aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-10-01 12:32:41 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-10-01 12:32:41 +0000
commit50ef0093530d9eae8741fb66ae7161ad1d68dcca (patch)
tree69b3ffc611270d72c473248fe700c2942eb5e6b5 /crypto/openssl/crypto
parent5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70 (diff)
downloadsrc-50ef0093530d9eae8741fb66ae7161ad1d68dcca.tar.gz
src-50ef0093530d9eae8741fb66ae7161ad1d68dcca.zip
Vendor import of OpenSSL 0.9.7c
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=120631
Diffstat (limited to 'crypto/openssl/crypto')
-rw-r--r--crypto/openssl/crypto/aes/aes.h2
-rw-r--r--crypto/openssl/crypto/aes/aes_cbc.c12
-rw-r--r--crypto/openssl/crypto/aes/aes_ctr.c54
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_strnid.c40
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h2
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c2
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c9
-rw-r--r--crypto/openssl/crypto/bio/b_print.c21
-rw-r--r--crypto/openssl/crypto/bio/bf_buff.c1
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c55
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c21
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl1
-rw-r--r--crypto/openssl/crypto/bn/bn.h2
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c4
-rw-r--r--crypto/openssl/crypto/bn/bntest.c9
-rw-r--r--crypto/openssl/crypto/bn/exptest.c3
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c84
-rw-r--r--crypto/openssl/crypto/des/destest.c2
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl17
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c3
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c7
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl30
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c6
-rw-r--r--crypto/openssl/crypto/dso/dso_dlfcn.c6
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c13
-rw-r--r--crypto/openssl/crypto/engine/eng_fat.c8
-rw-r--r--crypto/openssl/crypto/engine/engine.h8
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec.c1
-rw-r--r--crypto/openssl/crypto/err/err.c42
-rw-r--r--crypto/openssl/crypto/err/err.h1
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl43
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c38
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c7
-rw-r--r--crypto/openssl/crypto/evp/c_all.c7
-rw-r--r--crypto/openssl/crypto/evp/digest.c2
-rw-r--r--crypto/openssl/crypto/evp/evp_acnf.c3
-rw-r--r--crypto/openssl/crypto/md2/md2test.c2
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-586.pl2
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-sparcv9.S4
-rw-r--r--crypto/openssl/crypto/o_time.c8
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_ht.c14
-rw-r--r--crypto/openssl/crypto/opensslconf.h11
-rw-r--r--crypto/openssl/crypto/opensslv.h4
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl3
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl3
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl3
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_npas.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c5
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_mime.c105
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_smime.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h2
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c14
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.ssl42
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h6
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c127
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c41
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c25
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c3
-rw-r--r--crypto/openssl/crypto/threads/mttest.c5
-rw-r--r--crypto/openssl/crypto/x509/by_file.c3
-rw-r--r--crypto/openssl/crypto/x509/x509_trs.c1
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c6
-rw-r--r--crypto/openssl/crypto/x509/x509type.c5
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c2
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c24
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c1
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c4
73 files changed, 717 insertions, 344 deletions
diff --git a/crypto/openssl/crypto/aes/aes.h b/crypto/openssl/crypto/aes/aes.h
index 8294a41a3ad6..da067f4a8fa5 100644
--- a/crypto/openssl/crypto/aes/aes.h
+++ b/crypto/openssl/crypto/aes/aes.h
@@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num);
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
- unsigned char counter[AES_BLOCK_SIZE],
+ unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num);
diff --git a/crypto/openssl/crypto/aes/aes_cbc.c b/crypto/openssl/crypto/aes/aes_cbc.c
index de438306b15a..86b27b10d612 100644
--- a/crypto/openssl/crypto/aes/aes_cbc.c
+++ b/crypto/openssl/crypto/aes/aes_cbc.c
@@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
- for(n=0; n < sizeof tmp; ++n)
+ for(n=0; n < AES_BLOCK_SIZE; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
memcpy(ivec, out, AES_BLOCK_SIZE);
@@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
for(n=len; n < AES_BLOCK_SIZE; ++n)
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
- memcpy(out, tmp, len);
- memcpy(ivec, tmp, sizeof tmp);
+ memcpy(out, tmp, AES_BLOCK_SIZE);
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
} else {
while (len >= AES_BLOCK_SIZE) {
- memcpy(tmp, in, sizeof tmp);
+ memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
@@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
out += AES_BLOCK_SIZE;
}
if (len) {
- memcpy(tmp, in, sizeof tmp);
+ memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
out[n] ^= ivec[n];
- memcpy(ivec, tmp, sizeof tmp);
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
}
diff --git a/crypto/openssl/crypto/aes/aes_ctr.c b/crypto/openssl/crypto/aes/aes_ctr.c
index 59088499a0a9..79e1c18f193c 100644
--- a/crypto/openssl/crypto/aes/aes_ctr.c
+++ b/crypto/openssl/crypto/aes/aes_ctr.c
@@ -62,19 +62,49 @@
/* NOTE: CTR mode is big-endian. The rest of the AES code
* is endian-neutral. */
-/* increment counter (128-bit int) by 2^64 */
+/* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter) {
unsigned long c;
- /* Grab 3rd dword of counter and increment */
+ /* Grab bottom dword of counter and increment */
#ifdef L_ENDIAN
- c = GETU32(counter + 8);
+ c = GETU32(counter + 0);
c++;
- PUTU32(counter + 8, c);
+ PUTU32(counter + 0, c);
#else
- c = GETU32(counter + 4);
+ c = GETU32(counter + 12);
c++;
- PUTU32(counter + 4, c);
+ PUTU32(counter + 12, c);
+#endif
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+ c = GETU32(counter + 4);
+ c++;
+ PUTU32(counter + 4, c);
+#else
+ c = GETU32(counter + 8);
+ c++;
+ PUTU32(counter + 8, c);
+#endif
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+ c = GETU32(counter + 8);
+ c++;
+ PUTU32(counter + 8, c);
+#else
+ c = GETU32(counter + 4);
+ c++;
+ PUTU32(counter + 4, c);
#endif
/* if no overflow, we're done */
@@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
* encrypted counter is kept in ecount_buf. Both *num and
* ecount_buf must be initialised with zeros before the first
* call to AES_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV. This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
*/
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
- unsigned char counter[AES_BLOCK_SIZE],
+ unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num) {
@@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
while (l--) {
if (n == 0) {
- AES_encrypt(counter, ecount_buf, key);
- AES_ctr128_inc(counter);
+ AES_encrypt(ivec, ecount_buf, key);
+ AES_ctr128_inc(ivec);
}
*(out++) = *(in++) ^ ecount_buf[n];
n = (n+1) % AES_BLOCK_SIZE;
diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c
index 5d981c655387..e8a26af521f2 100644
--- a/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/crypto/openssl/crypto/asn1/a_mbstr.c
@@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
static int out_utf8(unsigned long value, void *arg)
{
- long *outlen;
+ int *outlen;
outlen = arg;
*outlen += UTF8_putc(NULL, -1, value);
return 1;
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 1def6c654943..8abfdfe59804 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
* otherwise it is the number of bytes per character
*/
-const static char tag2nbyte[] = {
+const static signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
diff --git a/crypto/openssl/crypto/asn1/a_strnid.c b/crypto/openssl/crypto/asn1/a_strnid.c
index 04789d1c63fa..613bbc4a7da9 100644
--- a/crypto/openssl/crypto/asn1/a_strnid.c
+++ b/crypto/openssl/crypto/asn1/a_strnid.c
@@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
/* Now the tables and helper functions for the string table:
*/
-/* size limits: this stuff is taken straight from RFC2459 */
+/* size limits: this stuff is taken straight from RFC3280 */
#define ub_name 32768
#define ub_common_name 64
@@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
#define ub_organization_unit_name 64
#define ub_title 64
#define ub_email_address 128
+#define ub_serial_number 64
+
/* This table must be kept in NID order */
@@ -170,9 +172,11 @@ static ASN1_STRING_TABLE tbl_standard[] = {
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
};
@@ -249,4 +253,38 @@ static void st_free(ASN1_STRING_TABLE *tbl)
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
}
+
IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+ ASN1_STRING_TABLE *tmp;
+ int i, last_nid = -1;
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+ {
+ if (tmp->nid < last_nid)
+ {
+ last_nid = 0;
+ break;
+ }
+ last_nid = tmp->nid;
+ }
+
+ if (last_nid != 0)
+ {
+ printf("Table order OK\n");
+ exit(0);
+ }
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+ printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+ OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 99ba920eca1f..3414509f1b74 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -132,7 +132,7 @@ extern "C" {
#define B_ASN1_NUMERICSTRING 0x0001
#define B_ASN1_PRINTABLESTRING 0x0002
#define B_ASN1_T61STRING 0x0004
-#define B_ASN1_TELETEXSTRING 0x0008
+#define B_ASN1_TELETEXSTRING 0x0004
#define B_ASN1_VIDEOTEXSTRING 0x0008
#define B_ASN1_IA5STRING 0x0010
#define B_ASN1_GRAPHICSTRING 0x0020
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index 0638870ab78f..e30d5dd303c9 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
index 76fc023230a8..2426cb6253a3 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
{
+ ASN1_VALUE **opval = NULL;
ASN1_STRING *stmp;
ASN1_TYPE *typ = NULL;
int ret = 0;
@@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
*pval = (ASN1_VALUE *)typ;
} else typ = (ASN1_TYPE *)*pval;
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+ opval = pval;
pval = (ASN1_VALUE **)&typ->value.ptr;
}
switch(utype) {
@@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
ret = 1;
err:
- if(!ret) ASN1_TYPE_free(typ);
+ if(!ret)
+ {
+ ASN1_TYPE_free(typ);
+ if (opval)
+ *opval = NULL;
+ }
return ret;
}
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index 3f5d6a74bf0c..2cfc689dd6b4 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -378,7 +378,7 @@ _dopr(
case 'p':
value = (long)va_arg(args, void *);
fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 16, min, max, flags);
+ value, 16, min, max, flags|DP_F_NUM);
break;
case 'n': /* XXX */
if (cflags == DP_C_SHORT) {
@@ -482,8 +482,9 @@ fmtint(
int flags)
{
int signvalue = 0;
+ char *prefix = "";
unsigned LLONG uvalue;
- char convert[DECIMAL_SIZE(value)+1];
+ char convert[DECIMAL_SIZE(value)+3];
int place = 0;
int spadlen = 0;
int zpadlen = 0;
@@ -501,6 +502,10 @@ fmtint(
else if (flags & DP_F_SPACE)
signvalue = ' ';
}
+ if (flags & DP_F_NUM) {
+ if (base == 8) prefix = "0";
+ if (base == 16) prefix = "0x";
+ }
if (flags & DP_F_UP)
caps = 1;
do {
@@ -514,7 +519,7 @@ fmtint(
convert[place] = 0;
zpadlen = max - place;
- spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+ spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
@@ -536,6 +541,12 @@ fmtint(
if (signvalue)
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ /* prefix */
+ while (*prefix) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+ prefix++;
+ }
+
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
@@ -692,7 +703,7 @@ fmtfp(
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
- if (max > 0) {
+ if (max > 0 || (flags & DP_F_NUM)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
while (fplace > 0)
@@ -825,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
* had the buffer been large enough.) */
return -1;
else
- return (retlen <= INT_MAX) ? retlen : -1;
+ return (retlen <= INT_MAX) ? (int)retlen : -1;
}
diff --git a/crypto/openssl/crypto/bio/bf_buff.c b/crypto/openssl/crypto/bio/bf_buff.c
index 1cecd7057956..c1fd75aaad80 100644
--- a/crypto/openssl/crypto/bio/bf_buff.c
+++ b/crypto/openssl/crypto/bio/bf_buff.c
@@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
if (i <= 0)
{
BIO_copy_next_retry(b);
+ *buf='\0';
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c
index aa58dab046b2..0f9f0955b411 100644
--- a/crypto/openssl/crypto/bio/bss_bio.c
+++ b/crypto/openssl/crypto/bio/bss_bio.c
@@ -1,4 +1,57 @@
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
/* Special method for a BIO where the other endpoint is also a BIO
* of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_C_DESTROY_BIO_PAIR:
- /* Effects both BIOs in the pair -- call just once!
+ /* Affects both BIOs in the pair -- call just once!
* Or let BIO_free(bio1); BIO_free(bio2); do the job. */
bio_destroy_pair(bio);
ret = 1;
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index a66600c1a34c..6904b5c081c4 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr;
b->init=1;
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
- /* Set correct text/binary mode */
+#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
+#elif defined(OPENSSL_SYS_MSDOS)
+ {
+ int fd = fileno((FILE*)ptr);
+ /* Set correct text/binary mode */
+ if (num & BIO_FP_TEXT)
+ _setmode(fd,_O_TEXT);
+ /* Dangerous to set stdin/stdout to raw (unless redirected) */
+ else
+ {
+ if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
+ {
+ if (isatty(fd) <= 0)
+ _setmode(fd,_O_BINARY);
+ }
+ else
+ _setmode(fd,_O_BINARY);
+ }
+ }
#elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT)
setmode(fileno((FILE *)ptr), O_TEXT);
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
index c1547a8e6d06..090fccdf7d29 100644
--- a/crypto/openssl/crypto/bn/Makefile.ssl
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -22,6 +22,7 @@ BN_ASM= bn_asm.o
#BN_ASM= bn86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=bntest.c exptest.c
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
index b40682f83182..3da6d8ced90b 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -248,6 +248,8 @@ typedef struct bn_blinding_st
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *mod; /* just a reference */
+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+ * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
} BN_BLINDING;
/* Used for montgomery multiplication */
diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c
index cb93ac335692..3ae3822bc2af 100644
--- a/crypto/openssl/crypto/bn/bn_mul.c
+++ b/crypto/openssl/crypto/bn/bn_mul.c
@@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
int n, BN_ULONG *t)
{
int i,j,n2=n*2;
- unsigned int c1,c2,neg,zero;
+ int c1,c2,neg,zero;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < c1)
+ if (ln < (BN_ULONG)c1)
{
do {
p++;
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index 3aae9451deaf..3c8c540387a4 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -68,10 +68,6 @@
#include <openssl/x509.h>
#include <openssl/err.h>
-#ifdef OPENSSL_SYS_WINDOWS
-#include "../bio/bss_file.c"
-#endif
-
const int num0 = 100; /* number of tests */
const int num1 = 50; /* additional tests for some functions */
const int num2 = 5; /* number of tests for slow functions */
@@ -96,11 +92,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx);
int rand_neg(void);
static int results=0;
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#include "bss_file.c"
-#endif
-
static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c
index 621e6a9eeeb5..b09cf8870550 100644
--- a/crypto/openssl/crypto/bn/exptest.c
+++ b/crypto/openssl/crypto/bn/exptest.c
@@ -66,9 +66,6 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/err.h>
-#ifdef OPENSSL_SYS_WINDOWS
-#include "../bio/bss_file.c"
-#endif
#define NUM_BITS (BN_BITS*2)
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c
index 17bf77ca9e38..2600bdfc93a9 100644
--- a/crypto/openssl/crypto/des/cfb_enc.c
+++ b/crypto/openssl/crypto/des/cfb_enc.c
@@ -64,32 +64,22 @@
* the second. The second 12 bits will come from the 3rd and half the 4th
* byte.
*/
+/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
+ * length */
+/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben. */
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
- long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ int enc)
{
register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
- register DES_LONG mask0,mask1;
register unsigned long l=length;
register int num=numbits;
DES_LONG ti[2];
unsigned char *iv;
+ unsigned char ovec[16];
if (num > 64) return;
- if (num > 32)
- {
- mask0=0xffffffffL;
- if (num == 64)
- mask1=mask0;
- else mask1=(1L<<(num-32))-1;
- }
- else
- {
- if (num == 32)
- mask0=0xffffffffL;
- else mask0=(1L<<num)-1;
- mask1=0x00000000L;
- }
-
iv = &(*ivec)[0];
c2l(iv,v0);
c2l(iv,v1);
@@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
c2ln(in,d0,d1,n);
in+=n;
- d0=(d0^ti[0])&mask0;
- d1=(d1^ti[1])&mask1;
+ d0^=ti[0];
+ d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
/* 30-08-94 - eay - changed because l>>32 and
@@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
- else if (num > 32) /* && num != 64 */
- {
- v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
- v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
- }
- else /* num < 32 */
+ else
{
- v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
- v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+ iv=&ovec[0];
+ l2c(v0,iv);
+ l2c(v1,iv);
+ l2c(d0,iv);
+ l2c(d1,iv);
+ /* shift ovec left most of the bits... */
+ memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+ /* now the remaining bits */
+ if(num%8 != 0)
+ for(n=0 ; n < 8 ; ++n)
+ {
+ ovec[n]<<=num%8;
+ ovec[n]|=ovec[n+1]>>(8-num%8);
+ }
+ iv=&ovec[0];
+ c2l(iv,v0);
+ c2l(iv,v1);
}
}
}
@@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
- else if (num > 32) /* && num != 64 */
- {
- v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
- v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
- }
- else /* num < 32 */
+ else
{
- v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
- v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+ iv=&ovec[0];
+ l2c(v0,iv);
+ l2c(v1,iv);
+ l2c(d0,iv);
+ l2c(d1,iv);
+ /* shift ovec left most of the bits... */
+ memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+ /* now the remaining bits */
+ if(num%8 != 0)
+ for(n=0 ; n < 8 ; ++n)
+ {
+ ovec[n]<<=num%8;
+ ovec[n]|=ovec[n+1]>>(8-num%8);
+ }
+ iv=&ovec[0];
+ c2l(iv,v0);
+ c2l(iv,v1);
}
- d0=(d0^ti[0])&mask0;
- d1=(d1^ti[1])&mask1;
+ d0^=ti[0];
+ d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
}
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c
index 687c00c79229..3983ac8e5f1a 100644
--- a/crypto/openssl/crypto/des/destest.c
+++ b/crypto/openssl/crypto/des/destest.c
@@ -431,7 +431,7 @@ int main(int argc, char *argv[])
#ifndef LIBDES_LIT
printf("Doing ede ecb\n");
- for (i=0; i<(NUM_TESTS-1); i++)
+ for (i=0; i<(NUM_TESTS-2); i++)
{
DES_set_key_unchecked(&key_data[i],&ks);
DES_set_key_unchecked(&key_data[i+1],&ks2);
diff --git a/crypto/openssl/crypto/dh/Makefile.ssl b/crypto/openssl/crypto/dh/Makefile.ssl
index ed47f85d0773..1c447e971f87 100644
--- a/crypto/openssl/crypto/dh/Makefile.ssl
+++ b/crypto/openssl/crypto/dh/Makefile.ssl
@@ -112,17 +112,14 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c
-dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-dh_key.o: ../cryptlib.h dh_key.c
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 6ce65ed5f37c..77f2f50b5166 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -61,9 +61,6 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c
index 27237741da06..d75077f9fa08 100644
--- a/crypto/openssl/crypto/dh/dhtest.c
+++ b/crypto/openssl/crypto/dh/dhtest.c
@@ -62,9 +62,6 @@
#include "../e_os.h"
-#ifdef OPENSSL_SYS_WINDOWS
-#include "../bio/bss_file.c"
-#endif
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
@@ -87,10 +84,6 @@ int main(int argc, char *argv[])
#endif
static void MS_CALLBACK cb(int p, int n, void *arg);
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#include "bss_file.c"
-#endif
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl
index 08e692dc2ddf..014d0063477e 100644
--- a/crypto/openssl/crypto/dsa/Makefile.ssl
+++ b/crypto/openssl/crypto/dsa/Makefile.ssl
@@ -143,35 +143,29 @@ dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_ossl.o: ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_ossl.o: ../cryptlib.h dsa_ossl.c
dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_sign.o: ../cryptlib.h dsa_sign.c
dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-dsa_vrf.o: ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index 68d91dbe23bc..b9e7f3ea5c66 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -64,9 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c
index 5cdc8ed8511b..89205026f01b 100644
--- a/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -64,9 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c
index fffb129f8f3b..c4aeddd05604 100644
--- a/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -65,9 +65,6 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
index d4d038ae6f1b..4734ce4af851 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -68,12 +68,6 @@
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifdef OPENSSL_SYS_WINDOWS
-#include "../bio/bss_file.c"
-#endif
#ifdef OPENSSL_NO_DSA
int main(int argc, char *argv[])
diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c
index 906b4703de71..9d49ebc25373 100644
--- a/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ b/crypto/openssl/crypto/dso/dso_dlfcn.c
@@ -125,7 +125,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
# endif
# endif
#else
-# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+# ifdef OPENSSL_SYS_SUNOS
+# define DLOPEN_FLAG 1
+# else
+# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+# endif
#endif
/* For this DSO_METHOD, our meth_data STACK will contain;
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 4dbc93112062..16822a73cf51 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
* (thus the boundaries should be increased)
*/
#define EC_window_bits_for_scalar_size(b) \
- ((b) >= 2000 ? 6 : \
- (b) >= 800 ? 5 : \
- (b) >= 300 ? 4 : \
- (b) >= 70 ? 3 : \
- (b) >= 20 ? 2 : \
- 1)
+ ((size_t) \
+ ((b) >= 2000 ? 6 : \
+ (b) >= 800 ? 5 : \
+ (b) >= 300 ? 4 : \
+ (b) >= 70 ? 3 : \
+ (b) >= 20 ? 2 : \
+ 1))
/* Compute
* \sum scalars[i]*points[i],
diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/openssl/crypto/engine/eng_fat.c
index f7edb5ad32f0..0d7dae00b243 100644
--- a/crypto/openssl/crypto/engine/eng_fat.c
+++ b/crypto/openssl/crypto/engine/eng_fat.c
@@ -66,18 +66,18 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
return 0;
#ifndef OPENSSL_NO_RSA
- if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
+ if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
- if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
+ if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DH
- if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
+ if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
return 0;
#endif
- if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
+ if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
return 0;
return 1;
}
diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h
index 8686879e1a33..9c3ab182d379 100644
--- a/crypto/openssl/crypto/engine/engine.h
+++ b/crypto/openssl/crypto/engine/engine.h
@@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void);
/**************************/
/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100
+#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
/* Binary versions older than this are too old for us (whether we're a loader or
* a loadee) */
-#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100
+#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
/* When compiling an ENGINE entirely as an external shared library, loadable by
* the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
@@ -630,6 +630,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
if(!fn(e,id)) return 0; \
return 1; }
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+void ENGINE_setup_bsd_cryptodev(void);
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff --git a/crypto/openssl/crypto/engine/hw_ubsec.c b/crypto/openssl/crypto/engine/hw_ubsec.c
index 6286dd851c61..5234a08a07bd 100644
--- a/crypto/openssl/crypto/engine/hw_ubsec.c
+++ b/crypto/openssl/crypto/engine/hw_ubsec.c
@@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
return 0;
}
- memset(r->d, 0, BN_num_bytes(m));
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index b873270c049a..633a1addfe8c 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -225,6 +225,7 @@ struct st_ERR_FNS
ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
/* Works on the "thread_hash" error-state table */
LHASH *(*cb_thread_get)(int create);
+ void (*cb_thread_release)(LHASH **hash);
ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
void (*cb_thread_del_item)(const ERR_STATE *);
@@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
static LHASH *int_thread_get(int create);
+static void int_thread_release(LHASH **hash);
static ERR_STATE *int_thread_get_item(const ERR_STATE *);
static ERR_STATE *int_thread_set_item(ERR_STATE *);
static void int_thread_del_item(const ERR_STATE *);
@@ -252,6 +254,7 @@ static const ERR_FNS err_defaults =
int_err_set_item,
int_err_del_item,
int_thread_get,
+ int_thread_release,
int_thread_get_item,
int_thread_set_item,
int_thread_del_item,
@@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL;
* and state in the loading application. */
static LHASH *int_error_hash = NULL;
static LHASH *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
static int int_err_library_number= ERR_LIB_USER;
/* Internal function that checks whether "err_fns" is set and if not, sets it to
@@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create)
CRYPTO_pop_info();
}
if (int_thread_hash)
+ {
+ int_thread_hash_references++;
ret = int_thread_hash;
+ }
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
return ret;
}
+static void int_thread_release(LHASH **hash)
+ {
+ int i;
+
+ if (hash == NULL || *hash == NULL)
+ return;
+
+ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+
+#ifdef REF_PRINT
+ fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"int_thread_release, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+ *hash = NULL;
+ }
+
static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
{
ERR_STATE *p;
@@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
p = (ERR_STATE *)lh_retrieve(hash, d);
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+ ERRFN(thread_release)(&hash);
return p;
}
@@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
p = (ERR_STATE *)lh_insert(hash, d);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ ERRFN(thread_release)(&hash);
return p;
}
@@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d)
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
p = (ERR_STATE *)lh_delete(hash, d);
/* make sure we don't leak memory */
- if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+ if (int_thread_hash_references == 1
+ && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
{
lh_free(int_thread_hash);
int_thread_hash = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ ERRFN(thread_release)(&hash);
if (p)
ERR_STATE_free(p);
}
@@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void)
return ERRFN(thread_get)(0);
}
+void ERR_release_err_state_table(LHASH **hash)
+ {
+ err_fns_check();
+ ERRFN(thread_release)(hash);
+ }
+
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p;
diff --git a/crypto/openssl/crypto/err/err.h b/crypto/openssl/crypto/err/err.h
index 988ef81aa0dc..8faa3a7b4f55 100644
--- a/crypto/openssl/crypto/err/err.h
+++ b/crypto/openssl/crypto/err/err.h
@@ -278,6 +278,7 @@ ERR_STATE *ERR_get_state(void);
#ifndef OPENSSL_NO_LHASH
LHASH *ERR_get_string_table(void);
LHASH *ERR_get_err_state_table(void);
+void ERR_release_err_state_table(LHASH **hash);
#endif
int ERR_get_next_error_library(void);
diff --git a/crypto/openssl/crypto/evp/Makefile.ssl b/crypto/openssl/crypto/evp/Makefile.ssl
index 94f61b38ec1d..772afd71f5a0 100644
--- a/crypto/openssl/crypto/evp/Makefile.ssl
+++ b/crypto/openssl/crypto/evp/Makefile.ssl
@@ -70,7 +70,7 @@ links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
+ cp $(TESTDATA) ../../test
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@@ -496,21 +497,19 @@ evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-evp_acnf.o: ../cryptlib.h evp_acnf.c
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c
index 6e550f6a430e..33349c2f9892 100644
--- a/crypto/openssl/crypto/evp/bio_b64.c
+++ b/crypto/openssl/crypto/evp/bio_b64.c
@@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
- if (ctx->cont <= 0) break;
+
+ if (ctx->cont <= 0)
+ break;
i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
B64_BLOCK_SIZE-ctx->tmp_len);
@@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
+ {
ctx->cont=i;
- /* else we should continue when called again */
- break;
+ /* If buffer empty break */
+ if(ctx->tmp_len == 0)
+ break;
+ /* Fall through and process what we have */
+ else
+ i = 0;
+ }
+ /* else we retry and add more data to buffer */
+ else
+ break;
}
i+=ctx->tmp_len;
+ ctx->tmp_len = i;
/* We need to scan, a line at a time until we
* have a valid line if we are starting. */
@@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl)
* reading until a new line. */
if (p == (unsigned char *)&(ctx->tmp[0]))
{
- ctx->tmp_nl=1;
- ctx->tmp_len=0;
+ /* Check buffer full */
+ if (i == B64_BLOCK_SIZE)
+ {
+ ctx->tmp_nl=1;
+ ctx->tmp_len=0;
+ }
}
else if (p != q) /* finished on a '\n' */
{
@@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl)
else
ctx->tmp_len=0;
}
+ /* If buffer isn't full and we can retry then
+ * restart to read in more data.
+ */
+ else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+ continue;
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
@@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl)
i=EVP_DecodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)ctx->tmp,i);
+ ctx->tmp_len = 0;
}
- ctx->cont=i;
ctx->buf_off=0;
if (i < 0)
{
@@ -484,10 +505,7 @@ again:
{
i=b64_write(b,NULL,0);
if (i < 0)
- {
- ret=i;
- break;
- }
+ return i;
}
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c
index 510e1bc8a4c2..ab8185150344 100644
--- a/crypto/openssl/crypto/evp/bio_enc.c
+++ b/crypto/openssl/crypto/evp/bio_enc.c
@@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl)
if (i <= 0)
{
BIO_copy_next_retry(b);
- return(i);
+ return (ret == inl) ? i : ret - inl;
}
n-=i;
ctx->buf_off+=i;
@@ -325,10 +325,7 @@ again:
{
i=enc_write(b,NULL,0);
if (i < 0)
- {
- ret=i;
- break;
- }
+ return i;
}
if (!ctx->finished)
diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/openssl/crypto/evp/c_all.c
index af3dd261629a..fa60a73ead13 100644
--- a/crypto/openssl/crypto/evp/c_all.c
+++ b/crypto/openssl/crypto/evp/c_all.c
@@ -59,6 +59,9 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
#if 0
#undef OpenSSL_add_all_algorithms
@@ -73,7 +76,9 @@ void OPENSSL_add_all_algorithms_noconf(void)
{
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#ifndef OPENSSL_NO_ENGINE
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
ENGINE_setup_bsd_cryptodev();
+# endif
#endif
}
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index 5b2104ac120f..b22eed442115 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -187,12 +187,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
ctx->engine = NULL;
}
else
-#endif
if(!ctx->digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
return 0;
}
+#endif
if (ctx->digest != type)
{
if (ctx->digest && ctx->digest->ctx_size)
diff --git a/crypto/openssl/crypto/evp/evp_acnf.c b/crypto/openssl/crypto/evp/evp_acnf.c
index 54c073ca444c..ff3e311cc527 100644
--- a/crypto/openssl/crypto/evp/evp_acnf.c
+++ b/crypto/openssl/crypto/evp/evp_acnf.c
@@ -59,9 +59,6 @@
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/conf.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
/* Load all algorithms and configure OpenSSL.
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c
index 901d0a7d8ea6..9c1e28b6ce80 100644
--- a/crypto/openssl/crypto/md2/md2test.c
+++ b/crypto/openssl/crypto/md2/md2test.c
@@ -59,7 +59,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <openssl/md2.h>
#include "../e_os.h"
@@ -71,6 +70,7 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/evp.h>
+#include <openssl/md2.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
index 56cab5d882ba..2d4df972ffb6 100644
--- a/crypto/openssl/crypto/md5/Makefile.ssl
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -6,7 +6,7 @@ DIR= md5
TOP= ../..
CC= cc
CPP= $(CC) -E
-INCLUDES=
+INCLUDES=-I.. -I$(TOP) -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@@ -20,6 +20,7 @@ AR= ar r
MD5_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=md5test.c
diff --git a/crypto/openssl/crypto/md5/asm/md5-586.pl b/crypto/openssl/crypto/md5/asm/md5-586.pl
index 5fc6a205ce00..fa3fa3bed59c 100644
--- a/crypto/openssl/crypto/md5/asm/md5-586.pl
+++ b/crypto/openssl/crypto/md5/asm/md5-586.pl
@@ -293,7 +293,7 @@ sub md5_block
&mov(&DWP(12,$tmp2,"",0),$D);
&cmp($tmp1,$X) unless $normal; # check count
- &jge(&label("start")) unless $normal;
+ &jae(&label("start")) unless $normal;
&pop("eax"); # pop the temp variable off the stack
&pop("ebx");
diff --git a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
index a599ed5660bc..db45aa4c9774 100644
--- a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
+++ b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
@@ -34,10 +34,12 @@
*
* or if above fails (it does if you have gas):
*
- * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
* as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
*/
+#include <openssl/e_os2.h>
+
#define A %o0
#define B %o1
#define C %o2
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c
index ca5f3ea48e0a..785468131e10 100644
--- a/crypto/openssl/crypto/o_time.c
+++ b/crypto/openssl/crypto/o_time.c
@@ -73,15 +73,17 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
{
struct tm *ts = NULL;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
/* should return &data, but doesn't on some systems,
so we don't even look at the return value */
gmtime_r(timer,result);
ts = result;
#elif !defined(OPENSSL_SYS_VMS)
ts = gmtime(timer);
- if (ts != NULL)
- memcpy(result, ts, sizeof(struct tm));
+ if (ts == NULL)
+ return NULL;
+
+ memcpy(result, ts, sizeof(struct tm));
ts = result;
#endif
#ifdef OPENSSL_SYS_VMS
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ht.c b/crypto/openssl/crypto/ocsp/ocsp_ht.c
index 357709a843c2..9213e58ae49c 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_ht.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_ht.c
@@ -110,7 +110,7 @@ Content-Length: %d\r\n\r\n";
}
/* Parse the HTTP response. This will look like this:
* "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * informational message.
+ * (optional) informational message.
*/
/* Skip to first white space (passed protocol info) */
@@ -138,13 +138,19 @@ Content-Length: %d\r\n\r\n";
if(*r) goto err;
/* Skip over any leading white space in message */
while(*q && isspace((unsigned char)*q)) q++;
- if(!*q) goto err;
+ if(*q) {
/* Finally zap any trailing white space in message (include CRLF) */
/* We know q has a non white space character so this is OK */
- for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+ for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+ }
if(retcode != 200) {
OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
- ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+ if(!*q) {
+ ERR_add_error_data(2, "Code=", p);
+ }
+ else {
+ ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+ }
goto err;
}
/* Find blank line marking beginning of content */
diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h
index 492041bc7cb5..fe6ff88bdc6a 100644
--- a/crypto/openssl/crypto/opensslconf.h
+++ b/crypto/openssl/crypto/opensslconf.h
@@ -2,6 +2,9 @@
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_SYSNAME_WIN16
+# define OPENSSL_SYSNAME_WIN16
+#endif
#ifndef OPENSSL_DOING_MAKEDEPEND
#ifndef OPENSSL_NO_KRB5
@@ -41,7 +44,7 @@
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
+#define MD2_INT unsigned char
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
@@ -98,7 +101,7 @@
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
-#undef RC4_INDEX
+#define RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
@@ -112,7 +115,7 @@
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
-#undef DES_PTR
+#define DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
@@ -133,7 +136,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
-#undef DES_UNROLL
+#define DES_UNROLL
#endif
/* These default values were supplied by
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 396ae7b3dced..e226d9de7969 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090701fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7a Feb 19 2003"
+#define OPENSSL_VERSION_NUMBER 0x0090703fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl
index 35f1a4ddb931..fbb4afb9bda4 100644
--- a/crypto/openssl/crypto/perlasm/x86ms.pl
+++ b/crypto/openssl/crypto/perlasm/x86ms.pl
@@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
+sub main'ja { &out1("ja",@_); }
+sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
+sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jnz { &out1("jnz",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl
index f30b7466d45d..30346af4eac7 100644
--- a/crypto/openssl/crypto/perlasm/x86nasm.pl
+++ b/crypto/openssl/crypto/perlasm/x86nasm.pl
@@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
sub main'jz { &out1("jz NEAR",@_); }
sub main'jge { &out1("jge NEAR",@_); }
sub main'jl { &out1("jl NEAR",@_); }
+sub main'ja { &out1("ja NEAR",@_); }
+sub main'jae { &out1("jae NEAR",@_); }
sub main'jb { &out1("jb NEAR",@_); }
+sub main'jbe { &out1("jbe NEAR",@_); }
sub main'jc { &out1("jc NEAR",@_); }
sub main'jnc { &out1("jnc NEAR",@_); }
sub main'jnz { &out1("jnz NEAR",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl
index 72bde061c563..10b669bf049e 100644
--- a/crypto/openssl/crypto/perlasm/x86unix.pl
+++ b/crypto/openssl/crypto/perlasm/x86unix.pl
@@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
+sub main'ja { &out1("ja",@_); }
+sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
+sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jno { &out1("jno",@_); }
diff --git a/crypto/openssl/crypto/pkcs12/p12_npas.c b/crypto/openssl/crypto/pkcs12/p12_npas.c
index a549433eebb9..af708a27436e 100644
--- a/crypto/openssl/crypto/pkcs12/p12_npas.c
+++ b/crypto/openssl/crypto/pkcs12/p12_npas.c
@@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
{
STACK_OF(PKCS7) *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
- int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
+ int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
index 0060a2ea3df2..190ca0e9bf57 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
if (EVP_MD_CTX_type(mdc) == md_type)
break;
+ /* Workaround for some broken clients that put the signature
+ * OID instead of the digest OID in digest_alg->algorithm
+ */
+ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+ break;
btmp=BIO_next(btmp);
}
diff --git a/crypto/openssl/crypto/pkcs7/pk7_mime.c b/crypto/openssl/crypto/pkcs7/pk7_mime.c
index 086d39427012..5d2a97839d2b 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_mime.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a,
static void mime_param_free(MIME_PARAM *param);
static int mime_bound_check(char *line, int linelen, char *bound, int blen);
static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int iscrlf(char c);
+static int strip_eol(char *linebuf, int *plen);
static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
static void mime_hdr_free(MIME_HEADER *hdr);
@@ -150,9 +150,17 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
- char linebuf[MAX_SMLEN];
char bound[33], c;
int i;
+ char *mime_prefix, *mime_eol;
+ if (flags & PKCS7_NOOLDMIMETYPE)
+ mime_prefix = "application/pkcs7-";
+ else
+ mime_prefix = "application/x-pkcs7-";
+ if (flags & PKCS7_CRLFEOL)
+ mime_eol = "\r\n";
+ else
+ mime_eol = "\n";
if((flags & PKCS7_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
@@ -164,34 +172,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
bound[i] = c;
}
bound[32] = 0;
- BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Type: multipart/signed;");
- BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
- BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
- BIO_printf(bio, "This is an S/MIME signed message\n\n");
+ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+ BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
+ bound, mime_eol, mime_eol);
+ BIO_printf(bio, "This is an S/MIME signed message%s%s",
+ mime_eol, mime_eol);
/* Now write out the first part */
- BIO_printf(bio, "------%s\n", bound);
- if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
- while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
- BIO_write(bio, linebuf, i);
- BIO_printf(bio, "\n------%s\n", bound);
+ BIO_printf(bio, "------%s%s", bound, mime_eol);
+ SMIME_crlf_copy(data, bio, flags);
+ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
/* Headers for signature */
- BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
- BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
- BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+ mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+ mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
- BIO_printf(bio,"\n------%s--\n\n", bound);
+ BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+ mime_eol, mime_eol);
return 1;
}
/* MIME headers */
- BIO_printf(bio, "MIME-Version: 1.0\n");
- BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
- BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
- BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
+ BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+ mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
- BIO_printf(bio, "\n");
+ BIO_printf(bio, "%s", mime_eol);
return 1;
}
@@ -316,12 +332,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
}
if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
- eol = 0;
- while(iscrlf(linebuf[len - 1])) {
- len--;
- eol = 1;
- }
- BIO_write(out, linebuf, len);
+ eol = strip_eol(linebuf, &len);
+ if (len)
+ BIO_write(out, linebuf, len);
if(eol) BIO_write(out, "\r\n", 2);
}
return 1;
@@ -364,6 +377,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
{
char linebuf[MAX_SMLEN];
int len, blen;
+ int eol = 0, next_eol = 0;
BIO *bpart = NULL;
STACK_OF(BIO) *parts;
char state, part, first;
@@ -383,26 +397,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
sk_BIO_push(parts, bpart);
return 1;
} else if(part) {
+ /* Strip CR+LF from linebuf */
+ next_eol = strip_eol(linebuf, &len);
if(first) {
first = 0;
if(bpart) sk_BIO_push(parts, bpart);
bpart = BIO_new(BIO_s_mem());
-
- } else BIO_write(bpart, "\r\n", 2);
- /* Strip CR+LF from linebuf */
- while(iscrlf(linebuf[len - 1])) len--;
- BIO_write(bpart, linebuf, len);
+ BIO_set_mem_eof_return(bpart, 0);
+ } else if (eol)
+ BIO_write(bpart, "\r\n", 2);
+ eol = next_eol;
+ if (len)
+ BIO_write(bpart, linebuf, len);
}
}
return 0;
}
-static int iscrlf(char c)
-{
- if(c == '\r' || c == '\n') return 1;
- return 0;
-}
-
/* This is the big one: parse MIME header lines up to message body */
#define MIME_INVALID 0
@@ -683,3 +694,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
}
return 0;
}
+
+static int strip_eol(char *linebuf, int *plen)
+ {
+ int len = *plen;
+ char *p, c;
+ int is_eol = 0;
+ p = linebuf + len - 1;
+ for (p = linebuf + len - 1; len > 0; len--, p--)
+ {
+ c = *p;
+ if (c == '\n')
+ is_eol = 1;
+ else if (c != '\r')
+ break;
+ }
+ *plen = len;
+ return is_eol;
+ }
diff --git a/crypto/openssl/crypto/pkcs7/pk7_smime.c b/crypto/openssl/crypto/pkcs7/pk7_smime.c
index f0d071e2824a..6e5735de1187 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_smime.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_smime.c
@@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h
index 5819700a8502..15372e18f8c0 100644
--- a/crypto/openssl/crypto/pkcs7/pkcs7.h
+++ b/crypto/openssl/crypto/pkcs7/pkcs7.h
@@ -260,6 +260,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
#define PKCS7_BINARY 0x80
#define PKCS7_NOATTR 0x100
#define PKCS7_NOSMIMECAP 0x200
+#define PKCS7_NOOLDMIMETYPE 0x400
+#define PKCS7_CRLFEOL 0x800
/* Flags: for compatibility with older code */
diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/openssl/crypto/rand/rand_win.c
index 113b58678f38..263068d25699 100644
--- a/crypto/openssl/crypto/rand/rand_win.c
+++ b/crypto/openssl/crypto/rand/rand_win.c
@@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -431,7 +432,7 @@ int RAND_poll(void)
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+ * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
@@ -440,6 +441,7 @@ int RAND_poll(void)
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
+ CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
@@ -457,6 +459,8 @@ int RAND_poll(void)
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
+ close_snap = (CLOSETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
@@ -472,7 +476,7 @@ int RAND_poll(void)
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
- != NULL)
+ != INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
@@ -534,8 +538,10 @@ int RAND_poll(void)
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m));
-
- CloseHandle(handle);
+ if (close_snap)
+ close_snap(handle);
+ else
+ CloseHandle(handle);
}
FreeLibrary(kernel);
diff --git a/crypto/openssl/crypto/rsa/Makefile.ssl b/crypto/openssl/crypto/rsa/Makefile.ssl
index 605d48800572..ce3f818e5b62 100644
--- a/crypto/openssl/crypto/rsa/Makefile.ssl
+++ b/crypto/openssl/crypto/rsa/Makefile.ssl
@@ -104,14 +104,12 @@ rsa_chk.o: rsa_chk.c
rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -217,21 +215,21 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h
index b2e25e4e7c71..62fa745f79e3 100644
--- a/crypto/openssl/crypto/rsa/rsa.h
+++ b/crypto/openssl/crypto/rsa/rsa.h
@@ -170,6 +170,12 @@ struct rsa_st
*/
#define RSA_FLAG_SIGN_VER 0x40
+#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index e4bcf499d064..e0d286266e0c 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -61,9 +61,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
#ifndef RSA_NULL
@@ -208,12 +205,46 @@ static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
#define BLINDING_HELPER(rsa, ctx, err_instr) \
do { \
- if(((rsa)->flags & RSA_FLAG_BLINDING) && \
- ((rsa)->blinding == NULL) && \
- !rsa_eay_blinding(rsa, ctx)) \
- err_instr \
+ if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
} while(0)
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ BIGNUM *A, *Ai;
+ BN_BLINDING *ret = NULL;
+
+ /* added in OpenSSL 0.9.6j and 0.9.7b */
+
+ /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
+ * this should be placed in a new function of its own, but for reasons
+ * of binary compatibility can't */
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+ {
+ /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+ if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+ }
+ else
+ {
+ if (!BN_rand_range(A,rsa->n)) goto err;
+ }
+ if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+ if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+ goto err;
+ ret = BN_BLINDING_new(A,Ai,rsa->n);
+ BN_free(Ai);
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -222,6 +253,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
BN_init(&f);
BN_init(&ret);
@@ -259,9 +292,38 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
}
BLINDING_HELPER(rsa, ctx, goto err;);
+ blinding = rsa->blinding;
+
+ /* Now unless blinding is disabled, 'blinding' is non-NULL.
+ * But the BN_BLINDING object may be owned by some other thread
+ * (we don't want to keep it constant and we don't want to use
+ * lots of locking to avoid race conditions, so only a single
+ * thread can use it; other threads have to use local blinding
+ * factors) */
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+ {
+ if (blinding == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ {
+ if (blinding->thread_id != CRYPTO_thread_id())
+ {
+ /* we need a local one-time blinding factor */
- if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ blinding = setup_blinding(rsa, ctx);
+ if (blinding == NULL)
+ goto err;
+ local_blinding = 1;
+ }
+ }
+
+ if (blinding)
+ if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
((rsa->p != NULL) &&
@@ -275,8 +337,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
- if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+ if (blinding)
+ if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
@@ -290,6 +352,8 @@ err:
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&ret);
BN_clear_free(&f);
+ if (local_blinding)
+ BN_BLINDING_free(blinding);
if (buf != NULL)
{
OPENSSL_cleanse(buf,num);
@@ -306,6 +370,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
BN_init(&f);
BN_init(&ret);
@@ -338,9 +404,38 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
}
BLINDING_HELPER(rsa, ctx, goto err;);
+ blinding = rsa->blinding;
+
+ /* Now unless blinding is disabled, 'blinding' is non-NULL.
+ * But the BN_BLINDING object may be owned by some other thread
+ * (we don't want to keep it constant and we don't want to use
+ * lots of locking to avoid race conditions, so only a single
+ * thread can use it; other threads have to use local blinding
+ * factors) */
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+ {
+ if (blinding == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ {
+ if (blinding->thread_id != CRYPTO_thread_id())
+ {
+ /* we need a local one-time blinding factor */
+
+ blinding = setup_blinding(rsa, ctx);
+ if (blinding == NULL)
+ goto err;
+ local_blinding = 1;
+ }
+ }
- if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ if (blinding)
+ if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
/* do the decrypt */
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -356,8 +451,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+ if (blinding)
+ if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
p=buf;
j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
@@ -389,6 +484,8 @@ err:
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&f);
BN_clear_free(&ret);
+ if (local_blinding)
+ BN_BLINDING_free(blinding);
if (buf != NULL)
{
OPENSSL_cleanse(buf,num);
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index f234ae0748ca..e4d622851eed 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -62,6 +62,7 @@
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -74,10 +75,6 @@ RSA *RSA_new(void)
{
RSA *r=RSA_new_method(NULL);
-#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
- r->flags|=RSA_FLAG_BLINDING;
-#endif
-
return r;
}
@@ -313,12 +310,13 @@ void RSA_blinding_off(RSA *rsa)
BN_BLINDING_free(rsa->blinding);
rsa->blinding=NULL;
}
- rsa->flags&= ~RSA_FLAG_BLINDING;
+ rsa->flags &= ~RSA_FLAG_BLINDING;
+ rsa->flags |= RSA_FLAG_NO_BLINDING;
}
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
{
- BIGNUM *A,*Ai;
+ BIGNUM *A,*Ai = NULL;
BN_CTX *ctx;
int ret=0;
@@ -329,21 +327,42 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
else
ctx=p_ctx;
+ /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
if (rsa->blinding != NULL)
+ {
BN_BLINDING_free(rsa->blinding);
+ rsa->blinding = NULL;
+ }
+
+ /* NB: similar code appears in setup_blinding (rsa_eay.c);
+ * this should be placed in a new function of its own, but for reasons
+ * of binary compatibility can't */
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
- if (!BN_rand_range(A,rsa->n)) goto err;
+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+ {
+ /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+ if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+ }
+ else
+ {
+ if (!BN_rand_range(A,rsa->n)) goto err;
+ }
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
- goto err;
- rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
- rsa->flags|=RSA_FLAG_BLINDING;
- BN_free(Ai);
+ goto err;
+ if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
+ /* to make things thread-safe without excessive locking,
+ * rsa->blinding will be used just by the current thread: */
+ rsa->blinding->thread_id = CRYPTO_thread_id();
+ rsa->flags |= RSA_FLAG_BLINDING;
+ rsa->flags &= ~RSA_FLAG_NO_BLINDING;
ret=1;
err:
+ if (Ai != NULL) BN_free(Ai);
BN_CTX_end(ctx);
if (ctx != p_ctx) BN_CTX_free(ctx);
return(ret);
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 9dd62ac956ba..8a1e642183c4 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -62,9 +62,6 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@@ -79,12 +76,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
-#ifndef OPENSSL_NO_ENGINE
- if((rsa->flags & RSA_FLAG_SIGN_VER)
- && ENGINE_get_RSA(rsa->engine)->rsa_sign)
- return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
- m, m_len, sigret, siglen, rsa);
-#endif
+ if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+ {
+ return rsa->meth->rsa_sign(type, m, m_len,
+ sigret, siglen, rsa);
+ }
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
@@ -159,12 +155,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
return(0);
}
-#ifndef OPENSSL_NO_ENGINE
- if((rsa->flags & RSA_FLAG_SIGN_VER)
- && ENGINE_get_RSA(rsa->engine)->rsa_verify)
- return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
- m, m_len, sigbuf, siglen, rsa);
-#endif
+ if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+ {
+ return rsa->meth->rsa_verify(dtype, m, m_len,
+ sigbuf, siglen, rsa);
+ }
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c
index 99abb1fde782..924e9ad1f6c0 100644
--- a/crypto/openssl/crypto/rsa/rsa_test.c
+++ b/crypto/openssl/crypto/rsa/rsa_test.c
@@ -16,9 +16,6 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/rsa.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
index 7142e4edc77c..54d598565d53 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -86,11 +86,6 @@
#include <openssl/err.h>
#include <openssl/rand.h>
-#ifdef OPENSSL_NO_FP_API
-#define APPS_WIN16
-#include "../buffer/bss_file.c"
-#endif
-
#define TEST_SERVER_CERT "../../apps/server.pem"
#define TEST_CLIENT_CERT "../../apps/client.pem"
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
index 22be90cdcd91..b4b04183d071 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -285,7 +285,8 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
if(itmp->x509) {
X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
count++;
- } else if(itmp->crl) {
+ }
+ if(itmp->crl) {
X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
count++;
}
diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/openssl/crypto/x509/x509_trs.c
index 17d69ac005b1..881252608d1f 100644
--- a/crypto/openssl/crypto/x509/x509_trs.c
+++ b/crypto/openssl/crypto/x509/x509_trs.c
@@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = {
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
};
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 552d1e72516e..2bb21b443ec0 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
return 1;
if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
- last = 0;
- else
last = sk_X509_num(ctx->chain) - 1;
+ else
+ last = 0;
for(i = 0; i <= last; i++)
{
ctx->error_depth = i;
@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
- if (X509_verify(xs,pkey) <= 0)
+ else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/openssl/crypto/x509/x509type.c
index 8e78b344581e..f78c2a6b4380 100644
--- a/crypto/openssl/crypto/x509/x509type.c
+++ b/crypto/openssl/crypto/x509/x509type.c
@@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
case EVP_PKEY_RSA:
ret|=EVP_PKS_RSA;
break;
- case EVP_PKS_DSA:
+ case EVP_PKEY_DSA:
ret|=EVP_PKS_DSA;
break;
default:
break;
}
- if (EVP_PKEY_size(pk) <= 512)
+ if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+ for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c
index 1a3448e12172..1284d5aaa54f 100644
--- a/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
static int v3_check_generic(char **value)
{
char *p = *value;
- if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+ if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
p+=4;
while (isspace((unsigned char)*p)) p++;
*value = p;
diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c
index 0d4ab1f68031..0d554f3a2c97 100644
--- a/crypto/openssl/crypto/x509v3/v3_cpols.c
+++ b/crypto/openssl/crypto/x509v3/v3_cpols.c
@@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org);
-static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
X509V3_EXT_METHOD v3_cpols = {
NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
if(!qual) goto err;
+ if(!pol->qualifiers) pol->qualifiers =
+ sk_POLICYQUALINFO_new_null();
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
goto merr;
} else {
@@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org)
{
- int i;
+ int i, ret;
CONF_VALUE *cnf;
USERNOTICE *not;
POLICYQUALINFO *qual;
@@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
if(!(nref = NOTICEREF_new())) goto merr;
not->noticeref = nref;
} else nref = not->noticeref;
- if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
- else nref->organization = M_ASN1_VISIBLESTRING_new();
+ if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
+ else nref->organization->type = V_ASN1_VISIBLESTRING;
if(!ASN1_STRING_set(nref->organization, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
X509V3_conf_err(cnf);
goto err;
}
- nref->noticenos = nref_nos(nos);
+ ret = nref_nos(nref->noticenos, nos);
sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
- if(!nref->noticenos) goto err;
+ if (!ret)
+ goto err;
} else {
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-
X509V3_conf_err(cnf);
goto err;
}
@@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
return NULL;
}
-static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
{
- STACK_OF(ASN1_INTEGER) *nnums;
CONF_VALUE *cnf;
ASN1_INTEGER *aint;
int i;
- if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
cnf = sk_CONF_VALUE_value(nos, i);
if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
}
if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
}
- return nnums;
+ return 1;
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
err:
sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
- return NULL;
+ return 0;
}
diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/openssl/crypto/x509v3/v3_lib.c
index 482ca8ccf5d5..ca5a4a4a5709 100644
--- a/crypto/openssl/crypto/x509v3/v3_lib.c
+++ b/crypto/openssl/crypto/x509v3/v3_lib.c
@@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
if(OBJ_obj2nid(ex->object) == nid) {
if(idx) {
*idx = i;
+ found_ex = ex;
break;
} else if(found_ex) {
/* Found more than one */
diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/openssl/crypto/x509v3/v3_prn.c
index aeaf6170fe44..5d268eb7682c 100644
--- a/crypto/openssl/crypto/x509v3/v3_prn.c
+++ b/crypto/openssl/crypto/x509v3/v3_prn.c
@@ -178,13 +178,13 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
ex=sk_X509_EXTENSION_value(exts, i);
- if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+ if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
obj=X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp,obj);
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
return 0;
- if(!X509V3_EXT_print(bp, ex, flag, 12))
+ if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
{
BIO_printf(bp, "%*s", indent + 4, "");
M_ASN1_OCTET_STRING_print(bp,ex->value);