m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md4.o: ../../include/openssl/rijndael-alg-fst.h -m_md4.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_md4.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md4.o: ../cryptlib.h m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -671,12 +671,12 @@ m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md5.o: ../../include/openssl/rijndael-alg-fst.h -m_md5.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_md5.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md5.o: ../cryptlib.h m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -691,12 +691,12 @@ m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_mdc2.o: ../../include/openssl/rijndael-alg-fst.h -m_mdc2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_mdc2.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_mdc2.o: ../cryptlib.h m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -711,12 +711,12 @@ m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_null.o: ../../include/openssl/rijndael-alg-fst.h -m_null.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_null.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_null.o: ../cryptlib.h m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -731,8 +731,7 @@ m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_ripemd.o: ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -m_ripemd.o: ../../include/openssl/rc5.h -m_ripemd.o: ../../include/openssl/rijndael-alg-fst.h +m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h m_ripemd.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -752,12 +751,12 @@ m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_sha.o: ../../include/openssl/rijndael-alg-fst.h -m_sha.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_sha.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha.o: ../cryptlib.h m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -772,12 +771,12 @@ m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_sha1.o: ../../include/openssl/rijndael-alg-fst.h -m_sha1.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_sha1.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha1.o: ../cryptlib.h names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -792,12 +791,12 @@ names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -names.o: ../../include/openssl/rijndael-alg-fst.h -names.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -names.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +names.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +names.o: ../cryptlib.h p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -812,12 +811,12 @@ p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p5_crpt.o: ../../include/openssl/rijndael-alg-fst.h -p5_crpt.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p5_crpt.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_crpt.o: ../cryptlib.h p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -832,8 +831,7 @@ p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p5_crpt2.o: ../../include/openssl/rc5.h -p5_crpt2.o: ../../include/openssl/rijndael-alg-fst.h +p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p5_crpt2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -853,7 +851,7 @@ p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p_dec.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -873,7 +871,7 @@ p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p_enc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -893,7 +891,7 @@ p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -913,12 +911,12 @@ p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p_open.o: ../../include/openssl/rijndael-alg-fst.h -p_open.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p_open.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_open.o: ../cryptlib.h p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -933,7 +931,7 @@ p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p_seal.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -953,12 +951,12 @@ p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p_sign.o: ../../include/openssl/rijndael-alg-fst.h -p_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p_sign.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_sign.o: ../cryptlib.h p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -973,8 +971,7 @@ p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_verify.o: ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_verify.o: ../../include/openssl/rc5.h -p_verify.o: ../../include/openssl/rijndael-alg-fst.h +p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p_verify.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 831c71a2b..f8336f261 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -71,6 +71,7 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) +#define BUF_OFFSET 8 /* XXX: why? */ typedef struct enc_struct { @@ -80,7 +81,7 @@ typedef struct enc_struct int finished; int ok; /* bad decrypt */ EVP_CIPHER_CTX cipher; - char buf[ENC_BLOCK_SIZE+10]; + char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2/*why?*/]; } BIO_ENC_CTX; static BIO_METHOD methods_enc= @@ -172,7 +173,7 @@ static int enc_read(BIO *b, char *out, int outl) /* read in at offset 8, read the EVP_Cipher * documentation about why */ - i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE); + i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); if (i <= 0) { @@ -196,7 +197,7 @@ static int enc_read(BIO *b, char *out, int outl) { EVP_CipherUpdate(&(ctx->cipher), (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)&(ctx->buf[8]),i); + (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); ctx->cont=1; /* Note: it is possible for EVP_CipherUpdate to * decrypt zero bytes because this is or looks like diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index a9aba4ae7..7bf42b300 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -93,6 +93,17 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { +#ifdef KSSL_DEBUG + { + int i; + char *cp; + printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); + printf("\t iv= "); + for(i=0;i<8;i++) + printf("%02X",ctx->iv[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ des_ede3_cbc_encrypt(in, out, (long)inl, ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, (des_cblock *)ctx->iv, ctx->encrypt); @@ -145,6 +156,16 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { des_cblock *deskey = (des_cblock *)key; +#ifdef KSSL_DEBUG + { + int i; + printf("des_ede3_init_key(ctx=%lx)\n", ctx); + printf("\tKEY= "); + for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); + printf("\t IV= "); + for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1); des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index e8621973e..17a0f306e 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -121,6 +121,7 @@ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ #define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 #define PKCS5_SALT_LEN 8 /* Default PKCS#5 iteration count */ @@ -396,7 +397,7 @@ struct evp_cipher_ctx_st unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ int num; /* used by cfb/ofb mode */ void *app_data; /* application stuff */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 8df2874f3..0f3484733 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -82,6 +82,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif X509_ALGOR *a; unsigned char *p; + const unsigned char *cp; int pkeylen; char obj_tmp[80]; @@ -103,7 +104,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) { #ifndef NO_RSA case NID_rsaEncryption: - if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) { + cp = p; + if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } @@ -163,9 +165,9 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } - p = param->value.sequence->data; + cp = p = param->value.sequence->data; plen = param->value.sequence->length; - if (!(dsa = d2i_DSAparams (NULL, &p, plen))) { + if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 62398ed74..14af3198d 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -99,7 +99,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) #ifndef NO_DSA if (pkey->type == EVP_PKEY_DSA) { - int ret=pkey->save_parameters=mode; + int ret=pkey->save_parameters; if (mode >= 0) pkey->save_parameters=mode; diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 739e543d7..35ea2c298 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -131,7 +131,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) return(1); } -void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx) +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { if (ad->sk == NULL) return(0); diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index a15f775c9..ab2e9a83c 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -91,8 +91,7 @@ hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -hmac.o: ../../include/openssl/rijndael-alg-fst.h -hmac.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h +hmac.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/crypto/install.com b/crypto/install.com index 4780118ab..96db3abbb 100644 --- a/crypto/install.com +++ b/crypto/install.com @@ -58,7 +58,7 @@ $ EXHEADER_DSA := dsa.h $ EXHEADER_DH := dh.h $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h -$ EXHEADER_RIJNDAEL := rijndael-alg-fst.h,rijndael.h +$ EXHEADER_RIJNDAEL := rd_fst.h,rijndael.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index ee0600060..62dab3acc 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -139,7 +139,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out) #else #ifndef NO_FP_API -void lh_stats(LHASH *lh, FILE *fp) +void lh_stats(const LHASH *lh, FILE *fp) { BIO *bp; @@ -151,7 +151,7 @@ void lh_stats(LHASH *lh, FILE *fp) end:; } -void lh_node_stats(LHASH *lh, FILE *fp) +void lh_node_stats(const LHASH *lh, FILE *fp) { BIO *bp; @@ -163,7 +163,7 @@ void lh_node_stats(LHASH *lh, FILE *fp) end:; } -void lh_node_usage_stats(LHASH *lh, FILE *fp) +void lh_node_usage_stats(const LHASH *lh, FILE *fp) { BIO *bp; @@ -177,7 +177,7 @@ end:; #endif -void lh_stats_bio(LHASH *lh, BIO *out) +void lh_stats_bio(const LHASH *lh, BIO *out) { char buf[128]; @@ -225,7 +225,7 @@ void lh_stats_bio(LHASH *lh, BIO *out) #endif } -void lh_node_stats_bio(LHASH *lh, BIO *out) +void lh_node_stats_bio(const LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned int i,num; @@ -240,7 +240,7 @@ void lh_node_stats_bio(LHASH *lh, BIO *out) } } -void lh_node_usage_stats_bio(LHASH *lh, BIO *out) +void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned long num; diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 7da14620a..60699f45c 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -111,7 +111,7 @@ static void expand(LHASH *lh); static void contract(LHASH *lh); static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash); -LHASH *lh_new(unsigned long (*h)(), int (*c)()) +LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) { LHASH *ret; int i; @@ -122,8 +122,8 @@ LHASH *lh_new(unsigned long (*h)(), int (*c)()) goto err1; for (i=0; i<MIN_NODES; i++) ret->b[i]=NULL; - ret->comp=((c == NULL)?(int (*)())strcmp:c); - ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h); + ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c); + ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h); ret->num_nodes=MIN_NODES/2; ret->num_alloc_nodes=MIN_NODES; ret->p=0; @@ -267,12 +267,19 @@ void *lh_retrieve(LHASH *lh, void *data) return(ret); } -void lh_doall(LHASH *lh, void (*func)()) +void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) { - lh_doall_arg(lh,func,NULL); + /* Yikes that's bad - we're accepting a function that accepts 2 + * parameters (albeit we have to waive type-safety here) and then + * forcibly calling that callback with *3* parameters leaving the 3rd + * NULL. Obviously this "works" otherwise it wouldn't have survived so + * long, but is it "good"?? + * FIXME: Use an internal function from this and the "_arg" version that + * doesn't assume the ability to mutate function prototypes so badly. */ + lh_doall_arg(lh, (LHASH_DOALL_ARG_FN_TYPE)func, NULL); } -void lh_doall_arg(LHASH *lh, void (*func)(), void *arg) +void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) { int i; LHASH_NODE *a,*n; @@ -312,7 +319,7 @@ static void expand(LHASH *lh) #ifndef NO_HASH_COMP hash=np->hash; #else - hash=(*(lh->hash))(np->data); + hash=lh->hash(np->data); lh->num_hash_calls++; #endif if ((hash%nni) != p) @@ -415,7 +422,7 @@ static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash) } #endif lh->num_comp_calls++; - if ((*cf)(n1->data,data) == 0) + if(cf(n1->data,data) == 0) break; ret= &(n1->next); } @@ -455,7 +462,7 @@ unsigned long lh_strhash(const char *c) return((ret>>16)^ret); } -unsigned long lh_num_items(LHASH *lh) +unsigned long lh_num_items(const LHASH *lh) { return lh ? lh->num_items : 0; } diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index b8ff02190..642051207 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -84,11 +84,42 @@ typedef struct lhash_node_st #endif } LHASH_NODE; +typedef int (*LHASH_COMP_FN_TYPE)(void *, void *); +typedef unsigned long (*LHASH_HASH_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); + +/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. + * This way, callbacks can be provided to LHASH structures without function + * pointer casting and the macro-defined callbacks provide per-variable casting + * before deferring to the underlying type-specific callbacks. NB: It is + * possible to place a "static" in front of both the DECLARE and IMPLEMENT + * macros if the functions are strictly internal. */ + +/* First: "hash" functions */ +#define DECLARE_LHASH_HASH_FN(f_name,o_type) \ + unsigned long f_name##_LHASH_HASH(void *); +#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ + unsigned long f_name##_LHASH_HASH(void *arg) { \ + o_type a = (o_type)arg; \ + return f_name(a); } +#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH + +/* Second: "compare" functions */ +#define DECLARE_LHASH_COMP_FN(f_name,o_type) \ + int f_name##_LHASH_COMP(void *, void *); +#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ + int f_name##_LHASH_COMP(void *arg1, void *arg2) { \ + o_type a = (o_type)arg1; \ + o_type b = (o_type)arg2; \ + return f_name(a,b); } +#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP + typedef struct lhash_st { LHASH_NODE **b; - int (*comp)(); - unsigned long (*hash)(); + LHASH_COMP_FN_TYPE comp; + LHASH_HASH_FN_TYPE hash; unsigned int num_nodes; unsigned int num_alloc_nodes; unsigned int p; @@ -120,26 +151,26 @@ typedef struct lhash_st * in lh_insert(). */ #define lh_error(lh) ((lh)->error) -LHASH *lh_new(unsigned long (*h)(/* void *a */), int (*c)(/* void *a,void *b */)); +LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(LHASH *lh); void *lh_insert(LHASH *lh, void *data); void *lh_delete(LHASH *lh, void *data); void *lh_retrieve(LHASH *lh, void *data); - void lh_doall(LHASH *lh, void (*func)(/*void *b*/)); -void lh_doall_arg(LHASH *lh, void (*func)(/*void *a,void *b*/),void *arg); +void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); -unsigned long lh_num_items(LHASH *lh); +unsigned long lh_num_items(const LHASH *lh); #ifndef NO_FP_API -void lh_stats(LHASH *lh, FILE *out); -void lh_node_stats(LHASH *lh, FILE *out); -void lh_node_usage_stats(LHASH *lh, FILE *out); +void lh_stats(const LHASH *lh, FILE *out); +void lh_node_stats(const LHASH *lh, FILE *out); +void lh_node_usage_stats(const LHASH *lh, FILE *out); #endif #ifndef NO_BIO -void lh_stats_bio(LHASH *lh, BIO *out); -void lh_node_stats_bio(LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(LHASH *lh, BIO *out); +void lh_stats_bio(const LHASH *lh, BIO *out); +void lh_node_stats_bio(const LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); #endif #ifdef __cplusplus } diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 866c53e73..56ce7ddde 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -234,6 +234,9 @@ static unsigned long mem_hash(MEM *a) return(ret); } +static IMPLEMENT_LHASH_HASH_FN(mem_hash, MEM *) +static IMPLEMENT_LHASH_COMP_FN(mem_cmp, MEM *) + static int app_info_cmp(APP_INFO *a, APP_INFO *b) { return(a->thread != b->thread); @@ -249,7 +252,10 @@ static unsigned long app_info_hash(APP_INFO *a) return(ret); } -static APP_INFO *pop_info() +static IMPLEMENT_LHASH_HASH_FN(app_info_hash, APP_INFO *) +static IMPLEMENT_LHASH_COMP_FN(app_info_cmp, APP_INFO *) + +static APP_INFO *pop_info(void) { APP_INFO tmp; APP_INFO *ret = NULL; @@ -266,7 +272,7 @@ static APP_INFO *pop_info() next->references++; lh_insert(amih,(char *)next); } -#ifdef LEVITTE_DEBUG +#ifdef LEVITTE_DEBUG_MEM if (ret->thread != tmp.thread) { fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", @@ -302,7 +308,8 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) } if (amih == NULL) { - if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL) + if ((amih=lh_new(LHASH_HASH_FN(app_info_hash), + LHASH_COMP_FN(app_info_cmp))) == NULL) { OPENSSL_free(ami); ret=0; @@ -319,7 +326,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) { -#ifdef LEVITTE_DEBUG +#ifdef LEVITTE_DEBUG_MEM if (ami->thread != amim->thread) { fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", @@ -394,7 +401,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, } if (mh == NULL) { - if ((mh=lh_new(mem_hash,mem_cmp)) == NULL) + if ((mh=lh_new(LHASH_HASH_FN(mem_hash), + LHASH_COMP_FN(mem_cmp))) == NULL) { OPENSSL_free(addr); OPENSSL_free(m); @@ -418,8 +426,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, m->order=order; } m->order=order++; -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: [%5d] %c 0x%p (%d)\n", +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); @@ -473,8 +481,8 @@ void CRYPTO_dbg_free(void *addr, int before_p) mp=(MEM *)lh_delete(mh,(char *)&m); if (mp != NULL) { -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: [%5d] - 0x%p (%d)\n", +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", mp->order, mp->addr, mp->num); #endif if (mp->app_info != NULL) @@ -497,8 +505,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, { MEM m,*mp; -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", addr1, addr2, num, file, line, before_p); #endif @@ -524,8 +532,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, mp=(MEM *)lh_delete(mh,(char *)&m); if (mp != NULL) { -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", mp->order, mp->addr, mp->num, addr2, num); @@ -626,7 +634,7 @@ static void print_leak(MEM *m, MEM_LEAK *l) } while(amip && amip->thread == ti); -#ifdef LEVITTE_DEBUG +#ifdef LEVITTE_DEBUG_MEM if (amip) { fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); @@ -647,7 +655,8 @@ void CRYPTO_mem_leaks(BIO *b) ml.chunks=0; MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ if (mh != NULL) - lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); + lh_doall_arg(mh, (LHASH_DOALL_ARG_FN_TYPE)print_leak, + (char *)&ml); if (ml.chunks != 0) { sprintf(buf,"%ld bytes leaked in %d chunks\n", @@ -725,6 +734,6 @@ void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void { if (mh == NULL) return; CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); - lh_doall_arg(mh,(void (*)())cb_leak,(void *)&cb); + lh_doall_arg(mh, (LHASH_DOALL_ARG_FN_TYPE)cb_leak,(void *)&cb); CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index dca988230..ccf3a1872 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -14,9 +14,9 @@ static int names_type_num=OBJ_NAME_TYPE_NUM; typedef struct name_funcs_st { - unsigned long (*hash_func)(); - int (*cmp_func)(); - void (*free_func)(); + unsigned long (*hash_func)(const char *name); + int (*cmp_func)(const char *a,const char *b); + void (*free_func)(const char *, int, const char *); } NAME_FUNCS; DECLARE_STACK_OF(NAME_FUNCS) @@ -27,17 +27,21 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack; static unsigned long obj_name_hash(OBJ_NAME *a); static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); +static IMPLEMENT_LHASH_HASH_FN(obj_name_hash, OBJ_NAME *) +static IMPLEMENT_LHASH_COMP_FN(obj_name_cmp, OBJ_NAME *) + int OBJ_NAME_init(void) { if (names_lh != NULL) return(1); MemCheck_off(); - names_lh=lh_new(obj_name_hash,obj_name_cmp); + names_lh=lh_new(LHASH_HASH_FN(obj_name_hash), + LHASH_COMP_FN(obj_name_cmp)); MemCheck_on(); return(names_lh != NULL); } int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), - int (*cmp_func)(const void *, const void *), + int (*cmp_func)(const char *, const char *), void (*free_func)(const char *, int, const char *)) { int ret; @@ -62,12 +66,12 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), MemCheck_off(); name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); name_funcs->hash_func = lh_strhash; - name_funcs->cmp_func = (int (*)())strcmp; + name_funcs->cmp_func = strcmp; name_funcs->free_func = 0; /* NULL is often declared to - * ((void *)0), which according - * to Compaq C is not really - * compatible with a function - * pointer. -- Richard Levitte*/ + * ((void *)0), which according + * to Compaq C is not really + * compatible with a function + * pointer. -- Richard Levitte*/ sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); MemCheck_on(); } @@ -132,7 +136,7 @@ const char *OBJ_NAME_get(const char *name, int type) on.type=type; for (;;) - { + { ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); if (ret == NULL) return(NULL); if ((ret->alias) && !alias) @@ -224,12 +228,80 @@ int OBJ_NAME_remove(const char *name, int type) return(0); } +struct doall + { + int type; + void (*fn)(const OBJ_NAME *,void *arg); + void *arg; + }; + +static void do_all_fn(const OBJ_NAME *name,struct doall *d) + { + if(name->type == d->type) + d->fn(name,d->arg); + } + +void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) + { + struct doall d; + + d.type=type; + d.fn=fn; + d.arg=arg; + + lh_doall_arg(names_lh,(LHASH_DOALL_ARG_FN_TYPE)do_all_fn,&d); + } + +struct doall_sorted + { + int type; + int n; + const OBJ_NAME **names; + }; + +static void do_all_sorted_fn(const OBJ_NAME *name,void *d_) + { + struct doall_sorted *d=d_; + + if(name->type != d->type) + return; + + d->names[d->n++]=name; + } + +static int do_all_sorted_cmp(const void *n1_,const void *n2_) + { + const OBJ_NAME * const *n1=n1_; + const OBJ_NAME * const *n2=n2_; + + return strcmp((*n1)->name,(*n2)->name); + } + +void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), + void *arg) + { + struct doall_sorted d; + int n; + + d.type=type; + d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); + d.n=0; + OBJ_NAME_do_all(type,do_all_sorted_fn,&d); + + qsort(d.names,d.n,sizeof *d.names,do_all_sorted_cmp); + + for(n=0 ; n < d.n ; ++n) + fn(d.names[n],arg); + + OPENSSL_free(d.names); + } + static int free_type; static void names_lh_free(OBJ_NAME *onp, int type) { if(onp == NULL) - return; + return; if ((free_type < 0) || (free_type == onp->type)) { @@ -252,7 +324,7 @@ void OBJ_NAME_cleanup(int type) down_load=names_lh->down_load; names_lh->down_load=0; - lh_doall(names_lh,names_lh_free); + lh_doall(names_lh,(LHASH_DOALL_FN_TYPE)names_lh_free); if (type < 0) { lh_free(names_lh); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 4b1bb9583..6eb9f4886 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -174,10 +174,13 @@ static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) return(1); /* should not get here */ } +static IMPLEMENT_LHASH_HASH_FN(add_hash, ADDED_OBJ *) +static IMPLEMENT_LHASH_COMP_FN(add_cmp, ADDED_OBJ *) + static int init_added(void) { if (added != NULL) return(1); - added=lh_new(add_hash,add_cmp); + added=lh_new(LHASH_HASH_FN(add_hash),LHASH_COMP_FN(add_cmp)); return(added != NULL); } @@ -203,9 +206,9 @@ void OBJ_cleanup(void) { if (added == NULL) return; added->down_load=0; - lh_doall(added,cleanup1); /* zero counters */ - lh_doall(added,cleanup2); /* set counters */ - lh_doall(added,cleanup3); /* free objects */ + lh_doall(added,(LHASH_DOALL_FN_TYPE)cleanup1); /* zero counters */ + lh_doall(added,(LHASH_DOALL_FN_TYPE)cleanup2); /* set counters */ + lh_doall(added,(LHASH_DOALL_FN_TYPE)cleanup3); /* free objects */ lh_free(added); added=NULL; } diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index c099e2e84..8918683aa 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -985,12 +985,17 @@ typedef struct obj_name_st int OBJ_NAME_init(void); -int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),int (*cmp_func)(const void *, const void *), - void (*free_func)(const char *, int, const char *)); +int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)); const char *OBJ_NAME_get(const char *name,int type); int OBJ_NAME_add(const char *name,int type,const char *data); int OBJ_NAME_remove(const char *name,int type); void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), + void *arg); ASN1_OBJECT * OBJ_dup(ASN1_OBJECT *o); ASN1_OBJECT * OBJ_nid2obj(int n); diff --git a/crypto/ocsp/.cvsignore b/crypto/ocsp/.cvsignore new file mode 100644 index 000000000..c6d03a9db --- /dev/null +++ b/crypto/ocsp/.cvsignore @@ -0,0 +1,2 @@ +lib +Makefile.save diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl index 4f6378cd3..bae922684 100644 --- a/crypto/ocsp/Makefile.ssl +++ b/crypto/ocsp/Makefile.ssl @@ -97,8 +97,7 @@ ocsp_cid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_cid.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_cid.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_cid.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_cid.o: ../../include/openssl/rc5.h -ocsp_cid.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_cid.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_cid.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_cid.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_cid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -119,8 +118,7 @@ ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_err.o: ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_err.o: ../../include/openssl/rc5.h -ocsp_err.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -142,8 +140,7 @@ ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_ext.o: ../../include/openssl/rc5.h -ocsp_ext.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -167,8 +164,7 @@ ocsp_lib.o: ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h ocsp_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_lib.o: ../../include/openssl/rc5.h -ocsp_lib.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -190,8 +186,7 @@ ocsp_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_req.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_req.o: ../../include/openssl/rc5.h -ocsp_req.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_req.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -212,8 +207,7 @@ ocsp_res.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_res.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_res.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_res.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_res.o: ../../include/openssl/rc5.h -ocsp_res.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_res.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_res.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_res.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_res.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -234,8 +228,7 @@ ocsp_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_sig.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h ocsp_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_sig.o: ../../include/openssl/rc5.h -ocsp_sig.o: ../../include/openssl/rijndael-alg-fst.h +ocsp_sig.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h ocsp_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h ocsp_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ocsp_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 34563bf9c..4899a1ae4 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -430,7 +430,7 @@ OCSP_RESPONSE *OCSP_response_new(int status, char *data); ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK *sk); + char *data, STACK_OF(ASN1_OBJECT) *sk); X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len); @@ -541,13 +541,17 @@ int OCSP_extension_print(BIO *bp, X509_EXTENSION *x, int ind); void ERR_load_OCSP_strings(void); +#if 0 /* Not yet implemented */ X509_EXTENSION *OCSP_nochain_new(void); +#endif char* ocspResponseStatus2string(long s); char* ocspCertStatus2string(long s); char * cRLReason2string(long s); +#if 0 /* Not yet implemented */ void OCSP_add_standard_extension(void); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 60ddc2cff..aac4edb1e 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -83,7 +83,7 @@ /* also CRL Entry Extensions */ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK *sk) + char *data, STACK_OF(ASN1_OBJECT) *sk) { int i; unsigned char *p, *b = NULL; @@ -97,11 +97,11 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), } else if (sk) { - if ((i=i2d_ASN1_SET(sk,NULL,i2d,V_ASN1_SEQUENCE, + if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err; if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) goto err; - if (i2d_ASN1_SET(sk,&p,i2d,V_ASN1_SEQUENCE, + if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err; } else @@ -146,7 +146,7 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; } - if (time) + if (tim) { if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) @@ -171,11 +171,12 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) STACK_OF(ASN1_OBJECT) *sk = NULL; ASN1_OBJECT *o = NULL; X509_EXTENSION *x = NULL; - if (!(sk = sk_new(NULL))) goto err; + + if (!(sk = sk_ASN1_OBJECT_new(NULL))) goto err; while (oids && *oids) { if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) - sk_push(sk, (char*) o); + sk_ASN1_OBJECT_push(sk, o); oids++; } if (!(x = X509_EXTENSION_new())) goto err; @@ -298,15 +299,15 @@ int OCSP_extension_print(BIO *bp, ind, "") <= 0) goto err; p = x->value->data; - if (!(d2i_ASN1_SET(&sk, &p, x->value->length, - (char *(*)())d2i_ASN1_OBJECT, - (void (*)(void *))ASN1_OBJECT_free, + if (!(d2i_ASN1_SET_OF_ASN1_OBJECT(&sk, &p, x->value->length, + d2i_ASN1_OBJECT, + ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) goto err; - for (i = 0; i < sk_num(sk); i++) + for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) { - j=OBJ_obj2nid((ASN1_OBJECT*)sk->data[i]); + j=OBJ_obj2nid(sk_ASN1_OBJECT_value(sk,i)); if (BIO_printf(bp," %s ", (j == NID_undef)?"UNKNOWN": OBJ_nid2ln(j)) <= 0) diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl index e26c079b4..19465558f 100644 --- a/crypto/pem/Makefile.ssl +++ b/crypto/pem/Makefile.ssl @@ -95,12 +95,12 @@ pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_all.o: ../../include/openssl/rijndael-alg-fst.h -pem_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pem_all.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_all.o: ../cryptlib.h pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -115,7 +115,7 @@ pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pem_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -136,8 +136,7 @@ pem_info.o: ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_info.o: ../../include/openssl/rc5.h -pem_info.o: ../../include/openssl/rijndael-alg-fst.h +pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pem_info.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -159,12 +158,12 @@ pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_lib.o: ../../include/openssl/rijndael-alg-fst.h -pem_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pem_lib.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_lib.o: ../cryptlib.h pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -181,12 +180,12 @@ pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_seal.o: ../../include/openssl/rijndael-alg-fst.h -pem_seal.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pem_seal.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_seal.o: ../cryptlib.h pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -203,9 +202,9 @@ pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_sign.o: ../../include/openssl/rijndael-alg-fst.h -pem_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pem_sign.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_sign.o: ../cryptlib.h diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index 309060ea0..61b0311c9 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -3,6 +3,8 @@ package x86unix; $label="L000"; +$const=""; +$constl=0; $align=($main'aout)?"4":"16"; $under=($main'aout)?"_":""; @@ -341,9 +343,12 @@ sub main'function_end popl %ebx popl %ebp ret +$const .${func}_end: EOF push(@out,$tmp); + $const=""; + if ($main'cpp) { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } elsif ($main'gaswin) @@ -459,3 +464,75 @@ sub main'data_word { push(@out,"\t.long $_[0]\n"); } + +# debug output functions: puts, putx, printf + +sub main'puts + { + &pushvars(); + &main'push('$Lstring' . ++$constl); + &main'call('puts'); + $stack-=4; + &main'add("esp",4); + &popvars(); + + $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n"; + } + +sub main'putx + { + &pushvars(); + &main'push($_[0]); + &main'push('$Lstring' . ++$constl); + &main'call('printf'); + &main'add("esp",8); + $stack-=8; + &popvars(); + + $const .= "Lstring$constl:\n\t.string \"\%X\"\n"; + } + +sub main'printf + { + $ostack = $stack; + &pushvars(); + for ($i = @_ - 1; $i >= 0; $i--) + { + if ($i == 0) # change this to support %s format strings + { + &main'push('$Lstring' . ++$constl); + $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n"; + } + else + { + if ($_[$i] =~ /([0-9]*)\(%esp\)/) + { + &main'push(($1 + $stack - $ostack) . '(%esp)'); + } + else + { + &main'push($_[$i]); + } + } + } + &main'call('printf'); + $stack-=4*@_; + &main'add("esp",4*@_); + &popvars(); + } + +sub pushvars + { + &out0("pushf"); + &main'push("edx"); + &main'push("ecx"); + &main'push("eax"); + } + +sub popvars + { + &main'pop("eax"); + &main'pop("ecx"); + &main'pop("edx"); + &out0("popf"); + } diff --git a/crypto/pkcs12/Makefile.ssl b/crypto/pkcs12/Makefile.ssl index b28e44128..794185354 100644 --- a/crypto/pkcs12/Makefile.ssl +++ b/crypto/pkcs12/Makefile.ssl @@ -99,7 +99,7 @@ p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_add.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_add.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p12_add.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p12_add.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p12_add.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,12 +120,12 @@ p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_asn.o: ../../include/openssl/rijndael-alg-fst.h -p12_asn.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_asn.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -141,12 +141,12 @@ p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_attr.o: ../../include/openssl/rijndael-alg-fst.h -p12_attr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_attr.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_attr.o: ../cryptlib.h p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -162,12 +162,12 @@ p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_crpt.o: ../../include/openssl/rijndael-alg-fst.h -p12_crpt.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_crpt.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_crpt.o: ../cryptlib.h p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -182,7 +182,7 @@ p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_crt.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p12_crt.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p12_crt.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p12_crt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -203,12 +203,12 @@ p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_decr.o: ../../include/openssl/rijndael-alg-fst.h -p12_decr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_decr.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_decr.o: ../cryptlib.h p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -224,12 +224,12 @@ p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_init.o: ../../include/openssl/rijndael-alg-fst.h -p12_init.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_init.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_init.o: ../cryptlib.h p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -244,7 +244,7 @@ p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p12_key.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p12_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p12_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -265,12 +265,12 @@ p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_kiss.o: ../../include/openssl/rijndael-alg-fst.h -p12_kiss.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +p12_kiss.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_kiss.o: ../cryptlib.h p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -286,8 +286,7 @@ p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_mutl.o: ../../include/openssl/rc5.h -p12_mutl.o: ../../include/openssl/rijndael-alg-fst.h +p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p12_mutl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -308,12 +307,11 @@ p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_npas.o: ../../include/openssl/rijndael-alg-fst.h -p12_npas.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_npas.o: ../../include/openssl/x509_vfy.h +p12_npas.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -328,7 +326,7 @@ p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_utl.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +p12_utl.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h p12_utl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h p12_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -348,9 +346,8 @@ pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk12err.o: ../../include/openssl/rijndael-alg-fst.h -pk12err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h +pk12err.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index bf0247cda..ab87fb705 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -114,8 +114,7 @@ pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h pk7_asn1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_asn1.o: ../../include/openssl/rc5.h -pk7_asn1.o: ../../include/openssl/rijndael-alg-fst.h +pk7_asn1.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pk7_asn1.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pk7_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -135,8 +134,7 @@ pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h pk7_attr.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pk7_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_attr.o: ../../include/openssl/rc5.h -pk7_attr.o: ../../include/openssl/rijndael-alg-fst.h +pk7_attr.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pk7_attr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pk7_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -158,13 +156,12 @@ pk7_doit.o: ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_doit.o: ../../include/openssl/rijndael-alg-fst.h -pk7_doit.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pk7_doit.o: ../cryptlib.h +pk7_doit.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -179,12 +176,12 @@ pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h pk7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_lib.o: ../../include/openssl/rijndael-alg-fst.h -pk7_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pk7_lib.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pk7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../cryptlib.h pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -200,12 +197,12 @@ pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h pk7_mime.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h pk7_mime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_mime.o: ../../include/openssl/rijndael-alg-fst.h -pk7_mime.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +pk7_mime.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +pk7_mime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_mime.o: ../cryptlib.h pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -221,8 +218,7 @@ pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_smime.o: ../../include/openssl/rc5.h -pk7_smime.o: ../../include/openssl/rijndael-alg-fst.h +pk7_smime.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pk7_smime.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pk7_smime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -242,8 +238,7 @@ pkcs7err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pkcs7err.o: ../../include/openssl/rc5.h -pkcs7err.o: ../../include/openssl/rijndael-alg-fst.h +pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h pkcs7err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index a005df201..712938bcf 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -104,8 +104,7 @@ rand_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -rand_lib.o: ../../include/openssl/rc5.h -rand_lib.o: ../../include/openssl/rijndael-alg-fst.h +rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h rand_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index abefc5ead..f0655803f 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -570,7 +570,7 @@ static void readtimer(void) DWORD w; LARGE_INTEGER l; static int have_perfc = 1; -#ifndef __GNUC__ +#ifdef _MSC_VER static int have_tsc = 1; DWORD cyclecount; diff --git a/crypto/rijndael/.cvsignore b/crypto/rijndael/.cvsignore new file mode 100644 index 000000000..c6d03a9db --- /dev/null +++ b/crypto/rijndael/.cvsignore @@ -0,0 +1,2 @@ +lib +Makefile.save diff --git a/crypto/rijndael/Makefile.ssl b/crypto/rijndael/Makefile.ssl index 01da7ac8b..6ed8aa3c0 100644 --- a/crypto/rijndael/Makefile.ssl +++ b/crypto/rijndael/Makefile.ssl @@ -28,12 +28,12 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=rijndael-alg-fst.c -LIBOBJ=rijndael-alg-fst.o +LIBSRC=rd_fst.c +LIBOBJ=rd_fst.o SRC= $(LIBSRC) -EXHEADER=rijndael-alg-fst.h rijndael.h +EXHEADER=rd_fst.h rijndael.h top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) @@ -83,4 +83,4 @@ clean: # DO NOT DELETE THIS LINE -rijndael-alg-fst.o: boxes-fst-corrected.dat rijndael-alg-fst.h +rd_fst.o: boxes-fst-corrected.dat rd_fst.h diff --git a/crypto/rijndael/rd_fst.c b/crypto/rijndael/rd_fst.c new file mode 100755 index 000000000..f856cee3a --- /dev/null +++ b/crypto/rijndael/rd_fst.c @@ -0,0 +1,476 @@ +/* + * rijndael-alg-fst.c v2.4 April '2000 + * + * Optimised ANSI C code + * + * authors: v1.0: Antoon Bosselaers + * v2.0: Vincent Rijmen + * v2.3: Paulo Barreto + * v2.4: Vincent Rijmen + * + * This code is placed in the public domain. + */ + +#include <stdio.h> +#include <stdlib.h> + +#include "rd_fst.h" + +#include "boxes-fst-corrected.dat" + +int rijndaelKeySched(const word8 k[RIJNDAEL_MAXKC][4], + word8 W[RIJNDAEL_MAXROUNDS+1][4][4],int ROUNDS) + { + /* Calculate the necessary round keys + * The number of calculations depends on keyBits and blockBits + */ + int j, r, t, rconpointer = 0; + word8 tk[RIJNDAEL_MAXKC][4]; + int KC = ROUNDS - 6; + + for (j = KC-1; j >= 0; j--) + *((word32*)tk[j]) = *((word32*)k[j]); + r = 0; + t = 0; + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) + { + for (; (j < KC) && (t < 4); j++, t++) + *((word32*)W[r][t]) = *((word32*)tk[j]); + if (t == 4) + { + r++; + t = 0; + } + } + + while (r < ROUNDS + 1) + { /* while not enough round key material calculated */ + /* calculate new values */ + tk[0][0] ^= S[tk[KC-1][1]]; + tk[0][1] ^= S[tk[KC-1][2]]; + tk[0][2] ^= S[tk[KC-1][3]]; + tk[0][3] ^= S[tk[KC-1][0]]; + tk[0][0] ^= rcon[rconpointer++]; + + if (KC != 8) + { + for (j = 1; j < KC; j++) + { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } + else + { + for (j = 1; j < KC/2; j++) + { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + tk[KC/2][0] ^= S[tk[KC/2 - 1][0]]; + tk[KC/2][1] ^= S[tk[KC/2 - 1][1]]; + tk[KC/2][2] ^= S[tk[KC/2 - 1][2]]; + tk[KC/2][3] ^= S[tk[KC/2 - 1][3]]; + for (j = KC/2 + 1; j < KC; j++) + { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) + { + for (; (j < KC) && (t < 4); j++, t++) + { + *((word32*)W[r][t]) = *((word32*)tk[j]); + } + if (t == 4) + { + r++; + t = 0; + } + } + } + return 0; + } + +int rijndaelKeyEncToDec(word8 W[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS) + { + int r; + word8 *w; + + for (r = 1; r < ROUNDS; r++) + { + w = W[r][0]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][1]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][2]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][3]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + } + return 0; + } + +/** + * Encrypt a single block. + */ +int rijndaelEncrypt(const word8 a[16],word8 b[16], + word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS) + { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[0][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[0][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[0][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[0][3]); + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + for (r = 1; r < ROUNDS-1; r++) + { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[ROUNDS-1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[ROUNDS-1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[ROUNDS-1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[ROUNDS-1][3]); + b[ 0] = T1[temp[0][0]][1]; + b[ 1] = T1[temp[1][1]][1]; + b[ 2] = T1[temp[2][2]][1]; + b[ 3] = T1[temp[3][3]][1]; + b[ 4] = T1[temp[1][0]][1]; + b[ 5] = T1[temp[2][1]][1]; + b[ 6] = T1[temp[3][2]][1]; + b[ 7] = T1[temp[0][3]][1]; + b[ 8] = T1[temp[2][0]][1]; + b[ 9] = T1[temp[3][1]][1]; + b[10] = T1[temp[0][2]][1]; + b[11] = T1[temp[1][3]][1]; + b[12] = T1[temp[3][0]][1]; + b[13] = T1[temp[0][1]][1]; + b[14] = T1[temp[1][2]][1]; + b[15] = T1[temp[2][3]][1]; + *((word32*)(b )) ^= *((word32*)rk[ROUNDS][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[ROUNDS][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[ROUNDS][2]); + *((word32*)(b+12)) ^= *((word32*)rk[ROUNDS][3]); + + return 0; + } + +#ifdef INTERMEDIATE_VALUE_KAT +/** + * Encrypt only a certain number of rounds. + * Only used in the Intermediate Value Known Answer Test. + */ +int rijndaelEncryptRound(word8 a[4][4],word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS, int rounds) + { + int r; + word8 temp[4][4]; + + /* make number of rounds sane */ + if (rounds > ROUNDS) + { + rounds = ROUNDS; + } + + *((word32*)a[0]) = *((word32*)a[0]) ^ *((word32*)rk[0][0]); + *((word32*)a[1]) = *((word32*)a[1]) ^ *((word32*)rk[0][1]); + *((word32*)a[2]) = *((word32*)a[2]) ^ *((word32*)rk[0][2]); + *((word32*)a[3]) = *((word32*)a[3]) ^ *((word32*)rk[0][3]); + + for (r = 1; (r <= rounds) && (r < ROUNDS); r++) { + *((word32*)temp[0]) = *((word32*)T1[a[0][0]]) + ^ *((word32*)T2[a[1][1]]) + ^ *((word32*)T3[a[2][2]]) + ^ *((word32*)T4[a[3][3]]); + *((word32*)temp[1]) = *((word32*)T1[a[1][0]]) + ^ *((word32*)T2[a[2][1]]) + ^ *((word32*)T3[a[3][2]]) + ^ *((word32*)T4[a[0][3]]); + *((word32*)temp[2]) = *((word32*)T1[a[2][0]]) + ^ *((word32*)T2[a[3][1]]) + ^ *((word32*)T3[a[0][2]]) + ^ *((word32*)T4[a[1][3]]); + *((word32*)temp[3]) = *((word32*)T1[a[3][0]]) + ^ *((word32*)T2[a[0][1]]) + ^ *((word32*)T3[a[1][2]]) + ^ *((word32*)T4[a[2][3]]); + *((word32*)a[0]) = *((word32*)temp[0]) ^ *((word32*)rk[r][0]); + *((word32*)a[1]) = *((word32*)temp[1]) ^ *((word32*)rk[r][1]); + *((word32*)a[2]) = *((word32*)temp[2]) ^ *((word32*)rk[r][2]); + *((word32*)a[3]) = *((word32*)temp[3]) ^ *((word32*)rk[r][3]); + } + if (rounds == ROUNDS) + { + /* last round is special */ + temp[0][0] = T1[a[0][0]][1]; + temp[0][1] = T1[a[1][1]][1]; + temp[0][2] = T1[a[2][2]][1]; + temp[0][3] = T1[a[3][3]][1]; + temp[1][0] = T1[a[1][0]][1]; + temp[1][1] = T1[a[2][1]][1]; + temp[1][2] = T1[a[3][2]][1]; + temp[1][3] = T1[a[0][3]][1]; + temp[2][0] = T1[a[2][0]][1]; + temp[2][1] = T1[a[3][1]][1]; + temp[2][2] = T1[a[0][2]][1]; + temp[2][3] = T1[a[1][3]][1]; + temp[3][0] = T1[a[3][0]][1]; + temp[3][1] = T1[a[0][1]][1]; + temp[3][2] = T1[a[1][2]][1]; + temp[3][3] = T1[a[2][3]][1]; + *((word32*)a[0]) = *((word32*)temp[0]) ^ *((word32*)rk[ROUNDS][0]); + *((word32*)a[1]) = *((word32*)temp[1]) ^ *((word32*)rk[ROUNDS][1]); + *((word32*)a[2]) = *((word32*)temp[2]) ^ *((word32*)rk[ROUNDS][2]); + *((word32*)a[3]) = *((word32*)temp[3]) ^ *((word32*)rk[ROUNDS][3]); + } + + return 0; + } +#endif /* INTERMEDIATE_VALUE_KAT */ + +/** + * Decrypt a single block. + */ +int rijndaelDecrypt(const word8 a[16],word8 b[16], + word8 rk[RIJNDAEL_MAXROUNDS+1][4][4],int ROUNDS) + { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[ROUNDS][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[ROUNDS][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[ROUNDS][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[ROUNDS][3]); + + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + for (r = ROUNDS-1; r > 1; r--) + { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[1][3]); + b[ 0] = S5[temp[0][0]]; + b[ 1] = S5[temp[3][1]]; + b[ 2] = S5[temp[2][2]]; + b[ 3] = S5[temp[1][3]]; + b[ 4] = S5[temp[1][0]]; + b[ 5] = S5[temp[0][1]]; + b[ 6] = S5[temp[3][2]]; + b[ 7] = S5[temp[2][3]]; + b[ 8] = S5[temp[2][0]]; + b[ 9] = S5[temp[1][1]]; + b[10] = S5[temp[0][2]]; + b[11] = S5[temp[3][3]]; + b[12] = S5[temp[3][0]]; + b[13] = S5[temp[2][1]]; + b[14] = S5[temp[1][2]]; + b[15] = S5[temp[0][3]]; + *((word32*)(b )) ^= *((word32*)rk[0][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[0][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[0][2]); + *((word32*)(b+12)) ^= *((word32*)rk[0][3]); + + return 0; + } + +#ifdef INTERMEDIATE_VALUE_KAT +/** + * Decrypt only a certain number of rounds. + * Only used in the Intermediate Value Known Answer Test. + * Operations rearranged such that the intermediate values + * of decryption correspond with the intermediate values + * of encryption. + */ +int rijndaelDecryptRound(word8 a[4][4], word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS, int rounds) + { + int r, i; + word8 temp[4], shift; + + /* make number of rounds sane */ + if (rounds > ROUNDS) + { + rounds = ROUNDS; + } + /* first round is special: */ + *(word32 *)a[0] ^= *(word32 *)rk[ROUNDS][0]; + *(word32 *)a[1] ^= *(word32 *)rk[ROUNDS][1]; + *(word32 *)a[2] ^= *(word32 *)rk[ROUNDS][2]; + *(word32 *)a[3] ^= *(word32 *)rk[ROUNDS][3]; + for (i = 0; i < 4; i++) + { + a[i][0] = Si[a[i][0]]; + a[i][1] = Si[a[i][1]]; + a[i][2] = Si[a[i][2]]; + a[i][3] = Si[a[i][3]]; + } + for (i = 1; i < 4; i++) + { + shift = (4 - i) & 3; + temp[0] = a[(0 + shift) & 3][i]; + temp[1] = a[(1 + shift) & 3][i]; + temp[2] = a[(2 + shift) & 3][i]; + temp[3] = a[(3 + shift) & 3][i]; + a[0][i] = temp[0]; + a[1][i] = temp[1]; + a[2][i] = temp[2]; + a[3][i] = temp[3]; + } + /* ROUNDS-1 ordinary rounds */ + for (r = ROUNDS-1; r > rounds; r--) + { + *(word32 *)a[0] ^= *(word32 *)rk[r][0]; + *(word32 *)a[1] ^= *(word32 *)rk[r][1]; + *(word32 *)a[2] ^= *(word32 *)rk[r][2]; + *(word32 *)a[3] ^= *(word32 *)rk[r][3]; + + *((word32*)a[0]) = + *((word32*)U1[a[0][0]]) + ^ *((word32*)U2[a[0][1]]) + ^ *((word32*)U3[a[0][2]]) + ^ *((word32*)U4[a[0][3]]); + + *((word32*)a[1]) = + *((word32*)U1[a[1][0]]) + ^ *((word32*)U2[a[1][1]]) + ^ *((word32*)U3[a[1][2]]) + ^ *((word32*)U4[a[1][3]]); + + *((word32*)a[2]) = + *((word32*)U1[a[2][0]]) + ^ *((word32*)U2[a[2][1]]) + ^ *((word32*)U3[a[2][2]]) + ^ *((word32*)U4[a[2][3]]); + + *((word32*)a[3]) = + *((word32*)U1[a[3][0]]) + ^ *((word32*)U2[a[3][1]]) + ^ *((word32*)U3[a[3][2]]) + ^ *((word32*)U4[a[3][3]]); + for (i = 0; i < 4; i++) + { + a[i][0] = Si[a[i][0]]; + a[i][1] = Si[a[i][1]]; + a[i][2] = Si[a[i][2]]; + a[i][3] = Si[a[i][3]]; + } + for (i = 1; i < 4; i++) + { + shift = (4 - i) & 3; + temp[0] = a[(0 + shift) & 3][i]; + temp[1] = a[(1 + shift) & 3][i]; + temp[2] = a[(2 + shift) & 3][i]; + temp[3] = a[(3 + shift) & 3][i]; + a[0][i] = temp[0]; + a[1][i] = temp[1]; + a[2][i] = temp[2]; + a[3][i] = temp[3]; + } + } + if (rounds == 0) + { + /* End with the extra key addition */ + *(word32 *)a[0] ^= *(word32 *)rk[0][0]; + *(word32 *)a[1] ^= *(word32 *)rk[0][1]; + *(word32 *)a[2] ^= *(word32 *)rk[0][2]; + *(word32 *)a[3] ^= *(word32 *)rk[0][3]; + } + return 0; + } + +#endif /* INTERMEDIATE_VALUE_KAT */ diff --git a/crypto/rijndael/rd_fst.h b/crypto/rijndael/rd_fst.h new file mode 100755 index 000000000..9a86e25cf --- /dev/null +++ b/crypto/rijndael/rd_fst.h @@ -0,0 +1,46 @@ +/* + * rijndael-alg-fst.h v2.4 April '2000 + * + * Optimised ANSI C code + * + * #define INTERMEDIATE_VALUE_KAT to generate the Intermediate Value Known Answer Test. + */ + +#ifndef __RIJNDAEL_ALG_FST_H +#define __RIJNDAEL_ALG_FST_H + +#define RIJNDAEL_MAXKC (256/32) +#define RIJNDAEL_MAXROUNDS 14 + +#ifndef USUAL_TYPES +#define USUAL_TYPES +typedef unsigned char byte; +typedef unsigned char word8; +typedef unsigned short word16; +typedef unsigned int word32; +#endif /* USUAL_TYPES */ + +int rijndaelKeySched(const word8 k[RIJNDAEL_MAXKC][4], + word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS); + +int rijndaelKeyEncToDec(word8 W[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS); + +int rijndaelEncrypt(const word8 a[16],word8 b[16], + word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS); + +#ifdef INTERMEDIATE_VALUE_KAT +int rijndaelEncryptRound(word8 a[4][4],word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS, int rounds); +#endif /* INTERMEDIATE_VALUE_KAT */ + +int rijndaelDecrypt(const word8 a[16], word8 b[16], + word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS); + +#ifdef INTERMEDIATE_VALUE_KAT +int rijndaelDecryptRound(word8 a[4][4], word8 rk[RIJNDAEL_MAXROUNDS+1][4][4], + int ROUNDS, int rounds); +#endif /* INTERMEDIATE_VALUE_KAT */ + +#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/crypto/rijndael/rijndael.h b/crypto/rijndael/rijndael.h index 34741a83b..8287ca67c 100644 --- a/crypto/rijndael/rijndael.h +++ b/crypto/rijndael/rijndael.h @@ -1,4 +1,4 @@ -#include "rijndael-alg-fst.h" +#include "openssl/rd_fst.h" #define RIJNDAEL_MAX_IV 16 diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index c34648d3e..6f18d2bf0 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -112,7 +112,7 @@ rsa_eay.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h rsa_eay.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -145,7 +145,7 @@ rsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h rsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -199,8 +199,7 @@ rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rsa_saos.o: ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -rsa_saos.o: ../../include/openssl/rc5.h -rsa_saos.o: ../../include/openssl/rijndael-alg-fst.h +rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h rsa_saos.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -221,12 +220,12 @@ rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h rsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rsa_sign.o: ../../include/openssl/rijndael-alg-fst.h -rsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +rsa_sign.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_sign.o: ../cryptlib.h rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b537b48ca..a488b8076 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -78,16 +78,20 @@ typedef struct rsa_st RSA; typedef struct rsa_meth_st { const char *name; - int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_pub_enc)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_pub_dec)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_priv_enc)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_priv_dec)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ int (*init)(RSA *rsa); /* called at new */ @@ -101,10 +105,12 @@ typedef struct rsa_meth_st * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER * option is set in 'flags'. */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); } RSA_METHOD; @@ -177,26 +183,26 @@ RSA * RSA_new_method(RSA_METHOD *method); #else RSA * RSA_new_method(struct engine_st *engine); #endif -int RSA_size(RSA *); +int RSA_size(const RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); -int RSA_check_key(RSA *); +int RSA_check_key(const RSA *); /* next 4 return -1 on error */ -int RSA_public_encrypt(int flen, unsigned char *from, +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_private_encrypt(int flen, unsigned char *from, +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_public_decrypt(int flen, unsigned char *from, +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_private_decrypt(int flen, unsigned char *from, +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); void RSA_free (RSA *r); -int RSA_flags(RSA *r); +int RSA_flags(const RSA *r); -void RSA_set_default_openssl_method(RSA_METHOD *meth); -RSA_METHOD *RSA_get_default_openssl_method(void); -RSA_METHOD *RSA_get_method(RSA *rsa); +void RSA_set_default_openssl_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_openssl_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); #if 0 RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); #else @@ -207,77 +213,82 @@ int RSA_set_method(RSA *rsa, struct engine_st *engine); int RSA_memory_lock(RSA *r); /* If you have RSAref compiled in. */ -RSA_METHOD *RSA_PKCS1_RSAref(void); +const RSA_METHOD *RSA_PKCS1_RSAref(void); /* these are the actual SSLeay RSA functions */ -RSA_METHOD *RSA_PKCS1_SSLeay(void); +const RSA_METHOD *RSA_PKCS1_SSLeay(void); -RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_null_method(void); void ERR_load_RSA_strings(void ); -RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPublicKey(RSA *a, unsigned char **pp); -RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); +RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length); +int i2d_RSAPublicKey(const RSA *a, unsigned char **pp); +RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length); +int i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); #ifndef NO_FP_API -int RSA_print_fp(FILE *fp, RSA *r,int offset); +int RSA_print_fp(FILE *fp, const RSA *r,int offset); #endif #ifndef NO_BIO -int RSA_print(BIO *bp, RSA *r,int offset); +int RSA_print(BIO *bp, const RSA *r,int offset); #endif -int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey); -RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); +int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); +/* Naughty internal function required elsewhere, to handle a MS structure + * that is the same as the netscape one :-) */ +RSA *d2i_Netscape_RSA_2(RSA **a, const unsigned char **pp, long length, int (*cb)()); /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ -int RSA_sign(int type, unsigned char *m, unsigned int m_len, +int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify(int type, unsigned char *m, unsigned int m_len, +int RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ -int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, +int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,unsigned char *p, - int pl); + const unsigned char *f,int fl, + const unsigned char *p,int pl); int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len, - unsigned char *p,int pl); + const unsigned char *f,int fl,int rsa_len, + const unsigned char *p,int pl); int RSA_padding_add_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_none(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int RSA_set_ex_data(RSA *r,int idx,void *arg); -void *RSA_get_ex_data(RSA *r, int idx); +void *RSA_get_ex_data(const RSA *r, int idx); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index fc8e97ede..0585b241e 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -106,6 +106,6 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { ASN1_SIMPLE(RSA, e, BIGNUM), } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey); -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPrivateKey, RSAPrivateKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPublicKey, RSAPublicKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 91b911579..002f2cb48 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -53,7 +53,7 @@ #include <openssl/rsa.h> -int RSA_check_key(RSA *key) +int RSA_check_key(const RSA *key) { BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 8b8a1e279..37baaacfc 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -65,15 +65,15 @@ #ifndef RSA_NULL -static int RSA_eay_public_encrypt(int flen, unsigned char *from, +static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_encrypt(int flen, unsigned char *from, +static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_public_decrypt(int flen, unsigned char *from, +static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_decrypt(int flen, unsigned char *from, +static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); static int RSA_eay_init(RSA *rsa); static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ @@ -90,12 +90,12 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ NULL, }; -RSA_METHOD *RSA_PKCS1_SSLeay(void) +const RSA_METHOD *RSA_PKCS1_SSLeay(void) { return(&rsa_pkcs1_eay_meth); } -static int RSA_eay_public_encrypt(int flen, unsigned char *from, +static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { const RSA_METHOD *meth; @@ -169,7 +169,7 @@ err: return(r); } -static int RSA_eay_private_encrypt(int flen, unsigned char *from, +static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { const RSA_METHOD *meth; @@ -247,7 +247,7 @@ err: return(r); } -static int RSA_eay_private_decrypt(int flen, unsigned char *from, +static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { const RSA_METHOD *meth; @@ -342,7 +342,7 @@ err: return(r); } -static int RSA_eay_public_decrypt(int flen, unsigned char *from, +static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { const RSA_METHOD *meth; @@ -416,7 +416,7 @@ err: return(r); } -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { const RSA_METHOD *meth; BIGNUM r1,m1; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 5e1e8fcdf..d09dbd4a3 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -66,7 +66,7 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; -static RSA_METHOD *default_RSA_meth=NULL; +static const RSA_METHOD *default_RSA_meth=NULL; static int rsa_meth_num=0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; @@ -75,7 +75,7 @@ RSA *RSA_new(void) return(RSA_new_method(NULL)); } -void RSA_set_default_openssl_method(RSA_METHOD *meth) +void RSA_set_default_openssl_method(const RSA_METHOD *meth) { ENGINE *e; /* We'll need to notify the "openssl" ENGINE of this @@ -94,14 +94,14 @@ void RSA_set_default_openssl_method(RSA_METHOD *meth) } } -RSA_METHOD *RSA_get_default_openssl_method(void) +const RSA_METHOD *RSA_get_default_openssl_method(void) { if (default_RSA_meth == NULL) { #ifdef RSA_NULL default_RSA_meth=RSA_null_method(); #else -#ifdef RSAref +#if 0 /* was: #ifdef RSAref */ default_RSA_meth=RSA_PKCS1_RSAref(); #else default_RSA_meth=RSA_PKCS1_SSLeay(); @@ -112,7 +112,7 @@ RSA_METHOD *RSA_get_default_openssl_method(void) return default_RSA_meth; } -RSA_METHOD *RSA_get_method(RSA *rsa) +const RSA_METHOD *RSA_get_method(const RSA *rsa) { return ENGINE_get_RSA(rsa->engine); } @@ -131,7 +131,7 @@ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) int RSA_set_method(RSA *rsa, ENGINE *engine) { ENGINE *mtmp; - RSA_METHOD *meth; + const RSA_METHOD *meth; mtmp = rsa->engine; meth = ENGINE_get_RSA(mtmp); if (!ENGINE_init(engine)) @@ -152,7 +152,7 @@ RSA *RSA_new_method(RSA_METHOD *meth) RSA *RSA_new_method(ENGINE *engine) #endif { - RSA_METHOD *meth; + const RSA_METHOD *meth; RSA *ret; ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); @@ -191,19 +191,19 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding=NULL; ret->bignum_data=NULL; ret->flags=meth->flags; + CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(rsa_meth, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); return(ret); } void RSA_free(RSA *r) { - RSA_METHOD *meth; + const RSA_METHOD *meth; int i; if (r == NULL) return; @@ -221,13 +221,13 @@ void RSA_free(RSA *r) } #endif - CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); - meth = ENGINE_get_RSA(r->engine); if (meth->finish != NULL) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); + if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); @@ -254,45 +254,45 @@ int RSA_set_ex_data(RSA *r, int idx, void *arg) return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); } -void *RSA_get_ex_data(RSA *r, int idx) +void *RSA_get_ex_data(const RSA *r, int idx) { return(CRYPTO_get_ex_data(&r->ex_data,idx)); } -int RSA_size(RSA *r) +int RSA_size(const RSA *r) { return(BN_num_bytes(r->n)); } -int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen, from, to, rsa, padding)); } -int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen, from, to, rsa, padding)); } -int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen, from, to, rsa, padding)); } -int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_flags(RSA *r) +int RSA_flags(const RSA *r) { return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags); } diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c index f22fce501..e6f3e627c 100644 --- a/crypto/rsa/rsa_none.c +++ b/crypto/rsa/rsa_none.c @@ -62,8 +62,8 @@ #include <openssl/rsa.h> #include <openssl/rand.h> -int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, - int flen) +int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *from, int flen) { if (flen > tlen) { @@ -81,8 +81,8 @@ int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, return(1); } -int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from, - int flen, int num) +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num) { if (flen > tlen) diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c index 7b58a0eca..64057fbdc 100644 --- a/crypto/rsa/rsa_null.c +++ b/crypto/rsa/rsa_null.c @@ -69,16 +69,16 @@ * operations (like storing RSA keys) are permitted. */ -static int RSA_null_public_encrypt(int flen, unsigned char *from, +static int RSA_null_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_encrypt(int flen, unsigned char *from, +static int RSA_null_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_null_public_decrypt(int flen, unsigned char *from, +static int RSA_null_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_decrypt(int flen, unsigned char *from, +static int RSA_null_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); #if 0 /* not currently used */ -static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); #endif static int RSA_null_init(RSA *rsa); static int RSA_null_finish(RSA *rsa); @@ -88,40 +88,41 @@ static RSA_METHOD rsa_null_meth={ RSA_null_public_decrypt, RSA_null_private_encrypt, RSA_null_private_decrypt, - NULL, NULL, + NULL, + NULL, RSA_null_init, RSA_null_finish, 0, NULL, }; -RSA_METHOD *RSA_null_method(void) +const RSA_METHOD *RSA_null_method(void) { return(&rsa_null_meth); } -static int RSA_null_public_encrypt(int flen, unsigned char *from, +static int RSA_null_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } -static int RSA_null_private_encrypt(int flen, unsigned char *from, +static int RSA_null_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } -static int RSA_null_private_decrypt(int flen, unsigned char *from, +static int RSA_null_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } -static int RSA_null_public_decrypt(int flen, unsigned char *from, +static int RSA_null_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index fd0b7f361..8d306d1ea 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -2,7 +2,22 @@ /* Written by Ulf Moeller. This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ -/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ +/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, + * <URL: http://www.shoup.net/papers/oaep.ps.Z> + * for problems with the security proof for the + * original OAEP scheme, which EME-OAEP is based on. + * + * Note that for RSA OAEP a security proof in the + * random oracle model *does* exist if 160 < log_2(N/e); + * cf. section 7.2 ("But RSA-OAEP with exponent 3 is + * provably secure") of Shoup's paper. (The slight + * differences between the OAEP definition used by Shoup + * and OAEP as defined in RFC 2437 should not affect + * this result.) + */ + #if !defined(NO_SHA) && !defined(NO_SHA1) #include <stdio.h> @@ -12,10 +27,12 @@ #include <openssl/sha.h> #include <openssl/rand.h> -int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen); +int MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen); int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *from, int flen, unsigned char *param, int plen) + const unsigned char *from, int flen, + const unsigned char *param, int plen) { int i, emlen = tlen - 1; unsigned char *db, *seed; @@ -71,11 +88,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, } int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *from, int flen, int num, unsigned char *param, - int plen) + const unsigned char *from, int flen, int num, + const unsigned char *param, int plen) { int i, dblen, mlen = -1; - unsigned char *maskeddb; + const unsigned char *maskeddb; int lzero; unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; @@ -132,7 +149,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, return (mlen); } -int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) +int MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen) { long i, outlen = 0; unsigned char cnt[4]; diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 48a32bc26..c1edd6764 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -63,7 +63,7 @@ #include <openssl/rand.h> int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *from, int flen) + const unsigned char *from, int flen) { int j; unsigned char *p; @@ -89,10 +89,10 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, } int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *from, int flen, int num) + const unsigned char *from, int flen, int num) { int i,j; - unsigned char *p; + const unsigned char *p; p=from; if ((num != (flen+1)) || (*(p++) != 01)) @@ -141,7 +141,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, } int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *from, int flen) + const unsigned char *from, int flen) { int i,j; unsigned char *p; @@ -179,10 +179,10 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, } int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *from, int flen, int num) + const unsigned char *from, int flen, int num) { int i,j; - unsigned char *p; + const unsigned char *p; p=from; if ((num != (flen+1)) || (*(p++) != 02)) diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index c77f4381f..85adacc08 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -63,8 +63,9 @@ #include <openssl/objects.h> #include <openssl/x509.h> -int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { ASN1_OCTET_STRING sig; int i,j,ret=1; @@ -72,7 +73,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, sig.type=V_ASN1_OCTET_STRING; sig.length=m_len; - sig.data=m; + sig.data=(unsigned char *)m; i=i2d_ASN1_OCTET_STRING(&sig,NULL); j=RSA_size(rsa); @@ -100,9 +101,10 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, return(ret); } -int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa) +int RSA_verify_ASN1_OCTET_STRING(int dtype, + const unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa) { int i,ret=0; unsigned char *p,*s; diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index cf0087629..80a22e8ab 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -67,13 +67,14 @@ /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 -int RSA_sign(int type, unsigned char *m, unsigned int m_len, +int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; int i,j,ret=1; - unsigned char *p,*s = NULL; + unsigned char *p, *tmps = NULL; + const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; if(rsa->flags & RSA_FLAG_SIGN_VER) @@ -105,7 +106,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len, sig.algor->parameter= ¶meter; sig.digest= &digest; - sig.digest->data=m; + sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ sig.digest->length=m_len; i=i2d_X509_SIG(&sig,NULL); @@ -117,14 +118,15 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len, return(0); } if(type != NID_md5_sha1) { - s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); - if (s == NULL) + tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); + if (tmps == NULL) { RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); return(0); } - p=s; + p=tmps; i2d_X509_SIG(&sig,&p); + s=tmps; } i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); if (i <= 0) @@ -133,13 +135,13 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len, *siglen=i; if(type != NID_md5_sha1) { - memset(s,0,(unsigned int)j+1); - OPENSSL_free(s); + memset(tmps,0,(unsigned int)j+1); + OPENSSL_free(tmps); } return(ret); } -int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, +int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 482f4a827..ea7262949 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -62,8 +62,8 @@ #include <openssl/rsa.h> #include <openssl/rand.h> -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, - int flen) +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *from, int flen) { int i,j; unsigned char *p; @@ -102,11 +102,11 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, return(1); } -int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from, - int flen, int num) +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num) { int i,j,k; - unsigned char *p; + const unsigned char *p; p=from; if (flen < 10) diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index c070bbe0f..67bce3f5e 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -504,6 +504,46 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) +#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) +#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) +#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) +#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) +#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) +#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) + +#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) +#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) +#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) +#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) +#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) +#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) +#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) + #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) @@ -1018,6 +1058,24 @@ STACK_OF(type) \ #define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) +#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) + #define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 3b04fe280..eb13f6040 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -211,7 +211,7 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) } int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), - unsigned long (*hash)(), int (*cmp)()) + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) { LHASH *idx; char *r; diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h index 342533d40..e530af660 100644 --- a/crypto/txt_db/txt_db.h +++ b/crypto/txt_db/txt_db.h @@ -96,7 +96,7 @@ TXT_DB *TXT_DB_read(char *in, int num); long TXT_DB_write(char *out, TXT_DB *db); #endif int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), - unsigned long (*hash)(),int (*cmp)()); + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); int TXT_DB_insert(TXT_DB *db,char **value); diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index 848364de9..c3ee997b8 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -103,12 +103,12 @@ by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -by_dir.o: ../../include/openssl/rijndael-alg-fst.h -by_dir.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -by_dir.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +by_dir.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_dir.o: ../cryptlib.h by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -124,12 +124,12 @@ by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -by_file.o: ../../include/openssl/rijndael-alg-fst.h -by_file.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +by_file.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -145,8 +145,7 @@ x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_att.o: ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_att.o: ../../include/openssl/rc5.h -x509_att.o: ../../include/openssl/rijndael-alg-fst.h +x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_att.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -168,8 +167,7 @@ x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_cmp.o: ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_cmp.o: ../../include/openssl/rc5.h -x509_cmp.o: ../../include/openssl/rijndael-alg-fst.h +x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_cmp.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -190,12 +188,12 @@ x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_d2.o: ../../include/openssl/rijndael-alg-fst.h -x509_d2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x509_d2.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -210,8 +208,7 @@ x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_def.o: ../../include/openssl/rc5.h -x509_def.o: ../../include/openssl/rijndael-alg-fst.h +x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_def.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -230,8 +227,7 @@ x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_err.o: ../../include/openssl/rc5.h -x509_err.o: ../../include/openssl/rijndael-alg-fst.h +x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -252,8 +248,7 @@ x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_ext.o: ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_ext.o: ../../include/openssl/rc5.h -x509_ext.o: ../../include/openssl/rijndael-alg-fst.h +x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -274,12 +269,12 @@ x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_lu.o: ../../include/openssl/rijndael-alg-fst.h -x509_lu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -x509_lu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x509_lu.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_lu.o: ../cryptlib.h x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -294,8 +289,7 @@ x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_obj.o: ../../include/openssl/rc5.h -x509_obj.o: ../../include/openssl/rijndael-alg-fst.h +x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_obj.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -315,8 +309,7 @@ x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_r2x.o: ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_r2x.o: ../../include/openssl/rc5.h -x509_r2x.o: ../../include/openssl/rijndael-alg-fst.h +x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_r2x.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -337,8 +330,7 @@ x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_req.o: ../../include/openssl/rc5.h -x509_req.o: ../../include/openssl/rijndael-alg-fst.h +x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -358,8 +350,7 @@ x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_set.o: ../../include/openssl/rc5.h -x509_set.o: ../../include/openssl/rijndael-alg-fst.h +x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_set.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -380,8 +371,7 @@ x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_trs.o: ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_trs.o: ../../include/openssl/rc5.h -x509_trs.o: ../../include/openssl/rijndael-alg-fst.h +x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_trs.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -402,8 +392,7 @@ x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_txt.o: ../../include/openssl/rc5.h -x509_txt.o: ../../include/openssl/rijndael-alg-fst.h +x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_txt.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -424,13 +413,12 @@ x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_v3.o: ../../include/openssl/rijndael-alg-fst.h -x509_v3.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_v3.o: ../cryptlib.h +x509_v3.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -446,8 +434,7 @@ x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_vfy.o: ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_vfy.o: ../../include/openssl/rc5.h -x509_vfy.o: ../../include/openssl/rijndael-alg-fst.h +x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509_vfy.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -468,8 +455,7 @@ x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509name.o: ../../include/openssl/rc5.h -x509name.o: ../../include/openssl/rijndael-alg-fst.h +x509name.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509name.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -489,8 +475,7 @@ x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509rset.o: ../../include/openssl/rc5.h -x509rset.o: ../../include/openssl/rijndael-alg-fst.h +x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509rset.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -510,8 +495,7 @@ x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509spki.o: ../../include/openssl/rc5.h -x509spki.o: ../../include/openssl/rijndael-alg-fst.h +x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -531,8 +515,7 @@ x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509type.o: ../../include/openssl/rc5.h -x509type.o: ../../include/openssl/rijndael-alg-fst.h +x509type.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h x509type.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -552,9 +535,9 @@ x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_all.o: ../../include/openssl/rijndael-alg-fst.h -x_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x_all.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_all.o: ../cryptlib.h diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 63ed24cee..82714b760 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -984,6 +984,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp,X509 *x); +int X509_ocspid_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); int X509_REQ_print(BIO *bp,X509_REQ *req); diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 5335ff5ae..0c59c8404 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -98,7 +98,7 @@ v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_akey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,13 +120,12 @@ v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_alt.o: ../../include/openssl/rijndael-alg-fst.h -v3_alt.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h +v3_alt.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -142,8 +141,7 @@ v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_bcons.o: ../../include/openssl/rc5.h -v3_bcons.o: ../../include/openssl/rijndael-alg-fst.h +v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_bcons.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -165,8 +163,7 @@ v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_bitst.o: ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_bitst.o: ../../include/openssl/rc5.h -v3_bitst.o: ../../include/openssl/rijndael-alg-fst.h +v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_bitst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -188,13 +185,12 @@ v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_conf.o: ../../include/openssl/rijndael-alg-fst.h -v3_conf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_conf.o: ../cryptlib.h +v3_conf.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -210,8 +206,7 @@ v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_cpols.o: ../../include/openssl/rc5.h -v3_cpols.o: ../../include/openssl/rijndael-alg-fst.h +v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_cpols.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -233,7 +228,7 @@ v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_crld.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -255,13 +250,12 @@ v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_enum.o: ../../include/openssl/rijndael-alg-fst.h -v3_enum.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_enum.o: ../cryptlib.h +v3_enum.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -277,8 +271,7 @@ v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_extku.o: ../../include/openssl/rc5.h -v3_extku.o: ../../include/openssl/rijndael-alg-fst.h +v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_extku.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -300,7 +293,7 @@ v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_genn.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -322,13 +315,12 @@ v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_ia5.o: ../../include/openssl/rijndael-alg-fst.h -v3_ia5.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h +v3_ia5.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -344,7 +336,7 @@ v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_info.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -366,13 +358,12 @@ v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_int.o: ../../include/openssl/rijndael-alg-fst.h -v3_int.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h +v3_int.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -388,13 +379,12 @@ v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_lib.o: ../../include/openssl/rijndael-alg-fst.h -v3_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h +v3_lib.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -410,7 +400,7 @@ v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_pku.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -432,13 +422,12 @@ v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_prn.o: ../../include/openssl/rijndael-alg-fst.h -v3_prn.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h +v3_prn.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -454,13 +443,12 @@ v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_purp.o: ../../include/openssl/rijndael-alg-fst.h -v3_purp.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_purp.o: ../cryptlib.h +v3_purp.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -476,13 +464,12 @@ v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_skey.o: ../../include/openssl/rijndael-alg-fst.h -v3_skey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_skey.o: ../cryptlib.h +v3_skey.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -498,8 +485,7 @@ v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_sxnet.o: ../../include/openssl/rc5.h -v3_sxnet.o: ../../include/openssl/rijndael-alg-fst.h +v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3_sxnet.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -521,13 +507,12 @@ v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_utl.o: ../../include/openssl/rijndael-alg-fst.h -v3_utl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h -v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_utl.o: ../cryptlib.h +v3_utl.o: ../../include/openssl/rd_fst.h ../../include/openssl/rijndael.h +v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -542,7 +527,7 @@ v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3err.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h +v3err.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h v3err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 543bd4f0b..35d95ad51 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -174,3 +174,12 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); return NULL; } + +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) + { + i2a_ASN1_OBJECT(bp, a->method); +#ifdef UNDEF + i2a_GENERAL_NAME(bp, a->location); +#endif + return 2; + } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index f777f0744..fb70fde1b 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -432,6 +432,7 @@ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) DECLARE_ASN1_FUNCTIONS(POLICYINFO) diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c index 0140fbca7..9cede2935 100644 --- a/demos/state_machine/state_machine.c +++ b/demos/state_machine/state_machine.c @@ -347,7 +347,7 @@ int main(int argc,char **argv) } /* FIXME: we should only extract if stdout is ready */ - n=SSLStateMachine_read_extract(pMachine,buf,n); + n=SSLStateMachine_read_extract(pMachine,buf,sizeof buf); if(n < 0) { SSLStateMachine_print_error(pMachine,"read extract failed"); diff --git a/demos/tunala/.cvsignore b/demos/tunala/.cvsignore new file mode 100644 index 000000000..1254a1ee2 --- /dev/null +++ b/demos/tunala/.cvsignore @@ -0,0 +1,2 @@ +tunala + diff --git a/demos/tunala/Makefile b/demos/tunala/Makefile index fd5b651bc..a68db7a39 100644 --- a/demos/tunala/Makefile +++ b/demos/tunala/Makefile @@ -17,8 +17,8 @@ COMPILE=$(CC) $(CFLAGS) -c # Edit, particularly the "-ldl" if not building with "dlfcn" support LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl -SRCS=buffer.c ip.c sm.c tunala.c -OBJS=buffer.o ip.o sm.o tunala.o +SRCS=buffer.c cb.c ip.c sm.c tunala.c +OBJS=buffer.o cb.o ip.o sm.o tunala.o TARGETS=tunala @@ -35,6 +35,7 @@ tunala: $(OBJS) # Extra dependencies, should really use makedepend buffer.o: buffer.c tunala.h +cb.o: cb.c tunala.h ip.o: ip.c tunala.h sm.o: sm.c tunala.h tunala.o: tunala.c tunala.h diff --git a/demos/tunala/buffer.c b/demos/tunala/buffer.c index e9a4e5b03..2915f2c67 100644 --- a/demos/tunala/buffer.c +++ b/demos/tunala/buffer.c @@ -101,6 +101,37 @@ int buffer_to_fd(buffer_t *buf, int fd) #ifndef NO_OPENSSL +static void int_ssl_check(SSL *s, int ret) +{ + int e = SSL_get_error(s, ret); + switch(e) { + /* These seem to be harmless and already "dealt with" by our + * non-blocking environment. NB: "ZERO_RETURN" is the clean + * "error" indicating a successfully closed SSL tunnel. We let + * this happen because our IO loop should not appear to have + * broken on this condition - and outside the IO loop, the + * "shutdown" state is checked. */ + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_X509_LOOKUP: + case SSL_ERROR_ZERO_RETURN: + return; + /* These seem to be indications of a genuine error that should + * result in the SSL tunnel being regarded as "dead". */ + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + SSL_set_app_data(s, (char *)1); + return; + default: + break; + } + /* For any other errors that (a) exist, and (b) crop up - we need to + * interpret what to do with them - so "politely inform" the caller that + * the code needs updating here. */ + abort(); +} + void buffer_from_SSL(buffer_t *buf, SSL *ssl) { int ret; @@ -109,6 +140,8 @@ void buffer_from_SSL(buffer_t *buf, SSL *ssl) ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf)); if(ret > 0) buf->used += ret; + if(ret < 0) + int_ssl_check(ssl, ret); } void buffer_to_SSL(buffer_t *buf, SSL *ssl) @@ -119,6 +152,8 @@ void buffer_to_SSL(buffer_t *buf, SSL *ssl) ret = SSL_write(ssl, buf->data, buf->used); if(ret > 0) buffer_takedata(buf, NULL, ret); + if(ret < 0) + int_ssl_check(ssl, ret); } void buffer_from_BIO(buffer_t *buf, BIO *bio) diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c new file mode 100644 index 000000000..ac7122da4 --- /dev/null +++ b/demos/tunala/cb.c @@ -0,0 +1,133 @@ +#include "tunala.h" + +#ifndef NO_OPENSSL + +/* For callbacks generating output, here are their file-descriptors. */ +static FILE *fp_cb_ssl_info = NULL; +static FILE *fp_cb_ssl_verify = NULL; +/* Output level: + * 0 = nothing, + * 1 = minimal, just errors, + * 2 = minimal, all steps, + * 3 = detail, all steps */ +static unsigned int cb_ssl_verify_level = 1; + +/* Other static rubbish (to mirror s_cb.c where required) */ +static int int_verify_depth = 10; + +/* This function is largely borrowed from the one used in OpenSSL's "s_client" + * and "s_server" utilities. */ +void cb_ssl_info(SSL *s, int where, int ret) +{ + char *str1, *str2; + int w; + + if(!fp_cb_ssl_info) + return; + + w = where & ~SSL_ST_MASK; + str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ? + "SSL_accept" : "undefined")), + str2 = SSL_state_string_long(s); + + if (where & SSL_CB_LOOP) + fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2); + else if (where & SSL_CB_EXIT) { + if (ret == 0) + fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2); +/* In a non-blocking model, we get a few of these "error"s simply because we're + * calling "reads" and "writes" on the state-machine that are virtual NOPs + * simply to avoid wasting the time seeing if we *should* call them. Removing + * this case makes the "-out_state" output a lot easier on the eye. */ +#if 0 + else if (ret < 0) + fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2); +#endif + } +} + +void cb_ssl_info_set_output(FILE *fp) +{ + fp_cb_ssl_info = fp; +} + +static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT"; +static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID"; +static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD"; +static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED"; +static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD"; + +/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */ +int cb_ssl_verify(int ok, X509_STORE_CTX *ctx) +{ + char buf1[256]; /* Used for the subject name */ + char buf2[256]; /* Used for the issuer name */ + const char *reason = NULL; /* Error reason (if any) */ + X509 *err_cert; + int err, depth; + + if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0)) + return ok; + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + buf1[0] = buf2[0] = '\0'; + /* Fill buf1 */ + X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256); + /* Fill buf2 */ + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256); + switch (ctx->error) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + reason = int_reason_no_issuer; + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + reason = int_reason_not_yet; + break; + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + reason = int_reason_before; + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + reason = int_reason_expired; + break; + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + reason = int_reason_after; + break; + } + + if((cb_ssl_verify_level == 1) && ok) + return ok; + fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth); + if(reason) + fprintf(fp_cb_ssl_verify, "error=%s\n", reason); + else + fprintf(fp_cb_ssl_verify, "error=%d\n", err); + if(cb_ssl_verify_level < 3) + return ok; + fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1); + fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2); + if(!ok) + fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok); + return ok; +} + +void cb_ssl_verify_set_output(FILE *fp) +{ + fp_cb_ssl_verify = fp; +} + +void cb_ssl_verify_set_depth(unsigned int verify_depth) +{ + int_verify_depth = verify_depth; +} + +void cb_ssl_verify_set_level(unsigned int level) +{ + if(level < 4) + cb_ssl_verify_level = level; +} + +#endif /* !defined(NO_OPENSSL) */ + diff --git a/demos/tunala/sm.c b/demos/tunala/sm.c index 05bd7b945..c213d110d 100644 --- a/demos/tunala/sm.c +++ b/demos/tunala/sm.c @@ -55,7 +55,7 @@ SSL *state_machine_get_SSL(state_machine_t *machine) return machine->ssl; } -void state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server) +int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server) { if(machine->ssl) /* Shouldn't ever be set twice */ @@ -75,7 +75,7 @@ void state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server) /* If we're the first one to generate traffic - do it now otherwise we * go into the next select empty-handed and our peer will not send data * but will similarly wait for us. */ - state_machine_churn(machine); + return state_machine_churn(machine); } /* Performs the data-IO loop and returns zero if the machine should close */ @@ -98,13 +98,14 @@ int state_machine_churn(state_machine_t *machine) /* Still buffered data on the clean side to go out */ return 1; } - if(SSL_get_shutdown(machine->ssl)) { - /* An SSL shutdown was underway */ - if(buffer_empty(&machine->dirty_out)) { - /* Great, we can seal off the dirty side completely */ - if(!state_machine_close_dirty(machine)) - return 0; - } + /* We close on the SSL side if the info callback noticed some problems + * or an SSL shutdown was underway and shutdown traffic had all been + * sent. */ + if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) && + buffer_empty(&machine->dirty_out))) { + /* Great, we can seal off the dirty side completely */ + if(!state_machine_close_dirty(machine)) + return 0; } /* Either the SSL is alive and well, or the closing process still has * outgoing data waiting to be sent */ @@ -119,7 +120,8 @@ int state_machine_close_clean(state_machine_t *machine) buffer_close(&machine->clean_in); buffer_close(&machine->clean_out); /* And start an SSL shutdown */ - SSL_shutdown(machine->ssl); + if(machine->ssl) + SSL_shutdown(machine->ssl); /* This is an "event", so flush the SSL of any generated traffic */ state_machine_churn(machine); if(buffer_empty(&machine->dirty_in) && diff --git a/demos/tunala/tunala.c b/demos/tunala/tunala.c index b54bb422d..2b3d65d98 100644 --- a/demos/tunala/tunala.c +++ b/demos/tunala/tunala.c @@ -67,7 +67,10 @@ typedef struct _tunala_world_t { /*****************************/ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, - const char *CAfile, const char *cert, const char *key); + const char *CAfile, const char *cert, const char *key, + const char *dcert, const char *dkey, const char *cipher_list, + int out_state, int out_verify, int verify_mode, + unsigned int verify_depth); static void selector_init(tunala_selector_t *selector); static void selector_add_listener(tunala_selector_t *selector, int fd); static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t); @@ -90,24 +93,40 @@ static int def_max_tunnels = 50; static const char *def_cacert = NULL; static const char *def_cert = NULL; static const char *def_key = NULL; +static const char *def_dcert = NULL; +static const char *def_dkey = NULL; static const char *def_engine_id = NULL; static int def_server_mode = 0; +static const char *def_cipher_list = NULL; +static int def_out_state = 0; +static unsigned int def_out_verify = 0; +static int def_verify_mode = 0; +static unsigned int def_verify_depth = 10; static const char *helpstring = - "\n'Tunala' (A tunneler with a New Zealand accent)\n" - "Usage: tunala [options], where options are from;\n" - " -listen [host:]<port> (default = 127.0.0.1:8080)\n" - " -proxy <host>:<port> (default = 127.0.0.1:443)\n" - " -maxtunnels <num> (default = 50)\n" - " -cacert <path|NULL> (default = NULL)\n" - " -cert <path|NULL> (default = NULL)\n" - " -key <path|NULL> (default = whatever '-cert' is)\n" - " -engine <id|NULL> (default = NULL)\n" - " -server <0|1> (default = 0, ie. an SSL client)\n" - " -<h|help|?> (displays this help screen)\n" - "NB: It is recommended to specify a cert+key when operating as an\n" - "SSL server. If you only specify '-cert', the same file must\n" - "contain a matching private key.\n"; +"\n'Tunala' (A tunneler with a New Zealand accent)\n" +"Usage: tunala [options], where options are from;\n" +" -listen [host:]<port> (default = 127.0.0.1:8080)\n" +" -proxy <host>:<port> (default = 127.0.0.1:443)\n" +" -maxtunnels <num> (default = 50)\n" +" -cacert <path|NULL> (default = NULL)\n" +" -cert <path|NULL> (default = NULL)\n" +" -key <path|NULL> (default = whatever '-cert' is)\n" +" -dcert <path|NULL> (usually for DSA, default = NULL)\n" +" -dkey <path|NULL> (usually for DSA, default = whatever '-dcert' is)\n" +" -engine <id|NULL> (default = NULL)\n" +" -server <0|1> (default = 0, ie. an SSL client)\n" +" -cipher <list> (specifies cipher list to use)\n" +" -out_state (prints SSL handshake states)\n" +" -out_verify <0|1|2|3> (prints certificate verification states: def=1)\n" +" -v_peer (verify the peer certificate)\n" +" -v_strict (do not continue if peer doesn't authenticate)\n" +" -v_once (no verification in renegotiates)\n" +" -v_depth <num> (limit certificate chain depth, default = 10)\n" +" -<h|help|?> (displays this help screen)\n" +"NB: It is recommended to specify a cert+key when operating as an\n" +"SSL server. If you only specify '-cert', the same file must\n" +"contain a matching private key.\n"; static int usage(const char *errstr, int isunknownarg) { @@ -161,6 +180,34 @@ static int parse_server_mode(const char *s, int *servermode) return 1; } +static int parse_verify_level(const char *s, unsigned int *verify_level) +{ + unsigned long l; + char *temp; + l = strtoul(s, &temp, 10); + if((temp == s) || (*temp != '\0') || (l > 3)) { + fprintf(stderr, "Error, '%s' is an invalid value for " + "out_verify\n", s); + return 0; + } + *verify_level = (unsigned int)l; + return 1; +} + +static int parse_verify_depth(const char *s, unsigned int *verify_depth) +{ + unsigned long l; + char *temp; + l = strtoul(s, &temp, 10); + if((temp == s) || (*temp != '\0') || (l < 1) || (l > 50)) { + fprintf(stderr, "Error, '%s' is an invalid value for " + "verify_depth\n", s); + return 0; + } + *verify_depth = (unsigned int)l; + return 1; +} + int main(int argc, char *argv[]) { unsigned int loop; @@ -176,8 +223,15 @@ int main(int argc, char *argv[]) const char *cacert = def_cacert; const char *cert = def_cert; const char *key = def_key; + const char *dcert = def_dcert; + const char *dkey = def_dkey; const char *engine_id = def_engine_id; int server_mode = def_server_mode; + const char *cipher_list = def_cipher_list; + int out_state = def_out_state; + unsigned int out_verify = def_out_verify; + int verify_mode = def_verify_mode; + unsigned int verify_depth = def_verify_depth; /* Parse command-line arguments */ next_arg: @@ -229,6 +283,24 @@ next_arg: else key = *argv; goto next_arg; + } else if(strcmp(*argv, "-dcert") == 0) { + if(argc < 2) + return usage("-dcert requires an argument", 0); + argc--; argv++; + if(strcmp(*argv, "NULL") == 0) + dcert = NULL; + else + dcert = *argv; + goto next_arg; + } else if(strcmp(*argv, "-dkey") == 0) { + if(argc < 2) + return usage("-dkey requires an argument", 0); + argc--; argv++; + if(strcmp(*argv, "NULL") == 0) + dkey = NULL; + else + dkey = *argv; + goto next_arg; } else if(strcmp(*argv, "-engine") == 0) { if(argc < 2) return usage("-engine requires an argument", 0); @@ -242,6 +314,38 @@ next_arg: if(!parse_server_mode(*argv, &server_mode)) return 1; goto next_arg; + } else if(strcmp(*argv, "-cipher") == 0) { + if(argc < 2) + return usage("-cipher requires an argument", 0); + argc--; argv++; + cipher_list = *argv; + goto next_arg; + } else if(strcmp(*argv, "-out_state") == 0) { + out_state = 1; + goto next_arg; + } else if(strcmp(*argv, "-out_verify") == 0) { + if(argc < 2) + return usage("-out_verify requires an argument", 0); + argc--; argv++; + if(!parse_verify_level(*argv, &out_verify)) + return 1; + goto next_arg; + } else if(strcmp(*argv, "-v_peer") == 0) { + verify_mode |= SSL_VERIFY_PEER; + goto next_arg; + } else if(strcmp(*argv, "-v_strict") == 0) { + verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + goto next_arg; + } else if(strcmp(*argv, "-v_once") == 0) { + verify_mode |= SSL_VERIFY_CLIENT_ONCE; + goto next_arg; + } else if(strcmp(*argv, "-v_depth") == 0) { + if(argc < 2) + return usage("-v_depth requires an argument", 0); + argc--; argv++; + if(!parse_verify_depth(*argv, &verify_depth)) + return 1; + goto next_arg; } else if((strcmp(*argv, "-h") == 0) || (strcmp(*argv, "-help") == 0) || (strcmp(*argv, "-?") == 0)) { @@ -257,7 +361,8 @@ next_arg: err_str0("ip_initialise succeeded"); /* Create the SSL_CTX */ if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id, - cacert, cert, key)) == NULL) + cacert, cert, key, dcert, dkey, cipher_list, out_state, + out_verify, verify_mode, verify_depth)) == NULL) return err_str1("initialise_ssl_ctx(engine_id=%s) failed", (engine_id == NULL) ? "NULL" : engine_id); err_str1("initialise_ssl_ctx(engine_id=%s) succeeded", @@ -295,7 +400,7 @@ main_loop: fprintf(stderr, "selector_select returned a badness error.\n"); abort(); case 0: - fprintf(stderr, "Warn, selector_select return 0 - signal??\n"); + fprintf(stderr, "Warn, selector_select returned 0 - signal??\n"); goto main_loop; default: break; @@ -306,12 +411,11 @@ main_loop: &newfd) == 1)) { /* We have a new connection */ if(!tunala_world_new_item(&world, newfd, - proxy_ip, proxy_port)) { + proxy_ip, proxy_port)) fprintf(stderr, "tunala_world_new_item failed\n"); - abort(); - } - fprintf(stderr, "Info, new tunnel opened, now up to %d\n", - world.tunnels_used); + else + fprintf(stderr, "Info, new tunnel opened, now up to " + "%d\n", world.tunnels_used); } /* Give each tunnel its moment, note the while loop is because it makes * the logic easier than with "for" to deal with an array that may shift @@ -343,53 +447,13 @@ main_loop: /* OpenSSL bits */ /****************/ -static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, - const char *CAfile, const char *cert, const char *key) +static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key) { - SSL_CTX *ctx, *ret = NULL; - SSL_METHOD *meth; - ENGINE *e = NULL; FILE *fp = NULL; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; + int toret = 0; /* Assume an error */ - OpenSSL_add_ssl_algorithms(); - SSL_load_error_strings(); - - meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method()); - if(meth == NULL) - goto err; - if(engine_id) { - if((e = ENGINE_by_id(engine_id)) == NULL) { - fprintf(stderr, "Error obtaining '%s' engine, openssl " - "errors follow\n", engine_id); - goto err; - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - fprintf(stderr, "Error assigning '%s' engine, openssl " - "errors follow\n", engine_id); - goto err; - } - ENGINE_free(e); - } - if((ctx = SSL_CTX_new(meth)) == NULL) - goto err; - /* cacert */ - if(CAfile) { - if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx), - CAfile, NULL)) { - fprintf(stderr, "Error loading CA cert(s) in '%s'\n", - CAfile); - goto err; - } - fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n", - CAfile); - } else - fprintf(stderr, "Info, operating without a CA cert(-list)\n"); - if(!SSL_CTX_set_default_verify_paths(ctx)) { - fprintf(stderr, "Error setting default verify paths\n"); - goto err; - } /* cert */ if(cert) { if((fp = fopen(cert, "r")) == NULL) { @@ -406,19 +470,23 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, cert); goto err; } - fprintf(stderr, "Info, operating with cert in '%s'\n", cert); + /* Clear the FILE* for reuse in the "key" code */ fclose(fp); fp = NULL; + fprintf(stderr, "Info, operating with cert in '%s'\n", cert); /* If a cert was given without matching key, we assume the same * file contains the required key. */ if(!key) key = cert; - } else - if(key) { + } else { + if(key) fprintf(stderr, "Error, can't specify a key without a " "corresponding certificate\n"); - goto err; - } + else + fprintf(stderr, "Error, ctx_set_cert called with " + "NULLs!\n"); + goto err; + } /* key */ if(key) { if((fp = fopen(key, "r")) == NULL) { @@ -438,8 +506,99 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, fprintf(stderr, "Info, operating with key in '%s'\n", key); } else fprintf(stderr, "Info, operating without a cert or key\n"); + /* Success */ + toret = 1; err: + if(x509) + X509_free(x509); + if(pkey) + EVP_PKEY_free(pkey); + if(fp) + fclose(fp); + return toret; +} + +static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, + const char *CAfile, const char *cert, const char *key, + const char *dcert, const char *dkey, const char *cipher_list, + int out_state, int out_verify, int verify_mode, + unsigned int verify_depth) +{ + SSL_CTX *ctx, *ret = NULL; + SSL_METHOD *meth; + ENGINE *e = NULL; + + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + + meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method()); + if(meth == NULL) + goto err; + if(engine_id) { + if((e = ENGINE_by_id(engine_id)) == NULL) { + fprintf(stderr, "Error obtaining '%s' engine, openssl " + "errors follow\n", engine_id); + goto err; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + fprintf(stderr, "Error assigning '%s' engine, openssl " + "errors follow\n", engine_id); + goto err; + } + ENGINE_free(e); + } + if((ctx = SSL_CTX_new(meth)) == NULL) + goto err; + /* cacert */ + if(CAfile) { + if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx), + CAfile, NULL)) { + fprintf(stderr, "Error loading CA cert(s) in '%s'\n", + CAfile); + goto err; + } + fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n", + CAfile); + } else + fprintf(stderr, "Info, operating without a CA cert(-list)\n"); + if(!SSL_CTX_set_default_verify_paths(ctx)) { + fprintf(stderr, "Error setting default verify paths\n"); + goto err; + } + + /* cert and key */ + if((cert || key) && !ctx_set_cert(ctx, cert, key)) + goto err; + /* dcert and dkey */ + if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey)) + goto err; + + /* cipher_list */ + if(cipher_list) { + if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) { + fprintf(stderr, "Error setting cipher list '%s'\n", + cipher_list); + goto err; + } + fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list); + } else + fprintf(stderr, "Info, operating with default cipher list\n"); - /* Success! */ + /* out_state (output of SSL handshake states to screen). */ + if(out_state) + cb_ssl_info_set_output(stderr); + + /* out_verify */ + if(out_verify > 0) { + cb_ssl_verify_set_output(stderr); + cb_ssl_verify_set_level(out_verify); + } + + /* verify_depth */ + cb_ssl_verify_set_depth(verify_depth); + + /* Success! (includes setting verify_mode) */ + SSL_CTX_set_info_callback(ctx, cb_ssl_info); + SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify); ret = ctx; err: if(!ret) { @@ -447,12 +606,6 @@ err: if(ctx) SSL_CTX_free(ctx); } - if(fp) - fclose(fp); - if(x509) - X509_free(x509); - if(pkey) - EVP_PKEY_free(pkey); return ret; } @@ -577,9 +730,15 @@ static int tunala_world_new_item(tunala_world_t *world, int fd, { tunala_item_t *item; int newfd; + SSL *new_ssl = NULL; if(!tunala_world_make_room(world)) return 0; + if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) { + fprintf(stderr, "Error creating new SSL\n"); + ERR_print_errors_fp(stderr); + return 0; + } item = world->tunnels + (world->tunnels_used++); state_machine_init(&item->sm); item->clean_read = item->clean_send = @@ -596,11 +755,13 @@ static int tunala_world_new_item(tunala_world_t *world, int fd, item->clean_read = item->clean_send = fd; item->dirty_read = item->dirty_send = newfd; } - state_machine_set_SSL(&item->sm, SSL_new(world->ssl_ctx), - world->server_mode); + /* We use the SSL's "app_data" to indicate a call-back induced "kill" */ + SSL_set_app_data(new_ssl, NULL); + if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode)) + goto err; return 1; err: - state_machine_close(&item->sm); + tunala_world_del_item(world, world->tunnels_used - 1); return 0; } @@ -678,7 +839,7 @@ static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item) item->clean_send = -1; item->clean_read = -1; } - if(c_s) { + if(c_s && (item->clean_send != -1)) { close(item->clean_send); if(item->clean_send == item->clean_read) item->clean_read = -1; @@ -690,7 +851,7 @@ static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item) item->dirty_send = -1; item->dirty_read = -1; } - if(d_s) { + if(d_s && (item->dirty_send != -1)) { close(item->dirty_send); if(item->dirty_send == item->dirty_read) item->dirty_read = -1; @@ -716,7 +877,7 @@ static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item) return 0; } if((item->dirty_read == -1) || (item->dirty_send == -1)) { - if(state_machine_close_dirty(&item->sm)) + if(!state_machine_close_dirty(&item->sm)) return 0; } return 1; diff --git a/demos/tunala/tunala.h b/demos/tunala/tunala.h index 7ad012b92..7d4e35dc9 100644 --- a/demos/tunala/tunala.h +++ b/demos/tunala/tunala.h @@ -89,6 +89,14 @@ void buffer_from_SSL(buffer_t *buf, SSL *ssl); void buffer_to_SSL(buffer_t *buf, SSL *ssl); void buffer_from_BIO(buffer_t *buf, BIO *bio); void buffer_to_BIO(buffer_t *buf, BIO *bio); + +/* Callbacks */ +void cb_ssl_info(SSL *s, int where, int ret); +void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */ +int cb_ssl_verify(int ok, X509_STORE_CTX *ctx); +void cb_ssl_verify_set_output(FILE *fp); +void cb_ssl_verify_set_depth(unsigned int verify_depth); +void cb_ssl_verify_set_level(unsigned int level); #endif /* !defined(NO_OPENSSL) */ #endif /* !defined(NO_BUFFER) */ @@ -111,7 +119,7 @@ void state_machine_init(state_machine_t *machine); void state_machine_close(state_machine_t *machine); buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type); SSL *state_machine_get_SSL(state_machine_t *machine); -void state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server); +int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server); /* Performs the data-IO loop and returns zero if the machine should close */ int state_machine_churn(state_machine_t *machine); /* Is used to handle closing conditions - namely when one side of the tunnel has diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt new file mode 100644 index 000000000..74fe84b48 --- /dev/null +++ b/doc/HOWTO/certificates.txt @@ -0,0 +1,85 @@ +[DRAFT!] + HOWTO certificates + +How you handle certificates depend a great deal on what your role is. +Your role can be one or several of: + + - User of some client software + - User of some server software + - Certificate authority + +This file is for users who wish to get a certificate of their own. +Certificate authorities should read ca.txt. + +In all the cases shown below, the standard configuration file, as +compiled into openssl, will be used. You may find it in /etc/, +/usr/local/ssr/ or somewhere else. The name is openssl.cnf, and +is better described in another HOWTO [config.txt?]. If you want to +use a different configuration file, use the argument '-config {file}' +with the command shown below. + + +Certificates are related to public key cryptography by containing a +public key. To be useful, there must be a corresponding private key +somewhere. With OpenSSL, public keys are easily derived from private +keys, so before you create a certificate or a certificate request, you +need to create a private key. + +Private keys are generated with 'openssl genrsa' if you want a RSA +private key, or 'openssl gendsa' if you want a DSA private key. More +info on how to handle these commands are found in the manual pages for +those commands or by running them with the argument '-h'. For the +sake of the description in this file, let's assume that the private +key ended up in the file privkey.pem (which is the default in some +cases). + + +Let's start with the most normal way of getting a certificate. Most +often, you want or need to get a certificate from a certificate +authority. To handle that, the certificate authority needs a +certificate request (or, as some certificate authorities like to put +it, "certificate signing request", since that's exactly what they do, +they sign it and give you the result back, thus making it authentic +according to their policies) from you. To generate a request, use the +command 'openssl req' like this: + + openssl req -new -key privkey.pem -out cert.csr + +Now, cert.csr can be sent to the certificate authority, if they can +handle files in PEM format. If not, use the extra argument '-outform' +followed by the keyword for the format to use (see another HOWTO +[formats.txt?]). In some cases, that isn't sufficient and you will +have to be more creative. + +When the certificate authority has then done the checks the need to +do (and probably gotten payment from you), they will hand over your +new certificate to you. + + +[fill in on how to create a self-signed certificate] + + +If you created everything yourself, or if the certificate authority +was kind enough, your certificate is a raw DER thing in PEM format. +Your key most definitely is if you have followed the examples above. +However, some (most?) certificate authorities will encode them with +things like PKCS7 or PKCS12, or something else. Depending on your +applications, this may be perfectly OK, it all depends on what they +know how to decode. If not, There are a number of OpenSSL tools to +convert between some (most?) formats. + +So, depending on your application, you may have to convert your +certificate and your key to various formats, most often also putting +them together into one file. The ways to do this is described in +another HOWTO [formats.txt?], I will just mention the simplest case. +In the case of a raw DER thing in PEM format, and assuming that's all +right for yor applications, simply concatenating the certificate and +the key into a new file and using that one should be enough. With +some applications, you don't even have to do that. + + +By now, you have your cetificate and your private key and can start +using the software that depend on it. + +-- +Richard Levitte diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod index 6e098940c..07d849c82 100644 --- a/doc/apps/passwd.pod +++ b/doc/apps/passwd.pod @@ -13,6 +13,7 @@ B<openssl passwd> [B<-salt> I<string>] [B<-in> I<file>] [B<-stdin>] +[B<-noverify>] [B<-quiet>] [B<-table>] {I<password>} @@ -22,7 +23,7 @@ B<openssl passwd> The B<passwd> command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for -option B<-stdin>, and from the command line otherwise. +option B<-stdin>, or from the command line, or from the terminal otherwise. The Unix standard algorithm B<crypt> and the MD5-based BSD password algorithm B<1> and its Apache variant B<apr1> are available. @@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm). =item B<-salt> I<string> Use the specified salt. +When reading a password from the terminal, this implies B<-noverify>. =item B<-in> I<file> @@ -54,6 +56,10 @@ Read passwords from I<file>. Read passwords from B<stdin>. +=item B<-noverify> + +Don't verify when reading a password from the terminal. + =item B<-quiet> Don't output warnings when passwords given at the command line are truncated. diff --git a/doc/crypto/BIO_new_bio_pair.pod b/doc/crypto/BIO_new_bio_pair.pod index 2256ba9d3..58a3fb2a9 100644 --- a/doc/crypto/BIO_new_bio_pair.pod +++ b/doc/crypto/BIO_new_bio_pair.pod @@ -12,7 +12,8 @@ BIO_new_bio_pair - create a new BIO pair =head1 DESCRIPTION -BIO_new_bio_pair() creates a buffering BIO pair. It has two endpoints between +BIO_new_bio_pair() creates a buffering BIO pair based on the +L<SSL_set_bio(3)|SSL_set_bio(3)> method. The BIO pair has two endpoints between which data can be buffered. Its typical use is to connect one endpoint as underlying input/output BIO to an SSL and access the other one controlled by the program instead of accessing the network connection directly. diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 0541d4564..57ae2f17a 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -2,8 +2,9 @@ =head1 NAME -BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, -BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +arithmetic operations on BIGNUMs =head1 SYNOPSIS @@ -15,16 +16,26 @@ BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx); - int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); - int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + + int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + + int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + + int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, @@ -34,45 +45,59 @@ BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs =head1 DESCRIPTION -BN_add() adds B<a> and B<b> and places the result in B<r> (C<r=a+b>). -B<r> may be the same B<BIGNUM> as B<a> or B<b>. +BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>). +I<r> may be the same B<BIGNUM> as I<a> or I<b>. -BN_sub() subtracts B<b> from B<a> and places the result in B<r> (C<r=a-b>). +BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>). -BN_mul() multiplies B<a> and B<b> and places the result in B<r> (C<r=a*b>). -B<r> may be the same B<BIGNUM> as B<a> or B<b>. +BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>). +I<r> may be the same B<BIGNUM> as I<a> or I<b>. For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>. -BN_div() divides B<a> by B<d> and places the result in B<dv> and the -remainder in B<rem> (C<dv=a/d, rem=a%d>). Either of B<dv> and B<rem> may -be NULL, in which case the respective value is not returned. +BN_sqr() takes the square of I<a> and places the result in I<r> +(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>. +This function is faster than BN_mul(r,a,a). + +BN_div() divides I<a> by I<d> and places the result in I<dv> and the +remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may +be B<NULL>, in which case the respective value is not returned. +The result is rounded towards zero; thus if I<a> is negative, the +remainder will be zero or negative. For division by powers of 2, use BN_rshift(3). -BN_sqr() takes the square of B<a> and places the result in B<r> -(C<r=a^2>). B<r> and B<a> may be the same B<BIGNUM>. -This function is faster than BN_mul(r,a,a). +BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>. + +BN_nnmod() reduces I<a> modulo I<m> and places the non-negative +remainder in I<r>. + +BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative +result in I<r>. + +BN_mod_sub() substracts I<b> from I<a> modulo I<m> and places the +non-negative result in I<r>. -BN_mod() find the remainder of B<a> divided by B<m> and places it in -B<rem> (C<rem=a%m>). +BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative +remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be +the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for +repeated computations using the same modulus, see +L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and +L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>. -BN_mod_mul() multiplies B<a> by B<b> and finds the remainder when -divided by B<m> (C<r=(a*b)%m>). B<r> may be the same B<BIGNUM> as B<a> -or B<b>. For a more efficient algorithm, see -L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>; for repeated -computations using the same modulus, see L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>. +BN_mod_sqr() takes the square of I<a> modulo B<m> and places the +result in I<r>. -BN_exp() raises B<a> to the B<p>-th power and places the result in B<r> +BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> (C<r=a^p>). This function is faster than repeated applications of BN_mul(). -BN_mod_exp() computes B<a> to the B<p>-th power modulo B<m> (C<r=a^p % +BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p % m>). This function uses less time and space than BN_exp(). -BN_gcd() computes the greatest common divisor of B<a> and B<b> and -places the result in B<r>. B<r> may be the same B<BIGNUM> as B<a> or -B<b>. +BN_gcd() computes the greatest common divisor of I<a> and I<b> and +places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or +I<b>. -For all functions, B<ctx> is a previously allocated B<BN_CTX> used for +For all functions, I<ctx> is a previously allocated B<BN_CTX> used for temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>. Unless noted otherwise, the result B<BIGNUM> must be different from @@ -91,9 +116,11 @@ L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)> =head1 HISTORY -BN_add(), BN_sub(), BN_div(), BN_sqr(), BN_mod(), BN_mod_mul(), +BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(), BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and -OpenSSL. The B<ctx> argument to BN_mul() was added in SSLeay +OpenSSL. The I<ctx> argument to BN_mul() was added in SSLeay 0.9.1b. BN_exp() appeared in SSLeay 0.9.0. +BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in +OpenSSL 0.9.7. =cut diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod index 0b8ab512d..ed4af7a21 100644 --- a/doc/crypto/BN_mod_mul_montgomery.pod +++ b/doc/crypto/BN_mod_mul_montgomery.pod @@ -36,22 +36,23 @@ using the same modulus. BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure. BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>. -BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m> +BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m> by precomputing its inverse and a value R. -BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> B<from> to B<to>. +BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>. BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if it was created by BN_MONT_CTX_new(), also the structure itself. -BN_mod_mul_montgomery() computes Mont(B<a>,B<b>):=B<a>*B<b>*R^-1 and places -the result in B<r>. +BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places +the result in I<r>. -BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1. +BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1. -BN_to_montgomery() computes Mont(B<a>,R^2), i.e. B<a>*R. +BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R. +Note that I<a> must be non-negative and smaller than the modulus. -For all functions, B<ctx> is a previously allocated B<BN_CTX> used for +For all functions, I<ctx> is a previously allocated B<BN_CTX> used for temporary variables. The B<BN_MONT_CTX> structure is defined as follows: @@ -79,6 +80,11 @@ BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values. For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +=head1 WARNING + +The inputs must be reduced modulo B<m>, otherwise the result will be +outside the expected range. + =head1 SEE ALSO L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>, diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod new file mode 100644 index 000000000..79efaa144 --- /dev/null +++ b/doc/crypto/BN_swap.pod @@ -0,0 +1,23 @@ +=pod + +=head1 NAME + +BN_swap - exchange BIGNUMs + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + void BN_swap(BIGNUM *a, BIGNUM *b); + +=head1 DESCRIPTION + +BN_swap() exchanges the values of I<a> and I<b>. + +L<bn(3)|bn(3)> + +=head1 HISTORY + +BN_swap was added in OpenSSL 0.9.7. + +=cut diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod index 02edb7aa7..e20dfcb55 100644 --- a/doc/crypto/RSA_public_encrypt.pod +++ b/doc/crypto/RSA_public_encrypt.pod @@ -74,10 +74,6 @@ SSL, PKCS #1 v2.0 L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)> -=head1 NOTES - -The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode. - =head1 HISTORY The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index bc0891a44..14917dd35 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -3,7 +3,7 @@ =head1 NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, +RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, RSA_new_method - select RSA method =head1 SYNOPSIS @@ -21,8 +21,6 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method RSA_METHOD *RSA_PKCS1_SSLeay(void); - RSA_METHOD *RSA_PKCS1_RSAref(void); - RSA_METHOD *RSA_null_method(void); int RSA_flags(RSA *rsa); @@ -35,17 +33,8 @@ An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. -Initially, the default is to use the OpenSSL internal implementation, -unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL> -options. RSA_PKCS1_SSLeay() returns a pointer to that method. - -RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref -library. This is the default method in the C<rsaref> configuration; -the function is not available in other configurations. -RSA_null_method() returns a pointer to a method that does not support -the RSA transformation. It is the default if OpenSSL is compiled with -C<-DRSA_NULL>. These methods may be useful in the USA because of a -patent on the RSA cryptosystem. +Initially, the default is to use the OpenSSL internal implementation. +RSA_PKCS1_SSLeay() returns a pointer to that method. RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> structures created later. B<NB:> This is true only whilst the default engine @@ -132,9 +121,8 @@ the default engine for RSA operations is used. =head1 RETURN VALUES -RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(), -RSA_get_default_openssl_method() and RSA_get_method() return pointers to -the respective RSA_METHODs. +RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() +and RSA_get_method() return pointers to the respective RSA_METHODs. RSA_set_default_openssl_method() returns no value. @@ -163,6 +151,6 @@ added in OpenSSL 0.9.4. RSA_set_default_openssl_method() and RSA_get_default_openssl_method() replaced RSA_set_default_method() and RSA_get_default_method() respectively, and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s -rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. +rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6. =cut diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index 1504a1c92..224dfe166 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -21,19 +21,27 @@ bn - multiprecision integer arithmetics BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); BIGNUM *BN_dup(const BIGNUM *a); + BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); + int BN_num_bytes(const BIGNUM *a); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG w); - int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx); - int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); @@ -137,7 +145,7 @@ of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. L<bn_internal(3)|bn_internal(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, -L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, +L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 8da244aed..d6f3cfe2e 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -34,9 +34,9 @@ library internal functions int nb); void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *tmp); + int dna,int dnb,BN_ULONG *tmp); void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int tn, int n, BN_ULONG *tmp); + int n, int tna,int tnb, BN_ULONG *tmp); void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *tmp); void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, @@ -152,14 +152,15 @@ bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word arrays B<r>, B<a> and B<b>. It computes the B<n> low words of B<a>*B<b> and places the result in B<r>. -bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2> -word arrays B<a> and B<b> and the 2*B<n2> word arrays B<r> and B<t>. -B<n2> must be a power of 2. It computes B<a>*B<b> and places the -result in B<r>. +bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates +on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb> +(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2> +word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes +B<a>*B<b> and places the result in B<r>. -bn_mul_part_recursive(B<r>, B<a>, B<b>, B<tn>, B<n>, B<tmp>) operates -on the B<n>+B<tn> word arrays B<a> and B<b> and the 4*B<n> word arrays -B<r> and B<tmp>. +bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb, B<tmp>) +operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and +B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>. bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a> diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod index 4e87aee82..8c4ca6ab3 100644 --- a/doc/crypto/lhash.pod +++ b/doc/crypto/lhash.pod @@ -9,20 +9,24 @@ lh_doall_arg, lh_error - dynamic hash table #include <openssl/lhash.h> - LHASH *lh_new(unsigned long (*hash)(/*void *a*/), - int (*compare)(/*void *a,void *b*/)); + LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare); void lh_free(LHASH *table); void *lh_insert(LHASH *table, void *data); void *lh_delete(LHASH *table, void *data); void *lh_retrieve(LHASH *table, void *data); - void lh_doall(LHASH *table, void (*func)(/*void *b*/)); - void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), + void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func); + void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func, void *arg); int lh_error(LHASH *table); + typedef int (*LHASH_COMP_FN_TYPE)(void *, void *); + typedef unsigned long (*LHASH_HASH_FN_TYPE)(void *); + typedef void (*LHASH_DOALL_FN_TYPE)(void *); + typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); + =head1 DESCRIPTION This library implements dynamic hash tables. The hash table entries @@ -34,7 +38,44 @@ the structure and returns an unsigned long hash value of its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. B<compare> takes two arguments, and returns 0 if their keys are -equal, non-zero otherwise. +equal, non-zero otherwise. If your hash table will contain items of +some uniform type, and similarly the B<hash> and B<compare> callbacks +hash or compare the same type, then the B<DECLARE_LHASH_HASH_FN> and +B<IMPLEMENT_LHASH_COMP_FN> macros can be used to create callback +wrappers of the prototypes required in lh_new(). These provide +per-variable casts before calling the type-specific callbacks written +by the application author. These macros are defined as; + + #define DECLARE_LHASH_HASH_FN(f_name,o_type) \ + unsigned long f_name##_LHASH_HASH(void *); + #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ + unsigned long f_name##_LHASH_HASH(void *arg) { \ + o_type a = (o_type)arg; \ + return f_name(a); } + #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH + + #define DECLARE_LHASH_COMP_FN(f_name,o_type) \ + int f_name##_LHASH_COMP(void *, void *); + #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ + int f_name##_LHASH_COMP(void *arg1, void *arg2) { \ + o_type a = (o_type)arg1; \ + o_type b = (o_type)arg2; \ + return f_name(a,b); } + #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP + +An example of a hash table storing (pointers to) a structure type 'foo' +could be defined as follows; + + unsigned long foo_hash(foo *tohash); + int foo_compare(foo *arg1, foo *arg2); + static IMPLEMENT_LHASH_HASH_FN(foo_hash, foo *) + static IMPLEMENT_LHASH_COMP_FN(foo_compare, foo *); + /* ... */ + int main(int argc, char *argv[]) { + LHASH *hashtable = lh_new(LHASH_HASH_FN(foo_hash), + LHASH_COMP_FN(foo_compare)); + /* ... */ + } lh_free() frees the B<LHASH> structure B<table>. Allocated hash table entries will not be freed; consider using lh_doall() to deallocate any @@ -56,7 +97,7 @@ the data item as parameters. This function can be quite useful when used as follows: void cleanup(STUFF *a) { STUFF_free(a); } - lh_doall(hash,cleanup); + lh_doall(hash,(LHASH_DOALL_FN_TYPE)cleanup); lh_free(hash); This can be used to free all the entries. lh_free() then cleans up the 'buckets' that point to nothing. When doing this, be careful if you @@ -67,7 +108,9 @@ solution to this problem is to set hash-E<gt>down_load=0 before you start. This will stop the hash table ever being decreased in size. lh_doall_arg() is the same as lh_doall() except that B<func> will -be called with B<arg> as the second argument. +be called with B<arg> as the second argument and B<func> should be +of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype that is +passed an extra argument). lh_error() can be used to determine if an error occurred in the last operation. lh_error() is a macro. diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index ef0d4df20..09ad30cab 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -37,7 +37,6 @@ rsa - RSA public key cryptosystem int RSA_set_method(RSA *rsa, ENGINE *engine); RSA_METHOD *RSA_get_method(RSA *rsa); RSA_METHOD *RSA_PKCS1_SSLeay(void); - RSA_METHOD *RSA_PKCS1_RSAref(void); RSA_METHOD *RSA_null_method(void); int RSA_flags(RSA *rsa); RSA *RSA_new_method(ENGINE *engine); diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod index 7fea14ee6..bf851dcea 100644 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ b/doc/ssl/SSL_CIPHER_get_name.pod @@ -2,8 +2,7 @@ =head1 NAME -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, -SSL_CIPHER_description - get SSL_CIPHER properties +SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties =head1 SYNOPSIS @@ -29,9 +28,10 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B<buf> of length B<len> provided. B<len> must be at least -128 bytes, otherwise the string "Buffer too small" is returned. If B<buf> -is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the -allocation fails, the string "OPENSSL_malloc Error" is returned. +128 bytes, otherwise a pointer to the the string "Buffer too small" is +returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using +OPENSSL_malloc(). If the allocation fails, a pointer to the string +"OPENSSL_malloc Error" is returned. =head1 NOTES @@ -40,11 +40,66 @@ export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for B<alg_bits>), of which however 88bits are fixed. The search space is hence only 40 bits. +The string returned by SSL_CIPHER_description() in case of success consists +of cleartext information seperated by one or more blanks in the following +sequence: + +=over 4 + +=item <ciphername> + +Textual representation of the cipher name. + +=item <protocol version> + +Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3. + +=item Kx=<key exchange> + +Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or +B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>), +B<DH/RSA>, B<DH/DSS>, B<Fortezza>. + +=item Au=<authentication> + +Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the +representation of anonymous ciphers. + +=item Enc=<symmectric encryption method> + +Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>, +B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>, +B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>. + +=item Mac=<message authentication code> + +Message digest: B<MD5>, B<SHA1>. + +=item <export flag> + +If the cipher is flagged exportable with respect to old US crypto +regulations, the word "B<export>" is printed. + +=back + +=head1 EXAMPLES + +Some examples for the output of SSL_CIPHER_description(): + + EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 + EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 + RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 + EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export + =head1 BUGS If SSL_CIPHER_description() is called with B<cipher> being NULL, the library crashes. +If SSL_CIPHER_description() cannot handle a built-in cipher, the according +description of the cipher property is B<unknown>. This case should not +occur. + =head1 RETURN VALUES See DESCRIPTION @@ -52,6 +107,6 @@ See DESCRIPTION =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)> +L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)> =cut diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod index aeeee1a3b..8e11606da 100644 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -46,7 +46,7 @@ is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the B<c_rehash> utility to create the necessary links. -The certificates in B<CAfile> are only looked up when required, e.g. when +The certificates in B<CApath> are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. @@ -62,6 +62,9 @@ matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure. +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from B<CAfile>/B<CApath>. + =head1 WARNINGS If several CA certificates matching the name, key identifier, and serial diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index d85b56425..bd6872f61 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -48,16 +48,26 @@ has been closed. =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE The operation did not complete; the same TLS/SSL I/O function should be -called again later. There will be protocol progress if, by then, the -underlying B<BIO> has data available for reading (if the result code is -B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>). -For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that -select() or poll() on the underlying socket can be used to find out -when the TLS/SSL I/O function should be retried. +called again later. If, by then, the underlying B<BIO> has data +available for reading (if the result code is B<SSL_ERROR_WANT_READ>) +or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL +protocol progress will take place, i.e. at least part of an TLS/SSL +record will be read or written. Note that the retry may again lead to +a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. + +For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or +poll() on the underlying socket can be used to find out when the +TLS/SSL I/O function should be retried. Caveat: Any TLS/SSL I/O function can lead to either of -B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read() -may want to write data and SSL_write() may want to read data. +B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>. In particular, +SSL_read() may want to write data and SSL_write() may want to read +data. This is mainly because TLS/SSL handshakes may occur at any time +during the protocol (initiated by either the client or the server); +SSL_read() and SSL_write() will handle any pending handshakes. =item SSL_ERROR_WANT_X509_LOOKUP diff --git a/makevms.com b/makevms.com index 15cbc9ce9..f3372ca3b 100755 --- a/makevms.com +++ b/makevms.com @@ -389,7 +389,7 @@ $ EXHEADER_DSA := dsa.h $ EXHEADER_DH := dh.h $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h -$ EXHEADER_RIJNDAEL := rijndael-alg-fst.h,rijndael.h +$ EXHEADER_RIJNDAEL := rd_fst.h,rijndael.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h @@ -425,8 +425,8 @@ $ LOOP_SDIRS_END: $! $! Copy All The ".H" Files From The [.RSAREF] Directory. $! -$ EXHEADER := rsaref.h -$ COPY SYS$DISK:[.RSAREF]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] +$! EXHEADER := rsaref.h +$! COPY SYS$DISK:[.RSAREF]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] $! $! Copy All The ".H" Files From The [.SSL] Directory. $! @@ -473,6 +473,9 @@ $! $! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE Library. $! $ RSAREF: +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "RSAref glue library not built, since it's no longer needed" +$ RETURN $! $! Tell The User What We Are Doing. $! @@ -648,7 +651,6 @@ $ WRITE SYS$OUTPUT " CONFIG : Just build the [.CRYPTO]OPENSSLCONF.H fi $ WRITE SYS$OUTPUT " BUILDINF : Just build the [.CRYPTO]BUILDINF.H file." $ WRITE SYS$OUTPUT " SOFTLINKS: Just Fix The Unix soft links." $ WRITE SYS$OUTPUT " BUILDALL : Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done." -$ WRITE SYS$OUTPUT " RSAREF : To Build Just The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library." $ WRITE SYS$OUTPUT " CRYPTO : To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." $ WRITE SYS$OUTPUT " CRYPTO/x : To Build Just The x Part Of The" $ WRITE SYS$OUTPUT " [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." @@ -677,6 +679,7 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! +$ P2 = "NORSAREF" $ IF (P2.EQS."NORSAREF") $ THEN $! diff --git a/ms/testss.bat b/ms/testss.bat index 36863a501..d9ae62543 100755 --- a/ms/testss.bat +++ b/ms/testss.bat @@ -1,4 +1,4 @@ -echo=on
+echo on
rem set ssleay=..\out\ssleay
set ssleay=%1
diff --git a/openssl.spec b/openssl.spec index 0f2856bb1..501151ab4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -109,9 +109,9 @@ for x in $RPM_BUILD_ROOT/usr/man/man*/* do mv ${x} ${x}ssl done -# Install RSAref stuff -install -m644 rsaref/rsaref.h $RPM_BUILD_ROOT/usr/include/openssl -install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib +## Install RSAref stuff +#install -m644 rsaref/rsaref.h $RPM_BUILD_ROOT/usr/include/openssl +#install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib # Make backwards-compatibility symlink to ssleay ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index 37f1ef0a0..7205e25c5 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -5,7 +5,7 @@ DIR= ssl TOP= .. CC= cc -INCLUDES= -I../crypto -I../include +INCLUDES= -I../crypto -I../include $(KRB5_INCLUDES) CFLAG=-g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -14,6 +14,9 @@ MAKE= make -f Makefile.ssl MAKEDEPEND= $(TOP)/util/domd $(TOP) MAKEFILE= Makefile.ssl AR= ar r +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= CFLAGS= $(INCLUDES) $(CFLAG) @@ -30,7 +33,7 @@ LIBSRC= \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c \ - bio_ssl.c ssl_err.c + bio_ssl.c ssl_err.c kssl.c LIBOBJ= \ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ @@ -39,11 +42,11 @@ LIBOBJ= \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o \ - bio_ssl.o ssl_err.o + bio_ssl.o ssl_err.o kssl.o SRC= $(LIBSRC) -EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h +EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h HEADER= $(EXHEADER) ssl_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -102,22 +105,45 @@ bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h bio_ssl.o: ../include/openssl/des.h ../include/openssl/dh.h bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h -bio_ssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h -bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h -bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -bio_ssl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -bio_ssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -bio_ssl.o: ../include/openssl/x509_vfy.h +bio_ssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h +bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +bio_ssl.o: ../include/openssl/md4.h ../include/openssl/md5.h +bio_ssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +bio_ssl.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +kssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +kssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h +kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h +kssl.o: ../include/openssl/des.h ../include/openssl/dh.h +kssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +kssl.o: ../include/openssl/evp.h ../include/openssl/idea.h +kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +kssl.o: ../include/openssl/md2.h ../include/openssl/md4.h +kssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +kssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +kssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +kssl.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +kssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +kssl.o: ../include/openssl/x509_vfy.h s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -126,22 +152,22 @@ s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s23_clnt.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h +s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s23_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s23_clnt.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s23_clnt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -150,21 +176,22 @@ s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s23_lib.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s23_lib.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s23_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s23_lib.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s23_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -173,21 +200,22 @@ s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h -s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h -s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s23_meth.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s23_meth.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h +s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s23_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s23_meth.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s23_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -196,21 +224,22 @@ s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s23_pkt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s23_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s23_pkt.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s23_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -219,22 +248,22 @@ s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h -s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h -s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s23_srvr.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h +s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h +s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s23_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s23_srvr.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s23_srvr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -243,22 +272,22 @@ s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s2_clnt.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h +s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s2_clnt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -267,21 +296,22 @@ s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_enc.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s2_enc.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_enc.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -290,21 +320,22 @@ s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_lib.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s2_lib.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_lib.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -313,21 +344,22 @@ s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_meth.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s2_meth.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_meth.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s2_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -336,21 +368,22 @@ s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s2_pkt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_pkt.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -359,22 +392,22 @@ s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s2_srvr.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h +s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s2_srvr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -383,22 +416,22 @@ s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s3_both.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h +s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_both.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s3_both.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s3_both.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s3_both.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -407,22 +440,23 @@ s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s3_clnt.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h +s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s3_clnt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.h +s3_clnt.o: ssl_locl.h s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -431,21 +465,22 @@ s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s3_enc.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s3_enc.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s3_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s3_enc.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s3_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -454,21 +489,22 @@ s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s3_lib.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s3_lib.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s3_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s3_lib.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s3_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -477,21 +513,22 @@ s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s3_meth.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s3_meth.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s3_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s3_meth.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s3_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -500,21 +537,22 @@ s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -s3_pkt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s3_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s3_pkt.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +s3_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -523,22 +561,23 @@ s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h -s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s3_srvr.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h +s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +s3_srvr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.h +s3_srvr.o: ssl_locl.h ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -547,21 +586,22 @@ ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_algs.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_algs.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_algs.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_algs.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_algs.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -570,22 +610,22 @@ ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_asn1.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_locl.h +ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssl_asn1.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -595,23 +635,23 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_cert.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_cert.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -ssl_cert.o: ssl_locl.h +ssl_cert.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssl_cert.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_cert.o: ../include/openssl/x509v3.h ssl_locl.h ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -620,21 +660,22 @@ ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_ciph.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_ciph.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_ciph.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_ciph.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_ciph.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -642,22 +683,22 @@ ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_err.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssl_err.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err.o: ../include/openssl/x509_vfy.h +ssl_err.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_err.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_err.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_err.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssl_err.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -665,22 +706,22 @@ ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err2.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err2.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_err2.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssl_err2.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err2.o: ../include/openssl/x509_vfy.h +ssl_err2.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_err2.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_err2.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssl_err2.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -690,22 +731,22 @@ ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_lib.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h +ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_lib.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -714,21 +755,22 @@ ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_rsa.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_rsa.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -737,22 +779,22 @@ ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_sess.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h +ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssl_sess.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -761,21 +803,22 @@ ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_stat.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_stat.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_stat.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_stat.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_stat.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -784,21 +827,22 @@ ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -ssl_txt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_txt.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_txt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_txt.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +ssl_txt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -807,22 +851,22 @@ t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h -t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h -t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -t1_clnt.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h +t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +t1_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +t1_clnt.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +t1_clnt.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -831,22 +875,22 @@ t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h -t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h -t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -t1_enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h +t1_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h +t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h +t1_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h +t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +t1_enc.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +t1_enc.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -855,21 +899,22 @@ t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -t1_lib.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -t1_lib.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +t1_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +t1_lib.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +t1_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -878,21 +923,22 @@ t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h -t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h -t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h -t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -t1_meth.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h -t1_meth.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h -t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h +t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +t1_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +t1_meth.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h +t1_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h @@ -901,19 +947,19 @@ t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h -t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h -t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h -t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -t1_srvr.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h +t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h +t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +t1_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +t1_srvr.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +t1_srvr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h diff --git a/ssl/kssl.c b/ssl/kssl.c new file mode 100644 index 000000000..fe7f4ebe5 --- /dev/null +++ b/ssl/kssl.c @@ -0,0 +1,1040 @@ +/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl +** +** 19990701 VRS Started. +*/ + +#ifndef NO_KRB5 +#include <string.h> +#include <openssl/ssl.h> + +/* + * When OpenSSL is built on Windows, we do not want to require that + * the Kerberos DLLs be available in order for the OpenSSL DLLs to + * work. Therefore, all Kerberos routines are loaded at run time + * and we do not link to a .LIB file. + */ + +#if defined(WINDOWS) || defined(WIN32) +/* + * The purpose of the following pre-processor statements is to provide + * compatibility with different releases of MIT Kerberos for Windows. + * All versions up to 1.2 used macros. But macros do not allow for + * a binary compatible interface for DLLs. Therefore, all macros are + * being replaced by function calls. The following code will allow + * an OpenSSL DLL built on Windows to work whether or not the macro + * or function form of the routines are utilized. + */ +#ifdef krb5_cc_get_principal +#define NO_DEF_KRB5_CCACHE +#undef krb5_cc_get_principal +#endif +#define krb5_cc_get_principal kssl_krb5_cc_get_principal + +#define krb5_free_data_contents kssl_krb5_free_data_contents +#define krb5_free_context kssl_krb5_free_context +#define krb5_auth_con_free kssl_krb5_auth_con_free +#define krb5_free_principal kssl_krb5_free_principal +#define krb5_mk_req_extended kssl_krb5_mk_req_extended +#define krb5_get_credentials kssl_krb5_get_credentials +#define krb5_cc_default kssl_krb5_cc_default +#define krb5_sname_to_principal kssl_krb5_sname_to_principal +#define krb5_init_context kssl_krb5_init_context +#define krb5_free_ticket kssl_krb5_free_ticket +#define krb5_rd_req kssl_krb5_rd_req +#define krb5_kt_default kssl_krb5_kt_default +#define krb5_kt_resolve kssl_krb5_kt_resolve +#define krb5_auth_con_init kssl_krb5_auth_con_init + +/* Prototypes for built in stubs */ +void kssl_krb5_free_data_contents(krb5_context, krb5_data *); +void kssl_krb5_free_principal(krb5_context, krb5_principal ); +krb5_error_code kssl_krb5_kt_resolve(krb5_context, + krb5_const char *, + krb5_keytab *); +krb5_error_code kssl_krb5_kt_default(krb5_context, + krb5_keytab *); +krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); +krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, + krb5_const krb5_data *, + krb5_const_principal, krb5_keytab, + krb5_flags *,krb5_ticket **); +krb5_error_code kssl_krb5_mk_req_extended(krb5_context, + krb5_auth_context *, + krb5_const krb5_flags, + krb5_data *, + krb5_creds *, + krb5_data * ); +krb5_error_code kssl_krb5_init_context(krb5_context *); +void kssl_krb5_free_context(krb5_context); +krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *); +krb5_error_code kssl_krb5_sname_to_principal(krb5_context, + krb5_const char *, + krb5_const char *, + krb5_int32, + krb5_principal *); +krb5_error_code kssl_krb5_get_credentials(krb5_context, + krb5_const krb5_flags, + krb5_ccache, + krb5_creds *, + krb5_creds * *); +krb5_error_code kssl_krb5_auth_con_init(krb5_context, + krb5_auth_context *); +krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, + krb5_ccache cache, + krb5_principal *principal); +krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context); + +/* Function pointers (almost all Kerberos functions are _stdcall) */ +static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)=NULL; +static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )=NULL; +static krb5_error_code(_stdcall *p_krb5_kt_resolve)(krb5_context, krb5_const char *, + krb5_keytab *)=NULL; +static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context, + krb5_keytab *)=NULL; +static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, + krb5_ticket *)=NULL; +static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, + krb5_auth_context *, + krb5_const krb5_data *, + krb5_const_principal, + krb5_keytab, krb5_flags *, + krb5_ticket **)=NULL; +static krb5_error_code (_stdcall *p_krb5_mk_req_extended) (krb5_context, + krb5_auth_context *, + krb5_const krb5_flags, + krb5_data *, + krb5_creds *, + krb5_data * )=NULL; +static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL; +static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL; +static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context, + krb5_ccache *)=NULL; +static krb5_error_code (_stdcall *p_krb5_sname_to_principal)(krb5_context, + krb5_const char *, + krb5_const char *, + krb5_int32, + krb5_principal *)=NULL; +static krb5_error_code (_stdcall *p_krb5_get_credentials)(krb5_context, + krb5_const krb5_flags, + krb5_ccache, + krb5_creds *, + krb5_creds * *)=NULL; +static krb5_error_code (_stdcall *p_krb5_auth_con_init)(krb5_context, + krb5_auth_context *)=NULL; +static krb5_error_code (_stdcall *p_krb5_cc_get_principal)(krb5_context context, + krb5_ccache cache, + krb5_principal *principal)=NULL; +static krb5_error_code (_stdcall *p_krb5_auth_con_free)(krb5_context, + krb5_auth_context)=NULL; +static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ + +/* Function to Load the Kerberos 5 DLL and initialize function pointers */ +void +load_krb5_dll(void) + { + HANDLE hKRB5_32; + + krb5_loaded++; + hKRB5_32 = LoadLibrary("KRB5_32"); + if (!hKRB5_32) + return; + + (FARPROC) p_krb5_free_data_contents = + GetProcAddress( hKRB5_32, "krb5_free_data_contents" ); + (FARPROC) p_krb5_free_context = + GetProcAddress( hKRB5_32, "krb5_free_context" ); + (FARPROC) p_krb5_auth_con_free = + GetProcAddress( hKRB5_32, "krb5_auth_con_free" ); + (FARPROC) p_krb5_free_principal = + GetProcAddress( hKRB5_32, "krb5_free_principal" ); + (FARPROC) p_krb5_mk_req_extended = + GetProcAddress( hKRB5_32, "krb5_mk_req_extended" ); + (FARPROC) p_krb5_get_credentials = + GetProcAddress( hKRB5_32, "krb5_get_credentials" ); + (FARPROC) p_krb5_cc_get_principal = + GetProcAddress( hKRB5_32, "krb5_cc_get_principal" ); + (FARPROC) p_krb5_cc_default = + GetProcAddress( hKRB5_32, "krb5_cc_default" ); + (FARPROC) p_krb5_sname_to_principal = + GetProcAddress( hKRB5_32, "krb5_sname_to_principal" ); + (FARPROC) p_krb5_init_context = + GetProcAddress( hKRB5_32, "krb5_init_context" ); + (FARPROC) p_krb5_free_ticket = + GetProcAddress( hKRB5_32, "krb5_free_ticket" ); + (FARPROC) p_krb5_rd_req = + GetProcAddress( hKRB5_32, "krb5_rd_req" ); + (FARPROC) p_krb5_kt_default = + GetProcAddress( hKRB5_32, "krb5_kt_default" ); + (FARPROC) p_krb5_kt_resolve = + GetProcAddress( hKRB5_32, "krb5_kt_resolve" ); + (FARPROC) p_krb5_auth_con_init = + GetProcAddress( hKRB5_32, "krb5_auth_con_init" ); + } + +/* Stubs for each function to be dynamicly loaded */ +void +kssl_krb5_free_data_contents(krb5_context CO, krb5_data * data) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_free_data_contents ) + p_krb5_free_data_contents(CO,data); + } + +krb5_error_code +kssl_krb5_mk_req_extended (krb5_context CO, + krb5_auth_context * pACO, + krb5_const krb5_flags F, + krb5_data * pD1, + krb5_creds * pC, + krb5_data * pD2) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_mk_req_extended ) + return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2)); + else + return KRB5KRB_ERR_GENERIC; + } +krb5_error_code +kssl_krb5_auth_con_init(krb5_context CO, + krb5_auth_context * pACO) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_auth_con_init ) + return(p_krb5_auth_con_init(CO,pACO)); + else + return KRB5KRB_ERR_GENERIC; + } +krb5_error_code +kssl_krb5_auth_con_free (krb5_context CO, + krb5_auth_context ACO) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_auth_con_free ) + return(p_krb5_auth_con_free(CO,ACO)); + else + return KRB5KRB_ERR_GENERIC; + } +krb5_error_code +kssl_krb5_get_credentials(krb5_context CO, + krb5_const krb5_flags F, + krb5_ccache CC, + krb5_creds * pCR, + krb5_creds ** ppCR) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_get_credentials ) + return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR)); + else + return KRB5KRB_ERR_GENERIC; + } +krb5_error_code +kssl_krb5_sname_to_principal(krb5_context CO, + krb5_const char * pC1, + krb5_const char * pC2, + krb5_int32 I, + krb5_principal * pPR) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_sname_to_principal ) + return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR)); + else + return KRB5KRB_ERR_GENERIC; + } + +krb5_error_code +kssl_krb5_cc_default(krb5_context CO, + krb5_ccache * pCC) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_cc_default ) + return(p_krb5_cc_default(CO,pCC)); + else + return KRB5KRB_ERR_GENERIC; + } + +krb5_error_code +kssl_krb5_init_context(krb5_context * pCO) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_init_context ) + return(p_krb5_init_context(pCO)); + else + return KRB5KRB_ERR_GENERIC; + } + +void +kssl_krb5_free_context(krb5_context CO) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_free_context ) + p_krb5_free_context(CO); + } + +void +kssl_krb5_free_principal(krb5_context c, krb5_principal p) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_free_principal ) + p_krb5_free_principal(c,p); + } + +krb5_error_code +kssl_krb5_kt_resolve(krb5_context con, + krb5_const char * sz, + krb5_keytab * kt) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_kt_resolve ) + return(p_krb5_kt_resolve(con,sz,kt)); + else + return KRB5KRB_ERR_GENERIC; + } + +krb5_error_code +kssl_krb5_kt_default(krb5_context con, + krb5_keytab * kt) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_kt_default ) + return(p_krb5_kt_default(con,kt)); + else + return KRB5KRB_ERR_GENERIC; + } + +krb5_error_code +kssl_krb5_free_ticket(krb5_context con, + krb5_ticket * kt) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_free_ticket ) + return(p_krb5_free_ticket(con,kt)); + else + return KRB5KRB_ERR_GENERIC; + } + +krb5_error_code +kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon, + krb5_const krb5_data * data, + krb5_const_principal princ, krb5_keytab keytab, + krb5_flags * flags, krb5_ticket ** pptkt) + { + if (!krb5_loaded) + load_krb5_dll(); + + if ( p_krb5_rd_req ) + return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt)); + else + return KRB5KRB_ERR_GENERIC; + } + +/* Structure definitions */ +#ifndef NO_DEF_KRB5_CCACHE +#ifndef krb5_x +#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) +#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) +#endif + +typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ + +typedef struct _krb5_ccache + { + krb5_magic magic; + struct _krb5_cc_ops FAR *ops; + krb5_pointer data; + } *krb5_ccache; + +typedef struct _krb5_cc_ops + { + krb5_magic magic; + char *prefix; + char * (KRB5_CALLCONV *get_name) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (KRB5_CALLCONV *resolve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache *, + const char *)); + krb5_error_code (KRB5_CALLCONV *gen_new) KRB5_NPROTOTYPE((krb5_context, krb5_ccache *)); + krb5_error_code (KRB5_CALLCONV *init) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_principal)); + krb5_error_code (KRB5_CALLCONV *destroy) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (KRB5_CALLCONV *close) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (KRB5_CALLCONV *store) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_creds *)); + krb5_error_code (KRB5_CALLCONV *retrieve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags, krb5_creds *, + krb5_creds *)); + krb5_error_code (KRB5_CALLCONV *get_princ) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_principal *)); + krb5_error_code (KRB5_CALLCONV *get_first) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *)); + krb5_error_code (KRB5_CALLCONV *get_next) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *, krb5_creds *)); + krb5_error_code (KRB5_CALLCONV *end_get) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *)); + krb5_error_code (KRB5_CALLCONV *remove_cred) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags, krb5_creds *)); + krb5_error_code (KRB5_CALLCONV *set_flags) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags)); + } krb5_cc_ops; +#endif /* NO_DEF_KRB5_CCACHE */ + +krb5_error_code +kssl_krb5_cc_get_principal + (krb5_context context, krb5_ccache cache, + krb5_principal *principal) + { + if ( p_krb5_cc_get_principal ) + return(p_krb5_cc_get_principal(context,cache,principal)); + else + return(krb5_x ((cache)->ops->get_princ,(context, cache, principal))); + } +#endif /* WINDOWS || WIN32 */ + +char +*kstring(char *string) + { + static char *null = "[NULL]"; + + return ((string == NULL)? null: string); + } + +#define MAXKNUM 255 +char +*knumber(int len, krb5_octet *contents) + { + static char buf[MAXKNUM+1]; + int i; + + BIO_snprintf(buf, MAXKNUM, "[%d] ", len); + + for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++) + { + BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]); + } + + return (buf); + } + + +/* Set kssl_err error info when reason text is a simple string +** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } +*/ +void +kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) + { + if (kssl_err == NULL) return; + + kssl_err->reason = reason; + BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text); + return; + } + + +/* Display contents of krb5_data struct, for debugging +*/ +void +print_krb5_data(char *label, krb5_data *kdata) + { + int i; + + printf("%s[%d] ", label, kdata->length); + for (i=0; i < kdata->length; i++) + { + if (isprint((int) kdata->data[i])) + printf( "%c ", kdata->data[i]); + else + printf( "%02x", kdata->data[i]); + } + printf("\n"); + } + + +/* Display contents of krb5_authdata struct, for debugging +*/ +void +print_krb5_authdata(char *label, krb5_authdata **adata) + { + if (adata == NULL) + { + printf("%s, authdata==0\n", label); + return; + } + printf("%s [%p]\n", label, adata); +#if 0 + { + int i; + printf("%s[at%d:%d] ", label, adata->ad_type, adata->length); + for (i=0; i < adata->length; i++) + { + printf((isprint(adata->contents[i]))? "%c ": "%02x", + adata->contents[i]); + } + printf("\n"); + } +#endif + } + + +/* Display contents of krb5_keyblock struct, for debugging +*/ +void +print_krb5_keyblock(char *label, krb5_keyblock *keyblk) + { + int i; + + if (keyblk == NULL) + { + printf("%s, keyblk==0\n", label); + return; + } +#ifdef KRB5_HEIMDAL + printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype, keyblk->keyvalue->length); + for (i=0; i < keyblk->keyvalue->length; i++) + { + printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); + } + printf("\n"); +#else + printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length); + for (i=0; i < keyblk->length; i++) + { + printf("%02x",keyblk->contents[i]); + } + printf("\n"); +#endif + } + + +/* Given krb5 service (typically "kssl") and hostname in kssl_ctx, +** Create Kerberos AP_REQ message for SSL Client. +** +** 19990628 VRS Started. +*/ +krb5_error_code +kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, + /* OUT */ krb5_data *krb5_app_req, KSSL_ERR *kssl_err) + { + krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; + krb5_context krb5context = NULL; + krb5_auth_context krb5auth_context = NULL; + krb5_ccache krb5ccdef = NULL; + krb5_creds krb5creds, *krb5credsp = NULL; + krb5_data krb5in_data; + + kssl_err_set(kssl_err, 0, ""); + memset((char *)&krb5creds, 0, sizeof(krb5creds)); + + if (!kssl_ctx) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "No kssl_ctx defined.\n"); + goto err; + } + else if (!kssl_ctx->service_host) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "kssl_ctx service_host undefined.\n"); + goto err; + } + + if ((krb5rc = krb5_init_context(&krb5context)) != 0) + { + BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, + "krb5_init_context() fails: %d\n", krb5rc); + kssl_err->reason = SSL_R_KRB5_C_INIT; + goto err; + } + + if ((krb5rc = krb5_sname_to_principal(krb5context, + kssl_ctx->service_host, + (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, + KRB5_NT_SRV_HST, &krb5creds.server)) != 0) + { + BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, + "krb5_sname_to_principal() fails for %s/%s\n", + kssl_ctx->service_host, + (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC); + kssl_err->reason = SSL_R_KRB5_C_INIT; + goto err; + } + + if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, + "krb5_cc_default fails.\n"); + goto err; + } + + if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, + &krb5creds.client)) != 0) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, + "krb5_cc_get_principal() fails.\n"); + goto err; + } + + if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, + &krb5creds, &krb5credsp)) != 0) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, + "krb5_get_credentials() fails.\n"); + goto err; + } + + krb5in_data.data = NULL; + krb5in_data.length = 0; + + krb5rc = KRB5KRB_ERR_GENERIC; + /* caller should free data of krb5_app_req */ + if ((krb5rc = krb5_mk_req_extended(krb5context, &krb5auth_context, + 0, &krb5in_data, krb5credsp, krb5_app_req)) != 0) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, + "krb5_mk_req_extended() fails.\n"); + goto err; + } +#ifdef KRB5_HEIMDAL + else if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, + "kssl_ctx_setkey() fails.\n"); + } +#else + else if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, + "kssl_ctx_setkey() fails.\n"); + } +#endif + else krb5rc = 0; + + err: +#ifdef KSSL_DEBUG + kssl_ctx_show(kssl_ctx); +#endif /* KSSL_DEBUG */ + + if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client); + if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server); + if (krb5auth_context) krb5_auth_con_free(krb5context, krb5auth_context); + if (krb5context) krb5_free_context(krb5context); + return (krb5rc); + } + + +/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), +** and krb5 AP_REQ message & message length, +** Return Kerberos session key and client principle +** to SSL Server in KSSL_CTX *kssl_ctx. +** +** 19990702 VRS Started. +*/ +krb5_error_code +kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, + /* IN */ char *msg, int msglen, + /* OUT */ KSSL_ERR *kssl_err ) + { + krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; + static krb5_context krb5context = NULL; + static krb5_auth_context krb5auth_context = NULL; + krb5_ticket *krb5ticket = NULL; + krb5_keytab krb5keytab = NULL; + krb5_principal krb5server; + krb5_data krb5in_data; + krb5_flags ap_option; + + kssl_err_set(kssl_err, 0, ""); + + if (!kssl_ctx) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); + goto err; + } + +#ifdef KSSL_DEBUG + printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name)); +#endif /* KSSL_DEBUG */ + + if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_init_context() fails.\n"); + goto err; + } + if (krb5auth_context && + (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_auth_con_free() fails.\n"); + goto err; + } + else krb5auth_context = NULL; + if (!krb5auth_context && + (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_auth_con_init() fails.\n"); + goto err; + } + + if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, + (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, + KRB5_NT_SRV_HST, &krb5server)) != 0) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_sname_to_principal() fails.\n"); + goto err; + } + + /* kssl_ctx->keytab_file == NULL ==> use Kerberos default + */ + if (kssl_ctx->keytab_file) + { + krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, + &krb5keytab); + if (krb5rc) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_kt_resolve() fails.\n"); + goto err; + } + } + else + { + krb5rc = krb5_kt_default(krb5context,&krb5keytab); + if (krb5rc) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "krb5_kt_default() fails.\n"); + goto err; + } + } + + /* Actual Kerberos5 krb5_recvauth() has initial conversation here + ** o check KRB5_SENDAUTH_BADAUTHVERS unless KRB5_RECVAUTH_SKIP_VERSION + ** o check KRB5_SENDAUTH_BADAPPLVERS + ** o send "0" msg if all OK + */ + + krb5in_data.data = msg; + krb5in_data.length = msglen; + if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, &krb5in_data, + krb5server, krb5keytab, &ap_option, &krb5ticket)) != 0) + { + BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + "krb5_rd_req() fails with %x.\n", krb5rc); + kssl_err->reason = SSL_R_KRB5_S_RD_REQ; + goto err; + } + + krb5rc = KRB5_NO_TKT_SUPPLIED; + if (!krb5ticket || !krb5ticket->enc_part2 || + !krb5ticket->enc_part2->client || + !krb5ticket->enc_part2->client->data || + !krb5ticket->enc_part2->session) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, + "bad ticket from krb5_rd_req.\n"); + } + else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, + &krb5ticket->enc_part2->client->realm, + krb5ticket->enc_part2->client->data)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, + "kssl_ctx_setprinc() fails.\n"); + } + else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, + "kssl_ctx_setkey() fails.\n"); + } + else krb5rc = 0; + + err: +#ifdef KSSL_DEBUG + kssl_ctx_show(kssl_ctx); +#endif /* KSSL_DEBUG */ + + if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); + if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket); + if (krb5server) krb5_free_principal(krb5context, krb5server); + return (krb5rc); + } + + +/* Allocate & return a new kssl_ctx struct. +*/ +KSSL_CTX * +kssl_ctx_new(void) + { + return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX))); + } + + +/* Frees a kssl_ctx struct and any allocated memory it holds. +** Returns NULL. +*/ +KSSL_CTX * +kssl_ctx_free(KSSL_CTX *kssl_ctx) + { + if (kssl_ctx == NULL) return kssl_ctx; + + if (kssl_ctx->key) memset(kssl_ctx->key, 0, kssl_ctx->length); + if (kssl_ctx->key) free(kssl_ctx->key); + if (kssl_ctx->client_princ) free(kssl_ctx->client_princ); + if (kssl_ctx->service_host) free(kssl_ctx->service_host); + if (kssl_ctx->service_name) free(kssl_ctx->service_name); + if (kssl_ctx->keytab_file) free(kssl_ctx->keytab_file); + + free(kssl_ctx); + return (KSSL_CTX *) NULL; + } + + +/* Given a (krb5_data *) entity (and optional realm), +** set the plain (char *) client_princ or service_host member +** of the kssl_ctx struct. +*/ +krb5_error_code +kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, + krb5_data *realm, krb5_data *entity) + { + char **princ; + int length; + + if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; + + switch (which) + { + case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break; + case KSSL_SERVER: princ = &kssl_ctx->service_host; break; + default: return KSSL_CTX_ERR; break; + } + if (*princ) free(*princ); + + length = entity->length + ((realm)? realm->length + 2: 1); + if ((*princ = calloc(1, length)) == NULL) + return KSSL_CTX_ERR; + else + { + strncpy(*princ, entity->data, entity->length); + if (realm) + { + strcat (*princ, "@"); + (void) strncat(*princ, realm->data, realm->length); + } + } + + return KSSL_CTX_OK; + } + + +/* Set one of the plain (char *) string members of the kssl_ctx struct. +** Default values should be: +** which == KSSL_SERVICE => "khost" (KRB5SVC) +** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) +*/ +krb5_error_code +kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) + { + char **string; + + if (!kssl_ctx) return KSSL_CTX_ERR; + + switch (which) + { + case KSSL_SERVICE: string = &kssl_ctx->service_name; break; + case KSSL_SERVER: string = &kssl_ctx->service_host; break; + case KSSL_CLIENT: string = &kssl_ctx->client_princ; break; + case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; + default: return KSSL_CTX_ERR; break; + } + if (*string) free(*string); + + if (!text) + { + *string = '\0'; + return KSSL_CTX_OK; + } + + if ((*string = calloc(1, strlen(text) + 1)) == NULL) + return KSSL_CTX_ERR; + else + strcpy(*string, text); + + return KSSL_CTX_OK; + } + + +/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx +** struct. Clear kssl_ctx->key if Kerberos session key is NULL. +*/ +krb5_error_code +kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) + { + if (!kssl_ctx) return KSSL_CTX_ERR; + + if (kssl_ctx->key) + { + memset(kssl_ctx->key, 0, kssl_ctx->length); + free(kssl_ctx->key); + } + + if (session) + { + kssl_ctx->enctype = session->enctype; + kssl_ctx->length = session->length; + } + else + { + kssl_ctx->enctype = ENCTYPE_UNKNOWN; + kssl_ctx->length = 0; + return KSSL_CTX_OK; + } + + if ((kssl_ctx->key = + (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL) + { + kssl_ctx->length = 0; + return KSSL_CTX_ERR; + } + else + memcpy(kssl_ctx->key, session->contents, session->length); + + return KSSL_CTX_OK; + } + + +/* Display contents of kssl_ctx struct +*/ +void +kssl_ctx_show(KSSL_CTX *kssl_ctx) + { + int i; + + printf("kssl_ctx: "); + if (kssl_ctx == NULL) + { + printf("NULL\n"); + return; + } + else + printf("%p\n", kssl_ctx); + + printf("\tservice:\t%s\n", + (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); + printf("\tclient:\t%s\n", + (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL"); + printf("\tserver:\t%s\n", + (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL"); + printf("\tkeytab:\t%s\n", + (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL"); + printf("\tkey [%d:%d]:\t", + kssl_ctx->enctype, kssl_ctx->length); + + for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++) + { + printf("%02x", kssl_ctx->key[i]); + } + printf("\n"); + return; + } + +void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) + { +#ifdef KRB5_HEIMDAL + data->length = 0; + free(data->if (data->data) data); +#else + krb5_free_data_contents(NULL, data); +#endif + } + +#else /* !NO_KRB5 */ + +#ifdef PEDANTIC +static int dummy=(int)&dummy; +#endif + +#endif /* !NO_KRB5 */ + diff --git a/ssl/kssl.h b/ssl/kssl.h new file mode 100644 index 000000000..8f46e66f2 --- /dev/null +++ b/ssl/kssl.h @@ -0,0 +1,162 @@ +/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* +** 19990701 VRS Started. +*/ + +#ifndef KSSL_H +#define KSSL_H + +#ifndef NO_KRB5 + +#include <stdio.h> +#include <ctype.h> +#include <krb5.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* +** Depending on which KRB5 implementation used, some types from +** the other may be missing. Resolve that here and now +*/ +#ifdef KRB5_HEIMDAL +typedef unsigned char krb5_octet; +#define FAR +#endif + +/* Uncomment this to debug kssl problems or +** to trace usage of the Kerberos session key +** +** #define KSSL_DEBUG +*/ + +#ifndef KRB5SVC +#define KRB5SVC "host" +#endif + +#ifndef KRB5KEYTAB +#define KRB5KEYTAB "/etc/krb5.keytab" +#endif + + +#define KSSL_ERR_MAX 255 +typedef struct kssl_err_st { + int reason; + char text[KSSL_ERR_MAX+1]; + } KSSL_ERR; + + +/* Context for passing +** (1) Kerberos session key to SSL, and +** (2) Config data between application and SSL lib +*/ +typedef struct kssl_ctx_st + { + /* used by: disposition: */ + char *service_name; /* C,S default ok (kssl) */ + char *service_host; /* C input, REQUIRED */ + char *client_princ; /* S output from krb5 ticket */ + char *keytab_file; /* S NULL (/etc/krb5.keytab) */ + char *cred_cache; /* C NULL (default) */ + krb5_enctype enctype; + int length; + krb5_octet FAR *key; + } KSSL_CTX; + +#define KSSL_CLIENT 1 +#define KSSL_SERVER 2 +#define KSSL_SERVICE 3 +#define KSSL_KEYTAB 4 + +#define KSSL_CTX_OK 0 +#define KSSL_CTX_ERR 1 +#define KSSL_NOMEM 2 + + +/* Private (internal to OpenSSL) */ +void print_krb5_data(char *label, krb5_data *kdata); +void print_krb5_authdata(char *label, krb5_authdata **adata); +void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); + +char *kstring(char *string); +char *knumber(int len, krb5_octet *contents); + + +/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ +krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); +KSSL_CTX *kssl_ctx_new(void); +KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); +void kssl_ctx_show(KSSL_CTX *kssl_ctx); +krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, + krb5_data *realm, krb5_data *entity); +krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data *ap_req, + KSSL_ERR *kssl_err); +krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, char *msg, int msglen, + KSSL_ERR *kssl_err); +krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); +void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); +void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); + +#ifdef __cplusplus +} +#endif +#endif /* NO_KRB5 */ +#endif /* KSSL_H */ diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 47dd09c28..28d6d6529 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) goto err; } ERR_clear_error(); /* but we keep s->verify_result */ + s->session->verify_result = s->verify_result; /* server's cert for this session */ sc=ssl_sess_cert_new(); diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 129ed89d9..a6f4db36c 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -260,6 +260,9 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u) int ssl2_pending(SSL *s) { + /* Unlike ssl2_pending, this one probably works (if read-ahead + * is disabled), but it should be examined + * XXX */ return(s->s2->ract_data_length); } diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 56662f29f..0b48ea289 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -68,6 +68,10 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); static int ssl_mt_error(int n); int ssl2_peek(SSL *s, char *buf, int len) { +#if 1 + SSLerr(SSL_F_SSL2_PEEK, SSL_R_FIXME); /* function is totally broken */ + return -1; +#else int ret; ret=ssl2_read(s,buf,len); @@ -77,6 +81,7 @@ int ssl2_peek(SSL *s, char *buf, int len) s->s2->ract_data-=ret; } return(ret); +#endif } /* SSL_read - diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 62040f9f1..3b3c35b9d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -65,6 +65,10 @@ #include <openssl/evp.h> #include "ssl_locl.h" +#ifndef NO_KRB5 +#include "kssl.h" +#endif + static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); @@ -687,6 +691,7 @@ static int ssl3_get_server_certificate(SSL *s) STACK_OF(X509) *sk=NULL; SESS_CERT *sc; EVP_PKEY *pkey=NULL; + int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ n=ssl3_get_message(s, SSL3_ST_CR_CERT_A, @@ -782,10 +787,23 @@ static int ssl3_get_server_certificate(SSL *s) * certificate, which we don't include in s3_srvr.c */ x=sk_X509_value(sk,0); sk=NULL; + /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end */ pkey=X509_get_pubkey(x); - if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)) + /* VRS: allow null cert if auth == KRB5 */ + need_cert = + ((s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + == (SSL_aKRB5|SSL_kKRB5))? 0: 1; + +#ifdef KSSL_DEBUG + printf("pkey,x = %p, %p\n", pkey,x); + printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); + printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, + s->s3->tmp.new_cipher->algorithms, need_cert); +#endif /* KSSL_DEBUG */ + + if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { x=NULL; al=SSL3_AL_FATAL; @@ -794,7 +812,7 @@ static int ssl3_get_server_certificate(SSL *s) } i=ssl_cert_type(x,pkey); - if (i < 0) + if (need_cert && i < 0) { x=NULL; al=SSL3_AL_FATAL; @@ -802,19 +820,32 @@ static int ssl3_get_server_certificate(SSL *s) goto f_err; } - sc->peer_cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen? - * We just created sc a couple of - * lines ago. */ - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; - sc->peer_key= &(sc->peer_pkeys[i]); - - if (s->session->peer != NULL) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; + if (need_cert) + { + sc->peer_cert_type=i; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + /* Why would the following ever happen? + * We just created sc a couple of lines ago. */ + if (sc->peer_pkeys[i].x509 != NULL) + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509=x; + sc->peer_key= &(sc->peer_pkeys[i]); + + if (s->session->peer != NULL) + X509_free(s->session->peer); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + s->session->peer=x; + } + else + { + sc->peer_cert_type=i; + sc->peer_key= NULL; + + if (s->session->peer != NULL) + X509_free(s->session->peer); + s->session->peer=NULL; + } + s->session->verify_result = s->verify_result; x=NULL; ret=1; @@ -1321,6 +1352,9 @@ static int ssl3_send_client_key_exchange(SSL *s) unsigned char *q; EVP_PKEY *pkey=NULL; #endif +#ifndef NO_KRB5 + KSSL_ERR kssl_err; +#endif /* NO_KRB5 */ if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -1329,8 +1363,10 @@ static int ssl3_send_client_key_exchange(SSL *s) l=s->s3->tmp.new_cipher->algorithms; + /* Fool emacs indentation */ + if (0) {} #ifndef NO_RSA - if (l & SSL_kRSA) + else if (l & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -1387,10 +1423,75 @@ static int ssl3_send_client_key_exchange(SSL *s) tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); } - else +#endif +#ifndef NO_KRB5 + else if (l & SSL_kKRB5) + { + krb5_error_code krb5rc; + KSSL_CTX *kssl_ctx = s->kssl_ctx; + krb5_data krb5_ap_req; + +#ifdef KSSL_DEBUG + printf("ssl3_send_client_key_exchange(%lx & %lx)\n", + l, SSL_kKRB5); +#endif /* KSSL_DEBUG */ + + /* + ** Tried to send random tmp_buf[] as PMS in Kerberos ticket + ** by passing krb5_mk_req_extended(ctx,authctx,opts, tmp_buf, ...) + ** but: I can't retrieve the PMS on the other side! There is + ** some indication in the krb5 source that this is only used + ** to generate a checksum. OTOH, the Tung book shows data + ** ("GET widget01.txt") being passed in krb5_mk_req_extended() + ** by way of krb5_sendauth(). I don't get it. + ** Until Kerberos goes 3DES, the big PMS secret would only be + ** encrypted in 1-DES anyway. So losing the PMS shouldn't be + ** a big deal. + */ + krb5rc = kssl_cget_tkt(kssl_ctx, &krb5_ap_req, + &kssl_err); +#ifdef KSSL_DEBUG + { + printf("kssl_cget_tkt rtn %d\n", krb5rc); + kssl_ctx_show(kssl_ctx); + if (krb5rc && kssl_err.text) + printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); + } +#endif /* KSSL_DEBUG */ + + if (krb5rc) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason); + goto err; + } + + /* Send ticket (copy to *p, set n = length) + */ + n = krb5_ap_req.length; + memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + if (krb5_ap_req.data) + kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + + /* 19991013 VRS - 3DES is kind of bogus here, + ** at least until Kerberos supports 3DES. The only + ** real secret is the 8-byte Kerberos session key; + ** the other key material ((s->) client_random, server_random) + ** could be sniffed. Mixing in these nonces should help + ** protect against replay attacks, however. + ** + ** Alternate code for Kerberos Purists: + ** + ** memcpy(s->session->master_key, kssl_ctx->key, kssl_ctx->length); + ** s->session->master_key_length = kssl_ctx->length; + */ + s->session->master_key_length= + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, kssl_ctx->key,kssl_ctx->length); + } #endif #ifndef NO_DH - if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) + else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { DH *dh_srvr,*dh_clnt; @@ -1444,8 +1545,8 @@ static int ssl3_send_client_key_exchange(SSL *s) /* perhaps clean things up a bit EAY EAY EAY EAY*/ } - else #endif + else { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); @@ -1640,7 +1741,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) algs=s->s3->tmp.new_cipher->algorithms; /* we don't have a certificate */ - if (algs & (SSL_aDH|SSL_aNULL)) + if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) return(1); #ifndef NO_RSA diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index cee2021b6..f8df4ee22 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -473,6 +473,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, +#ifndef NO_KRB5 +/* The Kerberos ciphers +** 20000107 VRS: And the first shall be last, +** in hopes of avoiding the lynx ssl renegotiation problem. +*/ +/* Cipher 21 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_40_CBC_SHA, + SSL3_CK_KRB5_DES_40_CBC_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 22 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_40_CBC_MD5, + SSL3_CK_KRB5_DES_40_CBC_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 23 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_64_CBC_SHA, + SSL3_CK_KRB5_DES_64_CBC_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 24 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_64_CBC_MD5, + SSL3_CK_KRB5_DES_64_CBC_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 25 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_192_CBC3_SHA, + SSL3_CK_KRB5_DES_192_CBC3_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, + 0, + 112, + 168, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 26 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_192_CBC3_MD5, + SSL3_CK_KRB5_DES_192_CBC3_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, + 0, + 112, + 168, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +#endif /* NO_KRB5 */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* Cipher 60 */ @@ -638,10 +727,10 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u) return(NULL); } -/* The problem is that it may not be the correct record type */ int ssl3_pending(SSL *s) { - return(s->s3->rrec.length); + /* The problem is that it may not be the correct record type */ + return(s->s3->rrec.length); /* FIXME */ } int ssl3_new(SSL *s) @@ -1076,10 +1165,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); #ifdef CIPHER_DEBUG - printf("Have:\n"); - for(i=0 ; i < sk_num(pref) ; ++i) + printf("Have %d from %p:\n", sk_SSL_CIPHER_num(pref), pref); + for(i=0 ; i < sk_SSL_CIPHER_num(pref) ; ++i) { - c=(SSL_CIPHER *)sk_value(pref,i); + c=sk_SSL_CIPHER_value(pref,i); printf("%p:%s\n",c,c->name); } #endif @@ -1092,6 +1181,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, mask=cert->mask; emask=cert->export_mask; +#ifdef KSSL_DEBUG + printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); +#endif /* KSSL_DEBUG */ + alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (SSL_C_IS_EXPORT(c)) { @@ -1280,6 +1373,10 @@ int ssl3_read(SSL *s, void *buf, int len) int ssl3_peek(SSL *s, char *buf, int len) { +#if 1 + SSLerr(SSL_F_SSL3_PEEK, SSL_R_FIXME); /* function is totally broken */ + return -1; +#else SSL3_RECORD *rr; int n; @@ -1298,6 +1395,7 @@ int ssl3_peek(SSL *s, char *buf, int len) n=len; memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); return(n); +#endif } int ssl3_renegotiate(SSL *s) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bb8cfb31e..4704dfb59 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -70,6 +70,10 @@ #include <openssl/x509.h> #include "ssl_locl.h" +#ifndef NO_KRB5 +#include "kssl.h" +#endif /* NO_KRB5 */ + static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); static int ssl3_check_client_hello(SSL *s); @@ -262,7 +266,11 @@ int ssl3_accept(SSL *s) /* clear this, it may get reset by * send_server_key_exchange */ - if (s->options & SSL_OP_EPHEMERAL_RSA) + if ((s->options & SSL_OP_EPHEMERAL_RSA) +#ifndef NO_KRB5 + && !(l & SSL_KRB5) +#endif /* NO_KRB5 */ + ) s->s3->tmp.use_rsa_tmp=1; else s->s3->tmp.use_rsa_tmp=0; @@ -1257,12 +1265,15 @@ static int ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub=NULL; DH *dh_srvr; #endif +#ifndef NO_KRB5 + KSSL_ERR kssl_err; +#endif /* NO_KRB5 */ n=ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, - 400, /* ???? */ + 2048, /* ??? */ &ok); if (!ok) return((int)n); @@ -1417,6 +1428,53 @@ static int ssl3_get_client_key_exchange(SSL *s) } else #endif +#ifndef NO_KRB5 + if (l & SSL_kKRB5) + { + krb5_error_code krb5rc; + KSSL_CTX *kssl_ctx = s->kssl_ctx; + + if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); + if ((krb5rc = kssl_sget_tkt(kssl_ctx, + s->init_buf->data, s->init_buf->length, + &kssl_err)) != 0) + { +#ifdef KSSL_DEBUG + printf("kssl_sget_tkt rtn %d [%d]\n", + krb5rc, kssl_err.reason); + if (kssl_err.text) + printf("kssl_err text= %s\n", kssl_err.text); +#endif /* KSSL_DEBUG */ + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + kssl_err.reason); + goto err; + } + +#ifdef KSSL_DEBUG + kssl_ctx_show(kssl_ctx); +#endif /* KSSL_DEBUG */ + + /* 19991013 VRS - 3DES is kind of bogus here, + ** at least until Kerberos supports 3DES. The only + ** real secret is the 8-byte Kerberos session key; + ** the other key material (client_random, server_random) + ** could be sniffed. Nonces may help against replays though. + ** + ** Alternate code for Kerberos Purists: + ** + ** memcpy(s->session->master_key, kssl_ctx->key, kssl_ctx->length); + ** s->session->master_key_length = kssl_ctx->length; + */ + s->session->master_key_length= + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, kssl_ctx->key, kssl_ctx->length); + /* Was doing kssl_ctx_free() here, but it caused problems for apache. + ** kssl_ctx = kssl_ctx_free(kssl_ctx); + ** if (s->kssl_ctx) s->kssl_ctx = NULL; + */ + } + else +#endif /* NO_KRB5 */ { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE); @@ -1737,7 +1795,11 @@ int ssl3_send_server_certificate(SSL *s) if (s->state == SSL3_ST_SW_CERT_A) { x=ssl_get_server_send_cert(s); - if (x == NULL) + if (x == NULL && + /* VRS: allow null cert if auth == KRB5 */ + (s->s3->tmp.new_cipher->algorithms + & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + != (SSL_aKRB5|SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR); return(0); diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 0a8581898..05c458d19 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -647,6 +647,7 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! +$ p2 = "NORSAREF" $ IF (P2.EQS."NORSAREF") $ THEN $! @@ -68,6 +68,9 @@ #ifndef NO_X509 #include <openssl/x509.h> #endif +#ifndef NO_KRB5 +#include <openssl/kssl.h> +#endif #include <openssl/safestack.h> #ifdef __cplusplus @@ -92,6 +95,15 @@ extern "C" { #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA +/* VRS Additional Kerberos5 entries + */ +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 + #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 #define SSL_MAX_SID_CTX_LENGTH 32 @@ -112,6 +124,10 @@ extern "C" { #define SSL_TXT_eNULL "eNULL" #define SSL_TXT_NULL "NULL" +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_KRB5 "KRB5" + #define SSL_TXT_kRSA "kRSA" #define SSL_TXT_kDHr "kDHr" #define SSL_TXT_kDHd "kDHd" @@ -655,6 +671,10 @@ struct ssl_st int error; /* error bytes to be written */ int error_code; /* actual code */ +#ifndef NO_KRB5 + KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ +#endif /* NO_KRB5 */ + SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() * and SSL_write() calls, good for nbio debuging :-) */ @@ -1239,6 +1259,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL2_ACCEPT 122 #define SSL_F_SSL2_CONNECT 123 #define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_SET_CERTIFICATE 126 #define SSL_F_SSL2_WRITE 127 @@ -1264,6 +1285,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL3_GET_SERVER_DONE 145 #define SSL_F_SSL3_GET_SERVER_HELLO 146 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_PEEK 235 #define SSL_F_SSL3_READ_BYTES 148 #define SSL_F_SSL3_READ_N 149 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 @@ -1406,6 +1428,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_FIXME 1101 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 @@ -1414,6 +1437,13 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 +#define SSL_R_KRB5_C_CC_PRINC 1094 +#define SSL_R_KRB5_C_GET_CRED 1095 +#define SSL_R_KRB5_C_INIT 1096 +#define SSL_R_KRB5_C_MK_REQ 1097 +#define SSL_R_KRB5_S_BAD_TICKET 1098 +#define SSL_R_KRB5_S_INIT 1099 +#define SSL_R_KRB5_S_RD_REQ 1100 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 7ee1feaa6..4d62ba52b 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -105,6 +105,22 @@ extern "C" { #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +/* VRS Additional Kerberos5 entries + */ +#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000021 +#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000022 +#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x03000023 +#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000024 +#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x03000025 +#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000026 + +#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" + #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c26df62c2..130bb7906 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -131,6 +131,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) { static int ssl_x509_store_ctx_idx= -1; + /* FIXME: should do locking */ if (ssl_x509_store_ctx_idx < 0) { ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( @@ -271,7 +272,9 @@ CERT *ssl_cert_dup(CERT *cert) return(ret); +#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */ err: +#endif #ifndef NO_RSA if (ret->rsa_tmp != NULL) RSA_free(ret->rsa_tmp); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f63163f26..a196d5e57 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -100,6 +100,7 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, @@ -108,6 +109,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, + {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, @@ -128,6 +130,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, @@ -291,6 +294,9 @@ static unsigned long ssl_cipher_get_disabled(void) #ifdef NO_DH mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; #endif +#ifdef NO_KRB5 + mask |= SSL_kKRB5|SSL_aKRB5; +#endif #ifdef SSL_FORBID_ENULL mask |= SSL_eNULL; @@ -336,6 +342,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, list[list_num].prev = NULL; list[list_num].active = 0; list_num++; +#ifdef KSSL_DEBUG + printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); +#endif /* KSSL_DEBUG */ /* if (!sk_push(ca_list,(char *)c)) goto err; */ @@ -738,6 +747,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); +#ifdef KSSL_DEBUG + printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); +#endif /* KSSL_DEBUG */ list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); if (list == NULL) { @@ -872,8 +884,12 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) char *ver,*exp; char *kx,*au,*enc,*mac; unsigned long alg,alg2,alg_s; +#ifdef KSSL_DEBUG + static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; +#else static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; - +#endif /* KSSL_DEBUG */ + alg=cipher->algorithms; alg_s=cipher->algo_strength; alg2=cipher->algorithm2; @@ -901,6 +917,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx="DH/DSS"; break; + case SSL_kKRB5: /* VRS */ + case SSL_KRB5: /* VRS */ + kx="KRB5"; + break; case SSL_kFZA: kx="Fortezza"; break; @@ -922,6 +942,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au="DH"; break; + case SSL_aKRB5: /* VRS */ + case SSL_KRB5: /* VRS */ + au="KRB5"; + break; case SSL_aFZA: case SSL_aNULL: au="None"; @@ -982,7 +1006,11 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) else if (len < 128) return("Buffer too small"); +#ifdef KSSL_DEBUG + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); +#else BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); +#endif /* KSSL_DEBUG */ return(buf); } @@ -1053,6 +1081,10 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) SSL_COMP *comp; STACK_OF(SSL_COMP) *sk; + if (cm == NULL || cm->type == NID_undef) + return 1; + + MemCheck_off(); comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); comp->id=id; comp->method=cm; @@ -1062,10 +1094,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) sk=ssl_comp_methods; if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp)) { + MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); return(0); } else + { + MemCheck_on(); return(1); + } } - diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 17b4caf52..91e9ab825 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -91,6 +91,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, +{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, {ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, @@ -116,6 +117,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, +{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"}, {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, {ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, @@ -261,6 +263,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, {SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, {SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, +{SSL_R_FIXME ,"FIXME"}, {SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, {SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, {SSL_R_HTTP_REQUEST ,"http request"}, @@ -269,6 +272,13 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_INVALID_COMMAND ,"invalid command"}, {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, {SSL_R_INVALID_TRUST ,"invalid trust"}, +{SSL_R_KRB5_C_CC_PRINC ,"krb5 c cc princ"}, +{SSL_R_KRB5_C_GET_CRED ,"krb5 c get cred"}, +{SSL_R_KRB5_C_INIT ,"krb5 c init"}, +{SSL_R_KRB5_C_MK_REQ ,"krb5 c mk req"}, +{SSL_R_KRB5_S_BAD_TICKET ,"krb5 s bad ticket"}, +{SSL_R_KRB5_S_INIT ,"krb5 s init"}, +{SSL_R_KRB5_S_RD_REQ ,"krb5 s rd req"}, {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ed2b82098..685fc5560 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -191,6 +191,10 @@ SSL *SSL_new(SSL_CTX *ctx) if (s == NULL) goto err; memset(s,0,sizeof(SSL)); +#ifndef NO_KRB5 + s->kssl_ctx = kssl_ctx_new(); +#endif /* NO_KRB5 */ + if (ctx->cert != NULL) { /* Earlier library versions used to copy the pointer to @@ -576,6 +580,13 @@ int SSL_get_read_ahead(SSL *s) int SSL_pending(SSL *s) { + /* SSL_pending cannot work properly if read-ahead is enabled + * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), + * and it is impossible to fix since SSL_pending cannot report + * errors that may be observed while scanning the new data. + * (Note that SSL_pending() is often used as a boolean value, + * so we'd better not return -1.) + */ return(s->method->ssl_pending(s)); } @@ -1090,6 +1101,9 @@ int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) return(memcmp(a->session_id,b->session_id,a->session_id_length)); } +static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *) +static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *) + SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) { SSL_CTX *ret=NULL; @@ -1153,7 +1167,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ret->default_passwd_callback_userdata=NULL; ret->client_cert_cb=NULL; - ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); + ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), + LHASH_COMP_FN(SSL_SESSION_cmp)); if (ret->sessions == NULL) goto err; ret->cert_store=X509_STORE_new(); if (ret->cert_store == NULL) goto err; @@ -1200,8 +1215,10 @@ err2: return(NULL); } +#if 0 static void SSL_COMP_free(SSL_COMP *comp) { OPENSSL_free(comp); } +#endif void SSL_CTX_free(SSL_CTX *a) { @@ -1240,8 +1257,12 @@ void SSL_CTX_free(SSL_CTX *a) sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); if (a->extra_certs != NULL) sk_X509_pop_free(a->extra_certs,X509_free); +#if 0 /* This should never be done, since it removes a global database */ if (a->comp_methods != NULL) sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); +#else + a->comp_methods = NULL; +#endif OPENSSL_free(a); } @@ -1372,6 +1393,11 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) mask|=SSL_aNULL; emask|=SSL_aNULL; +#ifndef NO_KRB5 + mask|=SSL_kKRB5|SSL_aKRB5; + emask|=SSL_kKRB5|SSL_aKRB5; +#endif + c->mask=mask; c->export_mask=emask; c->valid=1; @@ -1404,6 +1430,11 @@ X509 *ssl_get_server_send_cert(SSL *s) else i=SSL_PKEY_RSA_ENC; } + else if (kalg & SSL_aKRB5) + { + /* VRS something else here? */ + return(NULL); + } else /* if (kalg & SSL_aNULL) */ { SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d70fff462..e56bbf9c3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -168,48 +168,51 @@ * that the different entities within are mutually exclusive: * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. */ -#define SSL_MKEY_MASK 0x0000001FL +#define SSL_MKEY_MASK 0x0000003FL #define SSL_kRSA 0x00000001L /* RSA key exchange */ #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ #define SSL_kFZA 0x00000008L #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ +#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) -#define SSL_AUTH_MASK 0x000003e0L -#define SSL_aRSA 0x00000020L /* Authenticate with RSA */ -#define SSL_aDSS 0x00000040L /* Authenticate with DSS */ +#define SSL_AUTH_MASK 0x00000FC0L +#define SSL_aRSA 0x00000040L /* Authenticate with RSA */ +#define SSL_aDSS 0x00000080L /* Authenticate with DSS */ #define SSL_DSS SSL_aDSS -#define SSL_aFZA 0x00000080L -#define SSL_aNULL 0x00000100L /* no Authenticate, ADH */ -#define SSL_aDH 0x00000200L /* no Authenticate, ADH */ +#define SSL_aFZA 0x00000100L +#define SSL_aNULL 0x00000200L /* no Authenticate, ADH */ +#define SSL_aDH 0x00000400L /* no Authenticate, ADH */ +#define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */ #define SSL_NULL (SSL_eNULL) #define SSL_ADH (SSL_kEDH|SSL_aNULL) #define SSL_RSA (SSL_kRSA|SSL_aRSA) #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) - -#define SSL_ENC_MASK 0x0001Fc00L -#define SSL_DES 0x00000400L -#define SSL_3DES 0x00000800L -#define SSL_RC4 0x00001000L -#define SSL_RC2 0x00002000L -#define SSL_IDEA 0x00004000L -#define SSL_eFZA 0x00008000L -#define SSL_eNULL 0x00010000L - -#define SSL_MAC_MASK 0x00060000L -#define SSL_MD5 0x00020000L -#define SSL_SHA1 0x00040000L +#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) + +#define SSL_ENC_MASK 0x0007F000L +#define SSL_DES 0x00001000L +#define SSL_3DES 0x00002000L +#define SSL_RC4 0x00004000L +#define SSL_RC2 0x00008000L +#define SSL_IDEA 0x00010000L +#define SSL_eFZA 0x00020000L +#define SSL_eNULL 0x00040000L + +#define SSL_MAC_MASK 0x00180000L +#define SSL_MD5 0x00080000L +#define SSL_SHA1 0x00100000L #define SSL_SHA (SSL_SHA1) -#define SSL_SSL_MASK 0x00180000L -#define SSL_SSLV2 0x00080000L -#define SSL_SSLV3 0x00100000L +#define SSL_SSL_MASK 0x00600000L +#define SSL_SSLV2 0x00200000L +#define SSL_SSLV3 0x00400000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 001fffff - 11 bits left to go */ +/* we have used 007fffff - 9 bits left to go */ /* * Export and cipher strength information. For each cipher we have to decide diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 6ec7a5cdb..34a4d27db 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -303,7 +303,7 @@ end: int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) { int ret; - unsigned char *p; + const unsigned char *p; RSA *rsa; p=d; @@ -641,7 +641,7 @@ end: int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) { int ret; - unsigned char *p; + const unsigned char *p; RSA *rsa; p=d; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 416def890..830f1d9b0 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) if (s->session != NULL) SSL_SESSION_free(s->session); s->session=session; + s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ ret=1; } @@ -605,7 +606,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); i=tp.cache->down_load; tp.cache->down_load=0; - lh_doall_arg(tp.cache,(void (*)())timeout,&tp); + lh_doall_arg(tp.cache, (LHASH_DOALL_ARG_FN_TYPE)timeout, &tp); tp.cache->down_load=i; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 4763f2a6d..77ac362c8 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -74,6 +74,7 @@ #include <openssl/err.h> #include <openssl/rand.h> #ifdef WINDOWS +#include <winsock.h> #include "../crypto/bio/bss_file.c" #endif @@ -85,6 +86,11 @@ # define TEST_CLIENT_CERT "../apps/client.pem" #endif +/* There is really no standard for this, so let's assign some tentative + numbers. In any case, these numbers are only for this test */ +#define COMP_RLE 1 +#define COMP_ZLIB 2 + static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); @@ -148,6 +154,8 @@ static void sv_usage(void) fprintf(stderr," -bio_pair - Use BIO pairs\n"); fprintf(stderr," -f - Test even cases that can't work\n"); fprintf(stderr," -time - measure processor time used by client and server\n"); + fprintf(stderr," -zlib - use zlib compression\n"); + fprintf(stderr," -time - use rle compression\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -220,6 +228,8 @@ int main(int argc, char *argv[]) int no_dhe = 0; int print_time = 0; clock_t s_time = 0, c_time = 0; + int comp = 0; + COMP_METHOD *cm = NULL; verbose = 0; debug = 0; @@ -333,6 +343,14 @@ int main(int argc, char *argv[]) { print_time = 1; } + else if (strcmp(*argv,"-zlib") == 0) + { + comp = COMP_ZLIB; + } + else if (strcmp(*argv,"-rle") == 0) + { + comp = COMP_RLE; + } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -374,6 +392,23 @@ bad: SSL_library_init(); SSL_load_error_strings(); + if (comp == COMP_ZLIB) cm = COMP_zlib(); + if (comp == COMP_RLE) cm = COMP_rle(); + if (cm != NULL) + { + if (cm->type != NID_undef) + SSL_COMP_add_compression_method(comp, cm); + else + { + fprintf(stderr, + "Warning: %s compression not supported\n", + (comp == COMP_RLE ? "rle" : + (comp == COMP_ZLIB ? "zlib" : + "unknown"))); + ERR_print_errors_fp(stderr); + } + } + #if !defined(NO_SSL2) && !defined(NO_SSL3) if (ssl2) meth=SSLv2_method(); @@ -483,6 +518,19 @@ bad: c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); +#ifndef NO_KRB5 + if (c_ssl && c_ssl->kssl_ctx) + { + char localhost[257]; + + if (gethostname(localhost, 256) == 0) + { + kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, + localhost); + } + } +#endif /* NO_KRB5 */ + for (i=0; i<number; i++) { if (!reuse) SSL_set_session(c_ssl,NULL); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0d34357eb..ae33bda78 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -148,6 +148,17 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), s->session->master_key,s->session->master_key_length, km,tmp,num); +#ifdef KSSL_DEBUG + printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", + s->session->master_key_length); + { + int i; + for (i=0; i < s->session->master_key_length; i++) + { + printf("%02X", s->session->master_key[i]); + } + printf("\n"); } +#endif /* KSSL_DEBUG */ } int tls1_change_cipher_state(SSL *s, int which) @@ -174,6 +185,21 @@ int tls1_change_cipher_state(SSL *s, int which) comp=s->s3->tmp.new_compression; key_block=s->s3->tmp.key_block; +#ifdef KSSL_DEBUG + printf("tls1_change_cipher_state(which= %d) w/\n", which); + printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, + comp); + printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); + printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", + c->nid,c->block_size,c->key_len,c->iv_len); + printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); + { + int i; + for (i=0; i<s->s3->tmp.key_block_length; i++) + printf("%02x", key_block[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ + if (which & SSL3_CC_READ) { if ((s->enc_read_ctx == NULL) && @@ -309,6 +335,16 @@ printf("which = %04X\nmac key=",which); } s->session->key_arg_length=0; +#ifdef KSSL_DEBUG + { + int i; + printf("EVP_CipherInit(dd,c,key=,iv=,which)\n"); + printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); + printf("\n"); + printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); #ifdef TLS_DEBUG @@ -338,6 +374,10 @@ int tls1_setup_key_block(SSL *s) int num; SSL_COMP *comp; +#ifdef KSSL_DEBUG + printf ("tls1_setup_key_block()\n"); +#endif /* KSSL_DEBUG */ + if (s->s3->tmp.key_block_length != 0) return(1); @@ -417,6 +457,10 @@ int tls1_enc(SSL *s, int send) enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } +#ifdef KSSL_DEBUG + printf("tls1_enc(%d)\n", send); +#endif /* KSSL_DEBUG */ + if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { @@ -447,8 +491,35 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } +#ifdef KSSL_DEBUG + { + unsigned long i; + printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", + ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", + ds->buf_len, ds->cipher->key_len, + DES_KEY_SZ, DES_SCHEDULE_SZ, + ds->cipher->iv_len); + printf("\t\tIV: "); + for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); + printf("\n"); + printf("\trec->input="); + for (i=0; i<l; i++) printf(" %02x", rec->input[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ + EVP_Cipher(ds,rec->data,rec->input,l); +#ifdef KSSL_DEBUG + { + unsigned long i; + printf("\trec->data="); + for (i=0; i<l; i++) + printf(" %02x", rec->data[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ + if ((bs != 1) && !send) { ii=i=rec->data[l-1]; @@ -586,6 +657,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; +#ifdef KSSL_DEBUG + printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); +#endif /* KSSL_DEBUG */ + /* Setup the stuff to munge */ memcpy(buf,TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE); @@ -596,6 +671,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); +#ifdef KSSL_DEBUG + printf ("tls1_generate_master_secret() complete\n"); +#endif /* KSSL_DEBUG */ return(SSL3_MASTER_SECRET_SIZE); } diff --git a/test/Makefile.ssl b/test/Makefile.ssl index eea811dcb..9eb48bc71 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -5,7 +5,7 @@ DIR= test TOP= .. CC= cc -INCLUDES= -I../include +INCLUDES= -I../include $(KRB5_INCLUDES) CFLAG= -g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -55,6 +55,8 @@ SSLTEST= ssltest RSATEST= rsa_test ENGINETEST= enginetest +TESTS= alltests + EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \ $(RC2TEST) $(RC4TEST) $(RC5TEST) \ $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ @@ -101,16 +103,18 @@ install: tags: ctags $(SRC) -tests: exe apps \ +tests: exe apps $(TESTS) + +apps: + @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) + +alltests: \ test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 \ - test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \ + test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \ test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_ssl test_rd - -apps: - @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) + test_ss test_ca test_engine test_ssl test_des: ./$(DESTEST) @@ -324,7 +328,7 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) @@ -352,7 +356,7 @@ bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -bntest.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +bntest.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h bntest.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -386,7 +390,7 @@ enginetest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -enginetest.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h +enginetest.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h enginetest.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h @@ -409,7 +413,7 @@ hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -hmactest.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h +hmactest.o: ../include/openssl/rd_fst.h ../include/openssl/rijndael.h hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -441,19 +445,19 @@ ssltest.o: ../include/openssl/des.h ../include/openssl/dh.h ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h ssltest.o: ../include/openssl/e_os2.h ../include/openssl/err.h ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssltest.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssltest.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssltest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssltest.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssltest.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h -ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h +ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssltest.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssltest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssltest.o: ../include/openssl/rc5.h ../include/openssl/rd_fst.h +ssltest.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h +ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h diff --git a/test/maketests.com b/test/maketests.com index 3eba56eb1..0f6d90fae 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -514,6 +514,7 @@ $ CHECK_OPTIONS: $! $! Check To See If P1 Is Blank. $! +$ P1 = "NORSAREF" $ IF (P1.EQS."NORSAREF") $ THEN $! diff --git a/test/tests.com b/test/tests.com index 4d9e308a4..a7257d412 100644 --- a/test/tests.com +++ b/test/tests.com @@ -225,6 +225,10 @@ $ write sys$output "Generate and certify a test certificate via the 'ca' pro $ @testca.com $ endif $ return +$ test_engine: +$ write sys$output "test Rijndael" +$ !mcr 'texe_dir''rdtest' +$ return $ $ $ exit: diff --git a/test/testssl b/test/testssl index 2151a6438..3ca5c8010 100644 --- a/test/testssl +++ b/test/testssl @@ -24,105 +24,111 @@ else CA="-CAfile $3" fi +if [ "$4" = "" ]; then + extra="" +else + extra="$4" +fi + ############################################################################# echo test sslv2 -$ssltest -ssl2 || exit 1 +$ssltest -ssl2 $extra || exit 1 echo test sslv2 with server authentication -$ssltest -ssl2 -server_auth $CA || exit 1 +$ssltest -ssl2 -server_auth $CA $extra || exit 1 if [ $dsa_cert = NO ]; then echo test sslv2 with client authentication - $ssltest -ssl2 -client_auth $CA || exit 1 + $ssltest -ssl2 -client_auth $CA $extra || exit 1 echo test sslv2 with both client and server authentication - $ssltest -ssl2 -server_auth -client_auth $CA || exit 1 + $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 fi echo test sslv3 -$ssltest -ssl3 || exit 1 +$ssltest -ssl3 $extra || exit 1 echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA || exit 1 +$ssltest -ssl3 -server_auth $CA $extra || exit 1 echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA || exit 1 +$ssltest -ssl3 -client_auth $CA $extra || exit 1 echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA || exit 1 +$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 -$ssltest || exit 1 +$ssltest $extra || exit 1 echo test sslv2/sslv3 with server authentication -$ssltest -server_auth $CA || exit 1 +$ssltest -server_auth $CA $extra || exit 1 echo test sslv2/sslv3 with client authentication -$ssltest -client_auth $CA || exit 1 +$ssltest -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication -$ssltest -server_auth -client_auth $CA || exit 1 +$ssltest -server_auth -client_auth $CA $extra || exit 1 echo test sslv2 via BIO pair -$ssltest -bio_pair -ssl2 || exit 1 +$ssltest -bio_pair -ssl2 $extra || exit 1 echo test sslv2 with server authentication via BIO pair -$ssltest -bio_pair -ssl2 -server_auth $CA || exit 1 +$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 if [ $dsa_cert = NO ]; then echo test sslv2 with client authentication via BIO pair - $ssltest -bio_pair -ssl2 -client_auth $CA || exit 1 + $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 echo test sslv2 with both client and server authentication via BIO pair - $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA || exit 1 + $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 fi echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 || exit 1 +$ssltest -bio_pair -ssl3 $extra || exit 1 echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA || exit 1 +$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA || exit 1 +$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA || exit 1 +$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 via BIO pair -$ssltest || exit 1 +$ssltest $extra || exit 1 if [ $dsa_cert = NO ]; then echo test sslv2/sslv3 w/o DHE via BIO pair - $ssltest -bio_pair -no_dhe || exit 1 + $ssltest -bio_pair -no_dhe $extra || exit 1 fi echo test sslv2/sslv3 with 1024bit DHE via BIO pair -$ssltest -bio_pair -dhe1024dsa -v || exit 1 +$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 echo test sslv2/sslv3 with server authentication -$ssltest -bio_pair -server_auth $CA || exit 1 +$ssltest -bio_pair -server_auth $CA $extra || exit 1 echo test sslv2/sslv3 with client authentication via BIO pair -$ssltest -bio_pair -client_auth $CA || exit 1 +$ssltest -bio_pair -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -server_auth -client_auth $CA || exit 1 +$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 ############################################################################# echo test tls1 with 1024bit anonymous DH, multiple handshakes -$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1 +$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 if ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 + ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 + ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi exit 0 diff --git a/util/libeay.num b/util/libeay.num index 959bf80fd..020d6ba2e 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -483,7 +483,7 @@ RSA_private_decrypt 490 EXIST::FUNCTION:RSA RSA_private_encrypt 491 EXIST::FUNCTION:RSA RSA_public_decrypt 492 EXIST::FUNCTION:RSA RSA_public_encrypt 493 EXIST::FUNCTION:RSA -RSA_set_default_method 494 EXIST::FUNCTION:RSA +RSA_set_default_method 494 NOEXIST::FUNCTION: RSA_sign 495 EXIST::FUNCTION:RSA RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA RSA_size 497 EXIST::FUNCTION:RSA @@ -1457,7 +1457,7 @@ d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION: PKCS7_signatureVerify 1845 EXIST::FUNCTION: RSA_set_method 1846 EXIST::FUNCTION:RSA RSA_get_method 1847 EXIST::FUNCTION:RSA -RSA_get_default_method 1848 EXIST::FUNCTION:RSA +RSA_get_default_method 1848 NOEXIST::FUNCTION: RSA_check_key 1869 EXIST::FUNCTION:RSA OBJ_obj2txt 1870 EXIST::FUNCTION: DSA_dup_DH 1871 EXIST::FUNCTION:DSA,DH @@ -1481,9 +1481,9 @@ DSA_new_method 1888 EXIST::FUNCTION:DSA DH_new_method 1889 EXIST::FUNCTION:DH DH_OpenSSL 1890 EXIST::FUNCTION:DH DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA -DH_get_default_method 1892 EXIST::FUNCTION:DH +DH_get_default_method 1892 NOEXIST::FUNCTION: DSA_set_ex_data 1893 EXIST::FUNCTION:DSA -DH_set_default_method 1894 EXIST::FUNCTION:DH +DH_set_default_method 1894 NOEXIST::FUNCTION: DSA_get_ex_data 1895 EXIST::FUNCTION:DSA X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION: NETSCAPE_SPKI_print 1897 EXIST::FUNCTION: @@ -1519,7 +1519,7 @@ EVP_PKEY_get1_DSA 1935 EXIST::FUNCTION:DSA ASN1_BMPSTRING_new 1936 EXIST::FUNCTION: ASN1_mbstring_copy 1937 EXIST::FUNCTION: ASN1_UTF8STRING_new 1938 EXIST::FUNCTION: -DSA_get_default_method 1941 EXIST::FUNCTION:DSA +DSA_get_default_method 1941 NOEXIST::FUNCTION: i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 NOEXIST::FUNCTION: ASN1_T61STRING_free 1946 EXIST::FUNCTION: DSA_set_method 1949 EXIST::FUNCTION:DSA @@ -1554,7 +1554,7 @@ i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:RSA ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION: i2d_PUBKEY 1987 EXIST::FUNCTION: ASN1_UTCTIME_free 1988 EXIST::FUNCTION: -DSA_set_default_method 1989 EXIST::FUNCTION:DSA +DSA_set_default_method 1989 NOEXIST::FUNCTION: X509_PURPOSE_get_by_id 1990 EXIST::FUNCTION: ACCESS_DESCRIPTION_free 1994 EXIST::FUNCTION: PEM_read_bio_PUBKEY 1995 EXIST::FUNCTION: @@ -1777,7 +1777,7 @@ NCONF_load_fp 2278 EXIST::FUNCTION:FP_API NCONF_new 2279 EXIST::FUNCTION: NCONF_get_string 2280 EXIST::FUNCTION: NCONF_free 2281 EXIST::FUNCTION: -NCONF_get_number 2282 EXIST::FUNCTION: +NCONF_get_number 2282 NOEXIST::FUNCTION: CONF_dump_fp 2283 EXIST::FUNCTION: NCONF_load_bio 2284 EXIST::FUNCTION: NCONF_dump_fp 2285 EXIST::FUNCTION: @@ -1795,7 +1795,7 @@ i2d_ASN1_SET_OF_PKCS7 2328 NOEXIST::FUNCTION: BIO_vfree 2334 EXIST::FUNCTION: d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: -ASN1_UTCTIME_get 2350 EXIST::FUNCTION: +ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION: X509_CRL_digest 2391 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: @@ -1872,7 +1872,7 @@ DSO_METHOD_vms 2462 EXIST::FUNCTION: BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: X509_print_ex 2464 EXIST::FUNCTION: X509_print_ex_fp 2465 EXIST::FUNCTION:FP_API -EVP_rijndael_ecb 2466 EXIST::FUNCTION: +EVP_rijndael_ecb 2466 EXIST::FUNCTION:RIJNDAEL NCONF_get_number_e 2467 EXIST::FUNCTION: ERR_load_ENGINE_strings 2468 EXIST::FUNCTION: ENGINE_set_DSA 2469 EXIST::FUNCTION: @@ -2030,9 +2030,9 @@ OCSP_BASICRESP_new 2618 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2619 EXIST::FUNCTION: OCSP_response_new 2620 EXIST::FUNCTION: i2a_OCSP_RESPID 2621 EXIST::FUNCTION: -OCSP_nochain_new 2622 EXIST::FUNCTION: +OCSP_nochain_new 2622 NOEXIST::FUNCTION: OCSP_RESPID_new 2623 EXIST::FUNCTION: -OCSP_add_standard_extension 2624 EXIST::FUNCTION: +OCSP_add_standard_extension 2624 NOEXIST::FUNCTION: OCSP_RESPBYTES_free 2625 EXIST::FUNCTION: i2d_OCSP_BASICRESP 2626 EXIST::FUNCTION: OCSP_SIGNATURE_new 2627 EXIST::FUNCTION: @@ -2044,3 +2044,27 @@ d2i_OCSP_SIGNATURE 2632 EXIST::FUNCTION: X509_ocspid_print 2633 EXIST::FUNCTION: OCSP_request_verify 2634 EXIST::FUNCTION: i2d_OCSP_REQUEST 2635 EXIST::FUNCTION: +ENGINE_load_chil 2636 EXIST::FUNCTION: +ENGINE_load_cswift 2637 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2638 EXIST::FUNCTION: +bn_dup_expand 2639 EXIST::FUNCTION: +ENGINE_load_nuron 2640 EXIST::FUNCTION: +ENGINE_load_atalla 2641 EXIST::FUNCTION: +rijndaelEncryptRound 2642 EXIST::FUNCTION: +rijndaelDecrypt 2643 EXIST::FUNCTION: +rijndaelKeyEncToDec 2644 EXIST::FUNCTION: +rijndaelDecryptRound 2645 EXIST::FUNCTION: +rijndaelEncrypt 2646 EXIST::FUNCTION: +rijndaelKeySched 2647 EXIST::FUNCTION: +OBJ_NAME_do_all_sorted 2648 EXIST::FUNCTION: +OBJ_NAME_do_all 2649 EXIST::FUNCTION: +BN_nnmod 2650 EXIST::FUNCTION: +BN_swap 2651 EXIST::FUNCTION: +BN_mod_add 2652 EXIST::FUNCTION: +BN_mod_lshift1 2653 EXIST::FUNCTION: +BN_mod_lshift 2654 EXIST::FUNCTION: +BN_mod_sub_quick 2655 EXIST::FUNCTION: +BN_mod_lshift1_quick 2656 EXIST::FUNCTION: +BN_mod_lshift_quick 2657 EXIST::FUNCTION: +BN_mod_add_quick 2658 EXIST::FUNCTION: +BN_mod_sub 2659 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 46755fa28..ccdeb56c5 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -68,7 +68,6 @@ and [options] can be one of debug - Debug build profile - Profiling build gcc - Use Gcc (unix) - rsaref - Build to require RSAref Values that can be set TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler @@ -218,7 +217,7 @@ $cflags.=" -DNO_SOCK" if $no_sock; $cflags.=" -DNO_SSL2" if $no_ssl2; $cflags.=" -DNO_SSL3" if $no_ssl3; $cflags.=" -DNO_ERR" if $no_err; -$cflags.=" -DRSAref" if $rsaref ne ""; +#$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) ## { $cflags="$c_flags" if ($c_flags ne ""); } @@ -873,6 +872,7 @@ sub read_options elsif (/^no-dsa$/) { $no_dsa=1; } elsif (/^no-dh$/) { $no_dh=1; } elsif (/^no-hmac$/) { $no_hmac=1; } + elsif (/^no-rijndael$/) { $no_rijndael=1; } elsif (/^no-asm$/) { $no_asm=1; } elsif (/^nasm$/) { $nasm=1; } elsif (/^gaswin$/) { $gaswin=1; } @@ -885,7 +885,7 @@ sub read_options $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; } - elsif (/^rsaref$/) { $rsaref=1; } + elsif (/^rsaref$/) { } elsif (/^gcc$/) { $gcc=1; } elsif (/^debug$/) { $debug=1; } elsif (/^profile$/) { $profile=1; } diff --git a/util/mkdef.pl b/util/mkdef.pl index 6d0f2cdc0..e9e21caa7 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -76,7 +76,8 @@ my @known_platforms = ( "__FreeBSD__", "VMS", "WIN16", "WIN32", "WINNT", "PERL5", "NeXT" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "HMAC", "FP_API" ); + "MDC2", "RSA", "DSA", "DH", "HMAC", "FP_API", + "RIJNDAEL" ); my $options=""; open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n"; @@ -91,7 +92,7 @@ close(IN); my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; -my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; +my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_rijndael; my $no_fp_api; foreach (@ARGV, split(/ /, $options)) @@ -103,7 +104,7 @@ foreach (@ARGV, split(/ /, $options)) $NT = 1; } $VMS=1 if $_ eq "VMS"; - $rsaref=1 if $_ eq "rsaref"; + #$rsaref=1 if $_ eq "rsaref"; $do_ssl=1 if $_ eq "ssleay"; $do_ssl=1 if $_ eq "ssl"; @@ -132,6 +133,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-dsa$/) { $no_dsa=1; } elsif (/^no-dh$/) { $no_dh=1; } elsif (/^no-hmac$/) { $no_hmac=1; } + elsif (/^no-rijndael$/) { $no_rijndael=1; } } @@ -147,7 +149,7 @@ if ($W16) { if (!$do_ssl && !$do_crypto) { - print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ] [rsaref]\n"; + print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ]\n"; exit(1); } @@ -172,6 +174,8 @@ $crypto.=" crypto/md5/md5.h" unless $no_md5; $crypto.=" crypto/mdc2/mdc2.h" unless $no_mdc2; $crypto.=" crypto/sha/sha.h" unless $no_sha; $crypto.=" crypto/ripemd/ripemd.h" unless $no_ripemd; +$crypto.=" crypto/rijndael/rijndael.h" unless $no_rijndael; +$crypto.=" crypto/rijndael/rd_fst.h" unless $no_rijndael; $crypto.=" crypto/bn/bn.h"; $crypto.=" crypto/rsa/rsa.h" unless $no_rsa; @@ -608,6 +612,7 @@ sub maybe_add_info { (my $name, *nums, my @symbols) = @_; my $sym; my $new_info = 0; + my %syms=(); print STDERR "Updating $name info\n"; foreach $sym (@symbols) { @@ -621,6 +626,16 @@ sub maybe_add_info { #print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n"; } } + $syms{sym} = 1; + } + + my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums; + foreach $sym (@s) { + (my $n, my $i) = split /\\/, $nums{$sym}; + if (!defined($syms{sym})) { + $new_info++; + #print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n"; + } } if ($new_info) { print STDERR "$new_info old symbols got an info update\n"; @@ -747,6 +762,7 @@ EOF && (!@a || (!$no_dsa || !grep(/^DSA$/,@a))) && (!@a || (!$no_dh || !grep(/^DH$/,@a))) && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a))) + && (!@a || (!$no_rijndael || !grep(/^RIJNDAEL$/,@a))) && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a))) ) { printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; @@ -848,12 +864,19 @@ sub rewrite_numbers $rsyms{$s} = 1; } + my %syms = (); + foreach $_ (@symbols) { + (my $n, my $i) = split /\\/; + $syms{$n} = 1; + } + my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums; foreach $sym (@s) { (my $n, my $i) = split /\\/, $nums{$sym}; next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/; next if defined($rsyms{$sym}); - $i="NOEXIST::FUNCTION:" if !defined($i) || $i eq ""; + $i="NOEXIST::FUNCTION:" + if !defined($i) || $i eq "" || !defined($syms{$sym}); printf OUT "%s%-40s%d\t%s\n","",$sym,$n,$i; if (exists $r{$sym}) { (my $s, $i) = split /\\/,$r{$sym}; diff --git a/util/mkerr.pl b/util/mkerr.pl index 7d98b5234..407ca2031 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -38,7 +38,7 @@ while (@ARGV) { } if($recurse) { - @source = (<crypto/*.c>, <crypto/*/*.c>, <rsaref/*.c>, <ssl/*.c>); + @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); } else { @source = @ARGV; } diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 47bc93415..128ed3941 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -23,6 +23,7 @@ my @dirs = ( "crypto/idea", "crypto/bf", "crypto/cast", +"crypto/rijndael", "crypto/bn", "crypto/rsa", "crypto/dsa", @@ -48,7 +49,6 @@ my @dirs = ( "crypto/engine", "crypto/ocsp", "ssl", -"rsaref", "apps", "test", "tools" diff --git a/util/mkstack.pl b/util/mkstack.pl index 3ee13fe7c..085c50f79 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -21,7 +21,7 @@ while (@ARGV) { } -@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <rsaref/*.[ch]>, <ssl/*.[ch]>); +@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>); foreach $file (@source) { next if -l $file; |