diff options
Diffstat (limited to 'crypto')
804 files changed, 173958 insertions, 170246 deletions
diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c index b004cd99e8ab..bead6abd7156 100644 --- a/crypto/LPdir_unix.c +++ b/crypto/LPdir_unix.c @@ -1,4 +1,7 @@ -/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */ +/* + * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp + * $ + */ /* * Copyright (c) 2004, Richard Levitte <richard@levitte.org> * All rights reserved. @@ -11,7 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -33,95 +36,91 @@ #include <dirent.h> #include <errno.h> #ifndef LPDIR_H -#include "LPdir.h" +# include "LPdir.h" #endif -/* The POSIXly macro for the maximum number of characters in a file path - is NAME_MAX. However, some operating systems use PATH_MAX instead. - Therefore, it seems natural to first check for PATH_MAX and use that, - and if it doesn't exist, use NAME_MAX. */ +/* + * The POSIXly macro for the maximum number of characters in a file path is + * NAME_MAX. However, some operating systems use PATH_MAX instead. + * Therefore, it seems natural to first check for PATH_MAX and use that, and + * if it doesn't exist, use NAME_MAX. + */ #if defined(PATH_MAX) # define LP_ENTRY_SIZE PATH_MAX #elif defined(NAME_MAX) # define LP_ENTRY_SIZE NAME_MAX #endif -/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX - exist. It's also possible that NAME_MAX exists but is define to a - very small value (HP-UX offers 14), so we need to check if we got a - result, and if it meets a minimum standard, and create or change it - if not. */ +/* + * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX + * exist. It's also possible that NAME_MAX exists but is define to a very + * small value (HP-UX offers 14), so we need to check if we got a result, and + * if it meets a minimum standard, and create or change it if not. + */ #if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 # undef LP_ENTRY_SIZE # define LP_ENTRY_SIZE 255 #endif -struct LP_dir_context_st -{ - DIR *dir; - char entry_name[LP_ENTRY_SIZE+1]; +struct LP_dir_context_st { + DIR *dir; + char entry_name[LP_ENTRY_SIZE + 1]; }; const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) { - struct dirent *direntry = NULL; + struct dirent *direntry = NULL; - if (ctx == NULL || directory == NULL) - { - errno = EINVAL; - return 0; + if (ctx == NULL || directory == NULL) { + errno = EINVAL; + return 0; } - errno = 0; - if (*ctx == NULL) - { - *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); - if (*ctx == NULL) - { - errno = ENOMEM; - return 0; - } - memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + errno = 0; + if (*ctx == NULL) { + *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + if (*ctx == NULL) { + errno = ENOMEM; + return 0; + } + memset(*ctx, '\0', sizeof(LP_DIR_CTX)); - (*ctx)->dir = opendir(directory); - if ((*ctx)->dir == NULL) - { - int save_errno = errno; /* Probably not needed, but I'm paranoid */ - free(*ctx); - *ctx = NULL; - errno = save_errno; - return 0; - } + (*ctx)->dir = opendir(directory); + if ((*ctx)->dir == NULL) { + int save_errno = errno; /* Probably not needed, but I'm paranoid */ + free(*ctx); + *ctx = NULL; + errno = save_errno; + return 0; + } } - direntry = readdir((*ctx)->dir); - if (direntry == NULL) - { - return 0; + direntry = readdir((*ctx)->dir); + if (direntry == NULL) { + return 0; } - strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); - (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; - return (*ctx)->entry_name; + strncpy((*ctx)->entry_name, direntry->d_name, + sizeof((*ctx)->entry_name) - 1); + (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; + return (*ctx)->entry_name; } int LP_find_file_end(LP_DIR_CTX **ctx) { - if (ctx != NULL && *ctx != NULL) - { - int ret = closedir((*ctx)->dir); + if (ctx != NULL && *ctx != NULL) { + int ret = closedir((*ctx)->dir); - free(*ctx); - switch (ret) - { - case 0: - return 1; - case -1: - return 0; - default: - break; - } + free(*ctx); + switch (ret) { + case 0: + return 1; + case -1: + return 0; + default: + break; + } } - errno = EINVAL; - return 0; + errno = EINVAL; + return 0; } diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 031abf01b50c..87bf60f6f2bf 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -50,23 +50,25 @@ */ #ifndef HEADER_AES_H -#define HEADER_AES_H +# define HEADER_AES_H -#include <openssl/opensslconf.h> +# include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_AES -#error AES is disabled. -#endif +# ifdef OPENSSL_NO_AES +# error AES is disabled. +# endif -#include <stddef.h> +# include <stddef.h> -#define AES_ENCRYPT 1 -#define AES_DECRYPT 0 +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 -/* Because array size can't be a const in C, the following two are macros. - Both sizes are in bytes. */ -#define AES_MAXNR 14 -#define AES_BLOCK_SIZE 16 +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 #ifdef __cplusplus extern "C" { @@ -74,11 +76,11 @@ extern "C" { /* This should be a hidden type, but EVP requires that the size be known */ struct aes_key_st { -#ifdef AES_LONG - unsigned long rd_key[4 *(AES_MAXNR + 1)]; -#else - unsigned int rd_key[4 *(AES_MAXNR + 1)]; -#endif +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif int rounds; }; typedef struct aes_key_st AES_KEY; @@ -86,62 +88,62 @@ typedef struct aes_key_st AES_KEY; const char *AES_options(void); int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc); + const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], - unsigned int *num); + size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); /* NB: the IV is _four_ blocks long */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - const AES_KEY *key2, const unsigned char *ivec, - const int enc); + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); int AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen); + unsigned char *out, + const unsigned char *in, unsigned int inlen); int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen); + unsigned char *out, + const unsigned char *in, unsigned int inlen); #ifdef __cplusplus } #endif -#endif /* !HEADER_AES_H */ +#endif /* !HEADER_AES_H */ diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 227f75625dba..e39231f17cb8 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,11 +53,14 @@ #include <openssl/modes.h> void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int enc) { + size_t len, const AES_KEY *key, + unsigned char *ivec, const int enc) +{ - if (enc) - CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt); - else - CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt); + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f) AES_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f) AES_decrypt); } diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c index 0c6d058ce729..1c79ce2dbaa1 100644 --- a/crypto/aes/aes_cfb.c +++ b/crypto/aes/aes_cfb.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,30 +52,34 @@ #include <openssl/aes.h> #include <openssl/modes.h> -/* The input and output encrypted as though 128bit cfb mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; +/* + * The input and output encrypted as though 128bit cfb mode is being used. + * The extra state information to record how much of the 128bit block we have + * used is contained in *num; */ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) { + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ - CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) AES_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) - { - CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); - } + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) AES_encrypt); +} void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) - { - CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); - } - + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) AES_encrypt); +} diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 8f5210ac70a9..2ddb0860d78a 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -40,7 +40,7 @@ #include "aes_locl.h" #ifndef AES_ASM -/* +/*- Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; Te2[x] = S [x].[01, 03, 02, 01]; @@ -617,161 +617,163 @@ static const u8 Td4[256] = { 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, }; static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; /** * Expand the cipher key into the encryption key schedule. */ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { + AES_KEY *key) +{ - u32 *rk; - int i = 0; - u32 temp; + u32 *rk; + int i = 0; + u32 temp; - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; - rk = key->rd_key; + rk = key->rd_key; - if (bits==128) - key->rounds = 10; - else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; + if (bits==128) + key->rounds = 10; + else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te2[(temp >> 24) ] & 0xff000000) ^ - (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[0] = GETU32(userKey ); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te2[(temp >> 24) ] & 0xff000000) ^ + (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; - rk += 8; - } - } - return 0; + rk += 8; + } + } + return 0; } /** * Expand the cipher key into the decryption key schedule. */ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { + AES_KEY *key) +{ - u32 *rk; - int i, j, status; - u32 temp; + u32 *rk; + int i, j, status; + u32 temp; - /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; + /* first, start with an encryption schedule */ + status = private_AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; - rk = key->rd_key; + rk = key->rd_key; - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - rk[0] = - Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[3] ) & 0xff] & 0xff]; - } - return 0; + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + rk[0] = + Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[0] ) & 0xff] & 0xff]; + rk[1] = + Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[1] ) & 0xff] & 0xff]; + rk[2] = + Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[2] ) & 0xff] & 0xff]; + rk[3] = + Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[3] ) & 0xff] & 0xff]; + } + return 0; } /* @@ -779,71 +781,71 @@ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, * in and out can overlap */ void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { + const AES_KEY *key) { - const u32 *rk; - u32 s0, s1, s2, s3, t0, t1, t2, t3; + const u32 *rk; + u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL - int r; + int r; #endif /* ?FULL_UNROLL */ - assert(in && out && key); - rk = key->rd_key; + assert(in && out && key); + rk = key->rd_key; - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; #ifdef FULL_UNROLL - /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + /* round 1: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (key->rounds > 10) { /* round 10: */ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; @@ -932,37 +934,37 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, } #endif /* ?FULL_UNROLL */ /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te2[(t0 >> 24) ] & 0xff000000) ^ - (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); - s1 = - (Te2[(t1 >> 24) ] & 0xff000000) ^ - (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - (Te2[(t2 >> 24) ] & 0xff000000) ^ - (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - (Te2[(t3 >> 24) ] & 0xff000000) ^ - (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(out + 12, s3); + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te2[(t0 >> 24) ] & 0xff000000) ^ + (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(out , s0); + s1 = + (Te2[(t1 >> 24) ] & 0xff000000) ^ + (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = + (Te2[(t2 >> 24) ] & 0xff000000) ^ + (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = + (Te2[(t3 >> 24) ] & 0xff000000) ^ + (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(out + 12, s3); } /* @@ -970,21 +972,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, * in and out can overlap */ void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { + const AES_KEY *key) +{ - const u32 *rk; - u32 s0, s1, s2, s3, t0, t1, t2, t3; + const u32 *rk; + u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL - int r; + int r; #endif /* ?FULL_UNROLL */ - assert(in && out && key); - rk = key->rd_key; + assert(in && out && key); + rk = key->rd_key; - /* - * map byte array block to cipher state - * and add initial round key: - */ + /* + * map byte array block to cipher state + * and add initial round key: + */ s0 = GETU32(in ) ^ rk[0]; s1 = GETU32(in + 4) ^ rk[1]; s2 = GETU32(in + 8) ^ rk[2]; @@ -1059,7 +1062,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; } } - rk += key->rounds << 2; + rk += key->rounds << 2; #else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: @@ -1123,37 +1126,37 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, } #endif /* ?FULL_UNROLL */ /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24) ] << 24) ^ - (Td4[(t3 >> 16) & 0xff] << 16) ^ - (Td4[(t2 >> 8) & 0xff] << 8) ^ - (Td4[(t1 ) & 0xff]) ^ - rk[0]; - PUTU32(out , s0); - s1 = - (Td4[(t1 >> 24) ] << 24) ^ - (Td4[(t0 >> 16) & 0xff] << 16) ^ - (Td4[(t3 >> 8) & 0xff] << 8) ^ - (Td4[(t2 ) & 0xff]) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - (Td4[(t2 >> 24) ] << 24) ^ - (Td4[(t1 >> 16) & 0xff] << 16) ^ - (Td4[(t0 >> 8) & 0xff] << 8) ^ - (Td4[(t3 ) & 0xff]) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - (Td4[(t3 >> 24) ] << 24) ^ - (Td4[(t2 >> 16) & 0xff] << 16) ^ - (Td4[(t1 >> 8) & 0xff] << 8) ^ - (Td4[(t0 ) & 0xff]) ^ - rk[3]; - PUTU32(out + 12, s3); + * apply last round and + * map cipher state to byte array block: + */ + s0 = + ((u32)Td4[(t0 >> 24) ] << 24) ^ + ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t1 ) & 0xff]) ^ + rk[0]; + PUTU32(out , s0); + s1 = + ((u32)Td4[(t1 >> 24) ] << 24) ^ + ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t2 ) & 0xff]) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = + ((u32)Td4[(t2 >> 24) ] << 24) ^ + ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t3 ) & 0xff]) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = + ((u32)Td4[(t3 >> 24) ] << 24) ^ + ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t0 ) & 0xff]) ^ + rk[3]; + PUTU32(out + 12, s3); } #else /* AES_ASM */ @@ -1193,166 +1196,168 @@ static const u8 Te4[256] = { 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U }; static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; /** * Expand the cipher key into the encryption key schedule. */ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { - u32 *rk; + AES_KEY *key) +{ + u32 *rk; int i = 0; - u32 temp; + u32 temp; - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; - rk = key->rd_key; + rk = key->rd_key; - if (bits==128) - key->rounds = 10; - else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; + if (bits==128) + key->rounds = 10; + else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] << 24) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp ) & 0xff]); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[0] = GETU32(userKey ); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + ((u32)Te4[(temp >> 24) ] << 24) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp ) & 0xff]); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; - rk += 8; - } - } - return 0; + rk += 8; + } + } + return 0; } /** * Expand the cipher key into the decryption key schedule. */ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { + AES_KEY *key) +{ - u32 *rk; - int i, j, status; - u32 temp; + u32 *rk; + int i, j, status; + u32 temp; - /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; + /* first, start with an encryption schedule */ + status = private_AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; - rk = key->rd_key; + rk = key->rd_key; - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + for (j = 0; j < 4; j++) { + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; + tp1 = rk[j]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,24) ^ ROTATE(tpb,8); + rk[j] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,24) ^ ROTATE(tpb,8); #else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 8) ^ (tp9 << 24) ^ - (tpb >> 24) ^ (tpb << 8); + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 8) ^ (tp9 << 24) ^ + (tpb >> 24) ^ (tpb << 8); #endif - } - } - return 0; + } + } + return 0; } #endif /* AES_ASM */ diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 7c9d165d8adb..3ee382299881 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,9 +53,11 @@ #include <openssl/modes.h> void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], - unsigned int *num) { - CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt); + size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num) +{ + CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, + (block128_f) AES_encrypt); } diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 28aa561c2d89..2e0d20ca224e 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,14 +60,14 @@ #include "aes_locl.h" void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc) { + const AES_KEY *key, const int enc) +{ - assert(in && out && key); - assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); + assert(in && out && key); + assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - if (AES_ENCRYPT == enc) - AES_encrypt(in, out, key); - else - AES_decrypt(in, out, key); + if (AES_ENCRYPT == enc) + AES_encrypt(in, out, key); + else + AES_decrypt(in, out, key); } - diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index c161351e6545..cf31c9bba44a 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,152 +56,147 @@ #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) typedef struct { - unsigned long data[N_WORDS]; + unsigned long data[N_WORDS]; } aes_block_t; /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) -#define UNALIGNED_MEMOPS_ARE_FAST 1 +# define UNALIGNED_MEMOPS_ARE_FAST 1 #else -#define UNALIGNED_MEMOPS_ARE_FAST 0 +# define UNALIGNED_MEMOPS_ARE_FAST 0 #endif #if UNALIGNED_MEMOPS_ARE_FAST -#define load_block(d, s) (d) = *(const aes_block_t *)(s) -#define store_block(d, s) *(aes_block_t *)(d) = (s) +# define load_block(d, s) (d) = *(const aes_block_t *)(s) +# define store_block(d, s) *(aes_block_t *)(d) = (s) #else -#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) -#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) +# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) +# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) #endif /* N.B. The IV for this mode is _twice_ the block size */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc) - { - size_t n; - size_t len = length; + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc) +{ + size_t n; + size_t len = length; - OPENSSL_assert(in && out && key && ivec); - OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); + OPENSSL_assert(in && out && key && ivec); + OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); + OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - len = length / AES_BLOCK_SIZE; + len = length / AES_BLOCK_SIZE; - if (AES_ENCRYPT == enc) - { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) - { - aes_block_t *ivp = (aes_block_t *)ivec; - aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + if (AES_ENCRYPT == enc) { + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST + || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == + 0)) { + aes_block_t *ivp = (aes_block_t *) ivec; + aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - while (len) - { - aes_block_t *inp = (aes_block_t *)in; - aes_block_t *outp = (aes_block_t *)out; + while (len) { + aes_block_t *inp = (aes_block_t *) in; + aes_block_t *outp = (aes_block_t *) out; - for(n=0 ; n < N_WORDS; ++n) - outp->data[n] = inp->data[n] ^ ivp->data[n]; - AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); - for(n=0 ; n < N_WORDS; ++n) - outp->data[n] ^= iv2p->data[n]; - ivp = outp; - iv2p = inp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); - } - else - { - aes_block_t tmp, tmp2; - aes_block_t iv; - aes_block_t iv2; + for (n = 0; n < N_WORDS; ++n) + outp->data[n] = inp->data[n] ^ ivp->data[n]; + AES_encrypt((unsigned char *)outp->data, + (unsigned char *)outp->data, key); + for (n = 0; n < N_WORDS; ++n) + outp->data[n] ^= iv2p->data[n]; + ivp = outp; + iv2p = inp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } else { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; - load_block(iv, ivec); - load_block(iv2, ivec + AES_BLOCK_SIZE); + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); - while (len) - { - load_block(tmp, in); - for(n=0 ; n < N_WORDS; ++n) - tmp2.data[n] = tmp.data[n] ^ iv.data[n]; - AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); - for(n=0 ; n < N_WORDS; ++n) - tmp2.data[n] ^= iv2.data[n]; - store_block(out, tmp2); - iv = tmp2; - iv2 = tmp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, iv.data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); - } - } - else - { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) - { - aes_block_t *ivp = (aes_block_t *)ivec; - aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + while (len) { + load_block(tmp, in); + for (n = 0; n < N_WORDS; ++n) + tmp2.data[n] = tmp.data[n] ^ iv.data[n]; + AES_encrypt((unsigned char *)tmp2.data, + (unsigned char *)tmp2.data, key); + for (n = 0; n < N_WORDS; ++n) + tmp2.data[n] ^= iv2.data[n]; + store_block(out, tmp2); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); + } + } else { + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST + || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == + 0)) { + aes_block_t *ivp = (aes_block_t *) ivec; + aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - while (len) - { - aes_block_t tmp; - aes_block_t *inp = (aes_block_t *)in; - aes_block_t *outp = (aes_block_t *)out; + while (len) { + aes_block_t tmp; + aes_block_t *inp = (aes_block_t *) in; + aes_block_t *outp = (aes_block_t *) out; - for(n=0 ; n < N_WORDS; ++n) - tmp.data[n] = inp->data[n] ^ iv2p->data[n]; - AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); - for(n=0 ; n < N_WORDS; ++n) - outp->data[n] ^= ivp->data[n]; - ivp = inp; - iv2p = outp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); - } - else - { - aes_block_t tmp, tmp2; - aes_block_t iv; - aes_block_t iv2; + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] = inp->data[n] ^ iv2p->data[n]; + AES_decrypt((unsigned char *)tmp.data, + (unsigned char *)outp->data, key); + for (n = 0; n < N_WORDS; ++n) + outp->data[n] ^= ivp->data[n]; + ivp = inp; + iv2p = outp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } else { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; - load_block(iv, ivec); - load_block(iv2, ivec + AES_BLOCK_SIZE); + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); - while (len) - { - load_block(tmp, in); - tmp2 = tmp; - for(n=0 ; n < N_WORDS; ++n) - tmp.data[n] ^= iv2.data[n]; - AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); - for(n=0 ; n < N_WORDS; ++n) - tmp.data[n] ^= iv.data[n]; - store_block(out, tmp); - iv = tmp2; - iv2 = tmp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, iv.data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); - } - } - } + while (len) { + load_block(tmp, in); + tmp2 = tmp; + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] ^= iv2.data[n]; + AES_decrypt((unsigned char *)tmp.data, + (unsigned char *)tmp.data, key); + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] ^= iv.data[n]; + store_block(out, tmp); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); + } + } +} /* * Note that its effectively impossible to do biIGE in anything other @@ -211,113 +206,118 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, /* N.B. The IV for this mode is _four times_ the block size */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - const AES_KEY *key2, const unsigned char *ivec, - const int enc) - { - size_t n; - size_t len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - unsigned char prev[AES_BLOCK_SIZE]; - const unsigned char *iv; - const unsigned char *iv2; + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc) +{ + size_t n; + size_t len = length; + unsigned char tmp[AES_BLOCK_SIZE]; + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; + unsigned char prev[AES_BLOCK_SIZE]; + const unsigned char *iv; + const unsigned char *iv2; - OPENSSL_assert(in && out && key && ivec); - OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); + OPENSSL_assert(in && out && key && ivec); + OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); + OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - if (AES_ENCRYPT == enc) - { - /* XXX: Do a separate case for when in != out (strictly should - check for overlap, too) */ + if (AES_ENCRYPT == enc) { + /* + * XXX: Do a separate case for when in != out (strictly should check + * for overlap, too) + */ - /* First the forward pass */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - while (len >= AES_BLOCK_SIZE) - { - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] = in[n] ^ iv[n]; - AES_encrypt(out, out, key); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv2[n]; - iv = out; - memcpy(prev, in, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } + /* First the forward pass */ + iv = ivec; + iv2 = ivec + AES_BLOCK_SIZE; + while (len >= AES_BLOCK_SIZE) { + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] = in[n] ^ iv[n]; + AES_encrypt(out, out, key); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv2[n]; + iv = out; + memcpy(prev, in, AES_BLOCK_SIZE); + iv2 = prev; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } - /* And now backwards */ - iv = ivec + AES_BLOCK_SIZE*2; - iv2 = ivec + AES_BLOCK_SIZE*3; - len = length; - while(len >= AES_BLOCK_SIZE) - { - out -= AES_BLOCK_SIZE; - /* XXX: reduce copies by alternating between buffers */ - memcpy(tmp, out, AES_BLOCK_SIZE); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv[n]; - /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ - AES_encrypt(out, out, key); - /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv2[n]; - /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ - iv = out; - memcpy(prev, tmp, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - } - } - else - { - /* First backwards */ - iv = ivec + AES_BLOCK_SIZE*2; - iv2 = ivec + AES_BLOCK_SIZE*3; - in += length; - out += length; - while (len >= AES_BLOCK_SIZE) - { - in -= AES_BLOCK_SIZE; - out -= AES_BLOCK_SIZE; - memcpy(tmp, in, AES_BLOCK_SIZE); - memcpy(tmp2, in, AES_BLOCK_SIZE); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - } + /* And now backwards */ + iv = ivec + AES_BLOCK_SIZE * 2; + iv2 = ivec + AES_BLOCK_SIZE * 3; + len = length; + while (len >= AES_BLOCK_SIZE) { + out -= AES_BLOCK_SIZE; + /* + * XXX: reduce copies by alternating between buffers + */ + memcpy(tmp, out, AES_BLOCK_SIZE); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + /* + * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); + */ + AES_encrypt(out, out, key); + /* + * hexdump(stdout,"enc", out, AES_BLOCK_SIZE); + */ + /* + * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); + */ + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv2[n]; + /* + * hexdump(stdout,"out", out, AES_BLOCK_SIZE); + */ + iv = out; + memcpy(prev, tmp, AES_BLOCK_SIZE); + iv2 = prev; + len -= AES_BLOCK_SIZE; + } + } else { + /* First backwards */ + iv = ivec + AES_BLOCK_SIZE * 2; + iv2 = ivec + AES_BLOCK_SIZE * 3; + in += length; + out += length; + while (len >= AES_BLOCK_SIZE) { + in -= AES_BLOCK_SIZE; + out -= AES_BLOCK_SIZE; + memcpy(tmp, in, AES_BLOCK_SIZE); + memcpy(tmp2, in, AES_BLOCK_SIZE); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + tmp[n] ^= iv2[n]; + AES_decrypt(tmp, out, key); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + memcpy(tmp3, tmp2, AES_BLOCK_SIZE); + iv = tmp3; + iv2 = out; + len -= AES_BLOCK_SIZE; + } - /* And now forwards */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - len = length; - while (len >= AES_BLOCK_SIZE) - { - memcpy(tmp, out, AES_BLOCK_SIZE); - memcpy(tmp2, out, AES_BLOCK_SIZE); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - } - } + /* And now forwards */ + iv = ivec; + iv2 = ivec + AES_BLOCK_SIZE; + len = length; + while (len >= AES_BLOCK_SIZE) { + memcpy(tmp, out, AES_BLOCK_SIZE); + memcpy(tmp2, out, AES_BLOCK_SIZE); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + tmp[n] ^= iv2[n]; + AES_decrypt(tmp, out, key); + for (n = 0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + memcpy(tmp3, tmp2, AES_BLOCK_SIZE); + iv = tmp3; + iv2 = out; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + } +} diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h index 054b442d416f..fabfd02ac095 100644 --- a/crypto/aes/aes_locl.h +++ b/crypto/aes/aes_locl.h @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -50,40 +50,40 @@ */ #ifndef HEADER_AES_LOCL_H -#define HEADER_AES_LOCL_H +# define HEADER_AES_LOCL_H -#include <openssl/e_os2.h> +# include <openssl/e_os2.h> -#ifdef OPENSSL_NO_AES -#error AES is disabled. -#endif +# ifdef OPENSSL_NO_AES +# error AES is disabled. +# endif -#include <stdio.h> -#include <stdlib.h> -#include <string.h> +# include <stdio.h> +# include <stdlib.h> +# include <string.h> -#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif +# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +# else +# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +# endif -#ifdef AES_LONG +# ifdef AES_LONG typedef unsigned long u32; -#else +# else typedef unsigned int u32; -#endif +# endif typedef unsigned short u16; typedef unsigned char u8; -#define MAXKC (256/32) -#define MAXKB (256/8) -#define MAXNR 14 +# define MAXKC (256/32) +# define MAXKB (256/8) +# define MAXNR 14 /* This controls loop-unrolling in aes_core.c */ -#undef FULL_UNROLL +# undef FULL_UNROLL -#endif /* !HEADER_AES_LOCL_H */ +#endif /* !HEADER_AES_LOCL_H */ diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c index f083488ecb34..ab948ad85eb4 100644 --- a/crypto/aes/aes_misc.c +++ b/crypto/aes/aes_misc.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -54,32 +54,33 @@ #include <openssl/aes.h> #include "aes_locl.h" -const char AES_version[]="AES" OPENSSL_VERSION_PTEXT; +const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; -const char *AES_options(void) { +const char *AES_options(void) +{ #ifdef FULL_UNROLL - return "aes(full)"; -#else - return "aes(partial)"; + return "aes(full)"; +#else + return "aes(partial)"; #endif } /* FIPS wrapper functions to block low level AES calls in FIPS mode */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) - { + AES_KEY *key) +{ #ifdef OPENSSL_FIPS - fips_cipher_abort(AES); + fips_cipher_abort(AES); #endif - return private_AES_set_encrypt_key(userKey, bits, key); - } + return private_AES_set_encrypt_key(userKey, bits, key); +} int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) - { + AES_KEY *key) +{ #ifdef OPENSSL_FIPS - fips_cipher_abort(AES); + fips_cipher_abort(AES); #endif - return private_AES_set_decrypt_key(userKey, bits, key); - } + return private_AES_set_decrypt_key(userKey, bits, key); +} diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c index 50bf0b832504..e6153f99ba70 100644 --- a/crypto/aes/aes_ofb.c +++ b/crypto/aes/aes_ofb.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,8 +53,9 @@ #include <openssl/modes.h> void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num) + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num) { - CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt); + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f) AES_encrypt); } diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c index e2d73d37ceda..b1ab8e25ef37 100644 --- a/crypto/aes/aes_wrap.c +++ b/crypto/aes/aes_wrap.c @@ -1,5 +1,6 @@ /* crypto/aes/aes_wrap.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,204 +57,194 @@ #include <openssl/bio.h> static const unsigned char default_iv[] = { - 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, }; int AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) - { - unsigned char *A, B[16], *R; - unsigned int i, j, t; - if ((inlen & 0x7) || (inlen < 8)) - return -1; - A = B; - t = 1; - memcpy(out + 8, in, inlen); - if (!iv) - iv = default_iv; - - memcpy(A, iv, 8); - - for (j = 0; j < 6; j++) - { - R = out + 8; - for (i = 0; i < inlen; i += 8, t++, R += 8) - { - memcpy(B + 8, R, 8); - AES_encrypt(B, B, key); - A[7] ^= (unsigned char)(t & 0xff); - if (t > 0xff) - { - A[6] ^= (unsigned char)((t >> 8) & 0xff); - A[5] ^= (unsigned char)((t >> 16) & 0xff); - A[4] ^= (unsigned char)((t >> 24) & 0xff); - } - memcpy(R, B + 8, 8); - } - } - memcpy(out, A, 8); - return inlen + 8; - } + unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + if ((inlen & 0x7) || (inlen < 8)) + return -1; + A = B; + t = 1; + memcpy(out + 8, in, inlen); + if (!iv) + iv = default_iv; + + memcpy(A, iv, 8); + + for (j = 0; j < 6; j++) { + R = out + 8; + for (i = 0; i < inlen; i += 8, t++, R += 8) { + memcpy(B + 8, R, 8); + AES_encrypt(B, B, key); + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(R, B + 8, 8); + } + } + memcpy(out, A, 8); + return inlen + 8; +} int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) - { - unsigned char *A, B[16], *R; - unsigned int i, j, t; - inlen -= 8; - if (inlen & 0x7) - return -1; - if (inlen < 8) - return -1; - A = B; - t = 6 * (inlen >> 3); - memcpy(A, in, 8); - memcpy(out, in + 8, inlen); - for (j = 0; j < 6; j++) - { - R = out + inlen - 8; - for (i = 0; i < inlen; i += 8, t--, R -= 8) - { - A[7] ^= (unsigned char)(t & 0xff); - if (t > 0xff) - { - A[6] ^= (unsigned char)((t >> 8) & 0xff); - A[5] ^= (unsigned char)((t >> 16) & 0xff); - A[4] ^= (unsigned char)((t >> 24) & 0xff); - } - memcpy(B + 8, R, 8); - AES_decrypt(B, B, key); - memcpy(R, B + 8, 8); - } - } - if (!iv) - iv = default_iv; - if (memcmp(A, iv, 8)) - { - OPENSSL_cleanse(out, inlen); - return 0; - } - return inlen; - } + unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + inlen -= 8; + if (inlen & 0x7) + return -1; + if (inlen < 8) + return -1; + A = B; + t = 6 * (inlen >> 3); + memcpy(A, in, 8); + memcpy(out, in + 8, inlen); + for (j = 0; j < 6; j++) { + R = out + inlen - 8; + for (i = 0; i < inlen; i += 8, t--, R -= 8) { + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(B + 8, R, 8); + AES_decrypt(B, B, key); + memcpy(R, B + 8, 8); + } + } + if (!iv) + iv = default_iv; + if (memcmp(A, iv, 8)) { + OPENSSL_cleanse(out, inlen); + return 0; + } + return inlen; +} #ifdef AES_WRAP_TEST int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, - const unsigned char *iv, - const unsigned char *eout, - const unsigned char *key, int keylen) - { - unsigned char *otmp = NULL, *ptmp = NULL; - int r, ret = 0; - AES_KEY wctx; - otmp = OPENSSL_malloc(keylen + 8); - ptmp = OPENSSL_malloc(keylen); - if (!otmp || !ptmp) - return 0; - if (AES_set_encrypt_key(kek, keybits, &wctx)) - goto err; - r = AES_wrap_key(&wctx, iv, otmp, key, keylen); - if (r <= 0) - goto err; - - if (eout && memcmp(eout, otmp, keylen)) - goto err; - - if (AES_set_decrypt_key(kek, keybits, &wctx)) - goto err; - r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); - - if (memcmp(key, ptmp, keylen)) - goto err; - - ret = 1; - - err: - if (otmp) - OPENSSL_free(otmp); - if (ptmp) - OPENSSL_free(ptmp); - - return ret; - - } - + const unsigned char *iv, + const unsigned char *eout, + const unsigned char *key, int keylen) +{ + unsigned char *otmp = NULL, *ptmp = NULL; + int r, ret = 0; + AES_KEY wctx; + otmp = OPENSSL_malloc(keylen + 8); + ptmp = OPENSSL_malloc(keylen); + if (!otmp || !ptmp) + return 0; + if (AES_set_encrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_wrap_key(&wctx, iv, otmp, key, keylen); + if (r <= 0) + goto err; + + if (eout && memcmp(eout, otmp, keylen)) + goto err; + + if (AES_set_decrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); + + if (memcmp(key, ptmp, keylen)) + goto err; + + ret = 1; + + err: + if (otmp) + OPENSSL_free(otmp); + if (ptmp) + OPENSSL_free(ptmp); + + return ret; +} int main(int argc, char **argv) { -static const unsigned char kek[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f -}; - -static const unsigned char key[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; - -static const unsigned char e1[] = { - 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, - 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, - 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 -}; - -static const unsigned char e2[] = { - 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, - 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, - 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d -}; - -static const unsigned char e3[] = { - 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, - 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, - 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 -}; - -static const unsigned char e4[] = { - 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, - 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, - 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, - 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 -}; - -static const unsigned char e5[] = { - 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, - 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, - 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, - 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 -}; - -static const unsigned char e6[] = { - 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, - 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, - 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, - 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, - 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 -}; - - AES_KEY wctx, xctx; - int ret; - ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); - fprintf(stderr, "Key test result %d\n", ret); - ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); - fprintf(stderr, "Key test result %d\n", ret); - ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); - fprintf(stderr, "Key test result %d\n", ret); - ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); - fprintf(stderr, "Key test result %d\n", ret); - ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); - fprintf(stderr, "Key test result %d\n", ret); - ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); - fprintf(stderr, "Key test result %d\n", ret); + static const unsigned char kek[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + + static const unsigned char key[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + + static const unsigned char e1[] = { + 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, + 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, + 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 + }; + + static const unsigned char e2[] = { + 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, + 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, + 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d + }; + + static const unsigned char e3[] = { + 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, + 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, + 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 + }; + + static const unsigned char e4[] = { + 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, + 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, + 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, + 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 + }; + + static const unsigned char e5[] = { + 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, + 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, + 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, + 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 + }; + + static const unsigned char e6[] = { + 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, + 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, + 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, + 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, + 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 + }; + + AES_KEY wctx, xctx; + int ret; + ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); + fprintf(stderr, "Key test result %d\n", ret); } - - + #endif diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index d323e265c05a..1defbb1abfb2 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -31,7 +31,7 @@ * It is used as playground for cache-time attack mitigations and * serves as reference C implementation for x86[_64] assembler. * - * <appro@fy.chalmers.se> + * <appro@fy.chalmers.se> */ @@ -61,14 +61,14 @@ #if 1 static void prefetch256(const void *table) { - volatile unsigned long *t=(void *)table,ret; - unsigned long sum; - int i; + volatile unsigned long *t=(void *)table,ret; + unsigned long sum; + int i; - /* 32 is common least cache-line size */ - for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0])) sum ^= t[i]; + /* 32 is common least cache-line size */ + for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0])) sum ^= t[i]; - ret = sum; + ret = sum; } #else # define prefetch256(t) @@ -79,13 +79,13 @@ static void prefetch256(const void *table) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) typedef unsigned __int64 u64; -#define U64(C) C##UI64 +#define U64(C) C##UI64 #elif defined(__arch64__) typedef unsigned long u64; -#define U64(C) C##UL +#define U64(C) C##UL #else typedef unsigned long long u64; -#define U64(C) C##ULL +#define U64(C) C##ULL #endif #undef ROTATE @@ -93,17 +93,17 @@ typedef unsigned long long u64; # define ROTATE(a,n) _lrotl(a,n) #elif defined(__GNUC__) && __GNUC__>=2 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ( \ + "roll %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ + }) # endif #endif -/* +/*- Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -114,7 +114,7 @@ Te3[x] = S [x].[01, 01, 03, 02]; #define Te1 (u32)((u64*)((u8*)Te+3)) #define Te2 (u32)((u64*)((u8*)Te+2)) #define Te3 (u32)((u64*)((u8*)Te+1)) -/* +/*- Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; Td0[x] = Si[x].[0e, 09, 0d, 0b]; Td1[x] = Si[x].[0b, 0e, 09, 0d]; @@ -468,181 +468,183 @@ static const u32 rcon[] = { * Expand the cipher key into the encryption key schedule. */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { + AES_KEY *key) +{ - u32 *rk; - int i = 0; - u32 temp; + u32 *rk; + int i = 0; + u32 temp; - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; - rk = key->rd_key; + rk = key->rd_key; - if (bits==128) - key->rounds = 10; - else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; + if (bits==128) + key->rounds = 10; + else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp ) & 0xff] ) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 24) ] << 24); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[0] = GETU32(userKey ); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + ((u32)Te4[(temp ) & 0xff] ) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 24) ] << 24); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; - rk += 8; - } - } - return 0; + rk += 8; + } + } + return 0; } /** * Expand the cipher key into the decryption key schedule. */ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { + AES_KEY *key) +{ - u32 *rk; - int i, j, status; - u32 temp; + u32 *rk; + int i, j, status; + u32 temp; - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; + /* first, start with an encryption schedule */ + status = AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; - rk = key->rd_key; + rk = key->rd_key; - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; #if 1 - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + for (j = 0; j < 4; j++) { + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; + tp1 = rk[j]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + rk[j] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,8) ^ ROTATE(tpb,24); #else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ + (tpb >> 8) ^ (tpb << 24); #endif - } + } #else - rk[0] = - Td0[Te2[(rk[0] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[0] >> 24) ] & 0xff]; - rk[1] = - Td0[Te2[(rk[1] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[1] >> 24) ] & 0xff]; - rk[2] = - Td0[Te2[(rk[2] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[2] >> 24) ] & 0xff]; - rk[3] = - Td0[Te2[(rk[3] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[3] >> 24) ] & 0xff]; + rk[0] = + Td0[Te2[(rk[0] ) & 0xff] & 0xff] ^ + Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[0] >> 24) ] & 0xff]; + rk[1] = + Td0[Te2[(rk[1] ) & 0xff] & 0xff] ^ + Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[1] >> 24) ] & 0xff]; + rk[2] = + Td0[Te2[(rk[2] ) & 0xff] & 0xff] ^ + Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[2] >> 24) ] & 0xff]; + rk[3] = + Td0[Te2[(rk[3] ) & 0xff] & 0xff] ^ + Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[3] >> 24) ] & 0xff]; #endif - } - return 0; + } + return 0; } /* @@ -650,210 +652,212 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, * in and out can overlap */ void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { + const AES_KEY *key) +{ - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; + const u32 *rk; + u32 s0, s1, s2, s3, t[4]; + int r; - assert(in && out && key); - rk = key->rd_key; + assert(in && out && key); + rk = key->rd_key; - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; #if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); + prefetch256(Te4); - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; - /* now do the linear transform using words */ - { int i; - u32 r0, r1, r2; + /* now do the linear transform using words */ + { int i; + u32 r0, r1, r2; - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); + for (i = 0; i < 4; i++) { + r0 = t[i]; + r1 = r0 & 0x80808080; + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ + ((r1 - (r1 >> 7)) & 0x1b1b1b1b); #if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); + t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ + ROTATE(r0,16) ^ ROTATE(r0,8); #else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ + (r0 << 16) ^ (r0 >> 16) ^ + (r0 << 8) ^ (r0 >> 24); #endif - t[i] ^= rk[4+i]; - } - } + t[i] ^= rk[4+i]; + } + } #else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[4]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[5]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[6]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[7]; + t[0] = Te0[(s0 ) & 0xff] ^ + Te1[(s1 >> 8) & 0xff] ^ + Te2[(s2 >> 16) & 0xff] ^ + Te3[(s3 >> 24) ] ^ + rk[4]; + t[1] = Te0[(s1 ) & 0xff] ^ + Te1[(s2 >> 8) & 0xff] ^ + Te2[(s3 >> 16) & 0xff] ^ + Te3[(s0 >> 24) ] ^ + rk[5]; + t[2] = Te0[(s2 ) & 0xff] ^ + Te1[(s3 >> 8) & 0xff] ^ + Te2[(s0 >> 16) & 0xff] ^ + Te3[(s1 >> 24) ] ^ + rk[6]; + t[3] = Te0[(s3 ) & 0xff] ^ + Te1[(s0 >> 8) & 0xff] ^ + Te2[(s1 >> 16) & 0xff] ^ + Te3[(s2 >> 24) ] ^ + rk[7]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; /* * Nr - 2 full rounds: */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; - /* now do the linear transform using words */ - { int i; - u32 r0, r1, r2; + /* now do the linear transform using words */ + { + int i; + u32 r0, r1, r2; - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); + for (i = 0; i < 4; i++) { + r0 = t[i]; + r1 = r0 & 0x80808080; + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ + ((r1 - (r1 >> 7)) & 0x1b1b1b1b); #if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); + t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ + ROTATE(r0,16) ^ ROTATE(r0,8); #else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ + (r0 << 16) ^ (r0 >> 16) ^ + (r0 << 8) ^ (r0 >> 24); #endif - t[i] ^= rk[i]; - } - } + t[i] ^= rk[i]; + } + } #else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[0]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[1]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[2]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[3]; + t[0] = Te0[(s0 ) & 0xff] ^ + Te1[(s1 >> 8) & 0xff] ^ + Te2[(s2 >> 16) & 0xff] ^ + Te3[(s3 >> 24) ] ^ + rk[0]; + t[1] = Te0[(s1 ) & 0xff] ^ + Te1[(s2 >> 8) & 0xff] ^ + Te2[(s3 >> 16) & 0xff] ^ + Te3[(s0 >> 24) ] ^ + rk[1]; + t[2] = Te0[(s2 ) & 0xff] ^ + Te1[(s3 >> 8) & 0xff] ^ + Te2[(s0 >> 16) & 0xff] ^ + Te3[(s1 >> 24) ] ^ + rk[2]; + t[3] = Te0[(s3 ) & 0xff] ^ + Te1[(s0 >> 8) & 0xff] ^ + Te2[(s1 >> 16) & 0xff] ^ + Te3[(s2 >> 24) ] ^ + rk[3]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; } /* - * apply last round and - * map cipher state to byte array block: - */ + * apply last round and + * map cipher state to byte array block: + */ #if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); + prefetch256(Te4); - *(u32*)(out+0) = - Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24 ^ - rk[0]; - *(u32*)(out+4) = - Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24 ^ - rk[1]; - *(u32*)(out+8) = - Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24 ^ - rk[2]; - *(u32*)(out+12) = - Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24 ^ - rk[3]; + *(u32*)(out+0) = + (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24 ^ + rk[0]; + *(u32*)(out+4) = + (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24 ^ + rk[1]; + *(u32*)(out+8) = + (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24 ^ + rk[2]; + *(u32*)(out+12) = + (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24 ^ + rk[3]; #else - *(u32*)(out+0) = - (Te2[(s0 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s3 >> 24) ] & 0xff000000U) ^ - rk[0]; - *(u32*)(out+4) = - (Te2[(s1 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s0 >> 24) ] & 0xff000000U) ^ - rk[1]; - *(u32*)(out+8) = - (Te2[(s2 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s1 >> 24) ] & 0xff000000U) ^ - rk[2]; - *(u32*)(out+12) = - (Te2[(s3 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s2 >> 24) ] & 0xff000000U) ^ - rk[3]; + *(u32*)(out+0) = + (Te2[(s0 ) & 0xff] & 0x000000ffU) ^ + (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s3 >> 24) ] & 0xff000000U) ^ + rk[0]; + *(u32*)(out+4) = + (Te2[(s1 ) & 0xff] & 0x000000ffU) ^ + (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s0 >> 24) ] & 0xff000000U) ^ + rk[1]; + *(u32*)(out+8) = + (Te2[(s2 ) & 0xff] & 0x000000ffU) ^ + (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s1 >> 24) ] & 0xff000000U) ^ + rk[2]; + *(u32*)(out+12) = + (Te2[(s3 ) & 0xff] & 0x000000ffU) ^ + (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s2 >> 24) ] & 0xff000000U) ^ + rk[3]; #endif } @@ -862,202 +866,205 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, * in and out can overlap */ void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { + const AES_KEY *key) +{ - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; + const u32 *rk; + u32 s0, s1, s2, s3, t[4]; + int r; - assert(in && out && key); - rk = key->rd_key; + assert(in && out && key); + rk = key->rd_key; - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; #if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Td4); + prefetch256(Td4); - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; - /* now do the linear transform using words */ - { int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + /* now do the linear transform using words */ + { + int i; + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; + for (i = 0; i < 4; i++) { + tp1 = t[i]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + t[i] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,8) ^ ROTATE(tpb,24); #else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ + (tpb >> 8) ^ (tpb << 24); #endif - t[i] ^= rk[4+i]; - } - } + t[i] ^= rk[4+i]; + } + } #else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[4]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[5]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[6]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[7]; + t[0] = Td0[(s0 ) & 0xff] ^ + Td1[(s3 >> 8) & 0xff] ^ + Td2[(s2 >> 16) & 0xff] ^ + Td3[(s1 >> 24) ] ^ + rk[4]; + t[1] = Td0[(s1 ) & 0xff] ^ + Td1[(s0 >> 8) & 0xff] ^ + Td2[(s3 >> 16) & 0xff] ^ + Td3[(s2 >> 24) ] ^ + rk[5]; + t[2] = Td0[(s2 ) & 0xff] ^ + Td1[(s1 >> 8) & 0xff] ^ + Td2[(s0 >> 16) & 0xff] ^ + Td3[(s3 >> 24) ] ^ + rk[6]; + t[3] = Td0[(s3 ) & 0xff] ^ + Td1[(s2 >> 8) & 0xff] ^ + Td2[(s1 >> 16) & 0xff] ^ + Td3[(s0 >> 24) ] ^ + rk[7]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; /* * Nr - 2 full rounds: */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; - /* now do the linear transform using words */ - { int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + /* now do the linear transform using words */ + { + int i; + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; + for (i = 0; i < 4; i++) { + tp1 = t[i]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + t[i] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,8) ^ ROTATE(tpb,24); #else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ + (tpb >> 8) ^ (tpb << 24); #endif - t[i] ^= rk[i]; - } - } + t[i] ^= rk[i]; + } + } #else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[0]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[1]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[2]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[3]; + t[0] = Td0[(s0 ) & 0xff] ^ + Td1[(s3 >> 8) & 0xff] ^ + Td2[(s2 >> 16) & 0xff] ^ + Td3[(s1 >> 24) ] ^ + rk[0]; + t[1] = Td0[(s1 ) & 0xff] ^ + Td1[(s0 >> 8) & 0xff] ^ + Td2[(s3 >> 16) & 0xff] ^ + Td3[(s2 >> 24) ] ^ + rk[1]; + t[2] = Td0[(s2 ) & 0xff] ^ + Td1[(s1 >> 8) & 0xff] ^ + Td2[(s0 >> 16) & 0xff] ^ + Td3[(s3 >> 24) ] ^ + rk[2]; + t[3] = Td0[(s3 ) & 0xff] ^ + Td1[(s2 >> 8) & 0xff] ^ + Td2[(s1 >> 16) & 0xff] ^ + Td3[(s0 >> 24) ] ^ + rk[3]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; } /* - * apply last round and - * map cipher state to byte array block: - */ - prefetch256(Td4); + * apply last round and + * map cipher state to byte array block: + */ + prefetch256(Td4); - *(u32*)(out+0) = - (Td4[(s0 ) & 0xff]) ^ - (Td4[(s3 >> 8) & 0xff] << 8) ^ - (Td4[(s2 >> 16) & 0xff] << 16) ^ - (Td4[(s1 >> 24) ] << 24) ^ - rk[0]; - *(u32*)(out+4) = - (Td4[(s1 ) & 0xff]) ^ - (Td4[(s0 >> 8) & 0xff] << 8) ^ - (Td4[(s3 >> 16) & 0xff] << 16) ^ - (Td4[(s2 >> 24) ] << 24) ^ - rk[1]; - *(u32*)(out+8) = - (Td4[(s2 ) & 0xff]) ^ - (Td4[(s1 >> 8) & 0xff] << 8) ^ - (Td4[(s0 >> 16) & 0xff] << 16) ^ - (Td4[(s3 >> 24) ] << 24) ^ - rk[2]; - *(u32*)(out+12) = - (Td4[(s3 ) & 0xff]) ^ - (Td4[(s2 >> 8) & 0xff] << 8) ^ - (Td4[(s1 >> 16) & 0xff] << 16) ^ - (Td4[(s0 >> 24) ] << 24) ^ - rk[3]; + *(u32*)(out+0) = + ((u32)Td4[(s0 ) & 0xff]) ^ + ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s1 >> 24) ] << 24) ^ + rk[0]; + *(u32*)(out+4) = + ((u32)Td4[(s1 ) & 0xff]) ^ + ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s2 >> 24) ] << 24) ^ + rk[1]; + *(u32*)(out+8) = + ((u32)Td4[(s2 ) & 0xff]) ^ + ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s3 >> 24) ] << 24) ^ + rk[2]; + *(u32*)(out+12) = + ((u32)Td4[(s3 ) & 0xff]) ^ + ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s0 >> 24) ] << 24) ^ + rk[3]; } diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 5a8310768003..b65437162596 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -1,51 +1,51 @@ #ifndef __ARM_ARCH_H__ -#define __ARM_ARCH_H__ +# define __ARM_ARCH_H__ -#if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) +# if !defined(__ARM_ARCH__) +# if defined(__CC_ARM) +# define __ARM_ARCH__ __TARGET_ARCH_ARM +# if defined(__BIG_ENDIAN) +# define __ARMEB__ +# else +# define __ARMEL__ +# endif +# elif defined(__GNUC__) /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectires[] table in * gcc/config/arm/arm.c. On a side note it defines * __ARMEL__/__ARMEB__ for little-/big-endian. */ -# if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" +# if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ + defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ + defined(__ARM_ARCH_7EM__) +# define __ARM_ARCH__ 7 +# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ + defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ + defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ + defined(__ARM_ARCH_6T2__) +# define __ARM_ARCH__ 6 +# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ + defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ + defined(__ARM_ARCH_5TEJ__) +# define __ARM_ARCH__ 5 +# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +# define __ARM_ARCH__ 4 +# else +# error "unsupported ARM architecture" +# endif # endif # endif -#endif -#ifdef OPENSSL_FIPSCANISTER -#include <openssl/fipssyms.h> -#endif +# ifdef OPENSSL_FIPSCANISTER +# include <openssl/fipssyms.h> +# endif -#if !__ASSEMBLER__ +# if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; - -#define ARMV7_NEON (1<<0) -#define ARMV7_TICK (1<<1) -#endif + +# define ARMV7_NEON (1<<0) +# define ARMV7_TICK (1<<1) +# endif #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 9abaf396e53e..28522ea86784 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -12,7 +12,10 @@ unsigned int OPENSSL_armcap_P; static sigset_t all_masked; static sigjmp_buf ill_jmp; -static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } +static void ill_handler(int sig) +{ + siglongjmp(ill_jmp, sig); +} /* * Following subroutines could have been inlined, but it's not all @@ -22,59 +25,57 @@ void _armv7_neon_probe(void); unsigned int _armv7_tick(void); unsigned int OPENSSL_rdtsc(void) - { - if (OPENSSL_armcap_P & ARMV7_TICK) - return _armv7_tick(); - else - return 0; - } +{ + if (OPENSSL_armcap_P & ARMV7_TICK) + return _armv7_tick(); + else + return 0; +} #if defined(__GNUC__) && __GNUC__>=2 -void OPENSSL_cpuid_setup(void) __attribute__((constructor)); +void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); #endif void OPENSSL_cpuid_setup(void) - { - char *e; - struct sigaction ill_oact,ill_act; - sigset_t oset; - static int trigger=0; +{ + char *e; + struct sigaction ill_oact, ill_act; + sigset_t oset; + static int trigger = 0; - if (trigger) return; - trigger=1; - - if ((e=getenv("OPENSSL_armcap"))) - { - OPENSSL_armcap_P=strtoul(e,NULL,0); - return; - } + if (trigger) + return; + trigger = 1; - sigfillset(&all_masked); - sigdelset(&all_masked,SIGILL); - sigdelset(&all_masked,SIGTRAP); - sigdelset(&all_masked,SIGFPE); - sigdelset(&all_masked,SIGBUS); - sigdelset(&all_masked,SIGSEGV); + if ((e = getenv("OPENSSL_armcap"))) { + OPENSSL_armcap_P = strtoul(e, NULL, 0); + return; + } - OPENSSL_armcap_P = 0; + sigfillset(&all_masked); + sigdelset(&all_masked, SIGILL); + sigdelset(&all_masked, SIGTRAP); + sigdelset(&all_masked, SIGFPE); + sigdelset(&all_masked, SIGBUS); + sigdelset(&all_masked, SIGSEGV); - memset(&ill_act,0,sizeof(ill_act)); - ill_act.sa_handler = ill_handler; - ill_act.sa_mask = all_masked; + OPENSSL_armcap_P = 0; - sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); - sigaction(SIGILL,&ill_act,&ill_oact); + memset(&ill_act, 0, sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + ill_act.sa_mask = all_masked; - if (sigsetjmp(ill_jmp,1) == 0) - { - _armv7_neon_probe(); - OPENSSL_armcap_P |= ARMV7_NEON; - } - if (sigsetjmp(ill_jmp,1) == 0) - { - _armv7_tick(); - OPENSSL_armcap_P |= ARMV7_TICK; - } + sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); + sigaction(SIGILL, &ill_act, &ill_oact); - sigaction (SIGILL,&ill_oact,NULL); - sigprocmask(SIG_SETMASK,&oset,NULL); - } + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv7_neon_probe(); + OPENSSL_armcap_P |= ARMV7_NEON; + } + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv7_tick(); + OPENSSL_armcap_P |= ARMV7_TICK; + } + + sigaction(SIGILL, &ill_oact, NULL); + sigprocmask(SIG_SETMASK, &oset, NULL); +} diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 4117a67dc36f..f906188b114b 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,193 +61,202 @@ #include <openssl/asn1.h> int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) -{ return M_ASN1_BIT_STRING_set(x, d, len); } +{ + return M_ASN1_BIT_STRING_set(x, d, len); +} int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) - { - int ret,j,bits,len; - unsigned char *p,*d; - - if (a == NULL) return(0); - - len=a->length; - - if (len > 0) - { - if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) - { - bits=(int)a->flags&0x07; - } - else - { - for ( ; len > 0; len--) - { - if (a->data[len-1]) break; - } - j=a->data[len-1]; - if (j & 0x01) bits=0; - else if (j & 0x02) bits=1; - else if (j & 0x04) bits=2; - else if (j & 0x08) bits=3; - else if (j & 0x10) bits=4; - else if (j & 0x20) bits=5; - else if (j & 0x40) bits=6; - else if (j & 0x80) bits=7; - else bits=0; /* should not happen */ - } - } - else - bits=0; - - ret=1+len; - if (pp == NULL) return(ret); - - p= *pp; - - *(p++)=(unsigned char)bits; - d=a->data; - memcpy(p,d,len); - p+=len; - if (len > 0) p[-1]&=(0xff<<bits); - *pp=p; - return(ret); - } +{ + int ret, j, bits, len; + unsigned char *p, *d; + + if (a == NULL) + return (0); + + len = a->length; + + if (len > 0) { + if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) { + bits = (int)a->flags & 0x07; + } else { + for (; len > 0; len--) { + if (a->data[len - 1]) + break; + } + j = a->data[len - 1]; + if (j & 0x01) + bits = 0; + else if (j & 0x02) + bits = 1; + else if (j & 0x04) + bits = 2; + else if (j & 0x08) + bits = 3; + else if (j & 0x10) + bits = 4; + else if (j & 0x20) + bits = 5; + else if (j & 0x40) + bits = 6; + else if (j & 0x80) + bits = 7; + else + bits = 0; /* should not happen */ + } + } else + bits = 0; + + ret = 1 + len; + if (pp == NULL) + return (ret); + + p = *pp; + + *(p++) = (unsigned char)bits; + d = a->data; + memcpy(p, d, len); + p += len; + if (len > 0) + p[-1] &= (0xff << bits); + *pp = p; + return (ret); +} ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long len) - { - ASN1_BIT_STRING *ret=NULL; - const unsigned char *p; - unsigned char *s; - int i; - - if (len < 1) - { - i=ASN1_R_STRING_TOO_SHORT; - goto err; - } - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); - - p= *pp; - i= *(p++); - if (i > 7) - { - i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; - goto err; - } - /* We do this to preserve the settings. If we modify - * the settings, via the _set_bit function, we will recalculate - * on output */ - ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ - - if (len-- > 1) /* using one because of the bits left byte */ - { - s=(unsigned char *)OPENSSL_malloc((int)len); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - memcpy(s,p,(int)len); - s[len-1]&=(0xff<<i); - p+=len; - } - else - s=NULL; - - ret->length=(int)len; - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->type=V_ASN1_BIT_STRING; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_BIT_STRING_free(ret); - return(NULL); - } - -/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> + const unsigned char **pp, long len) +{ + ASN1_BIT_STRING *ret = NULL; + const unsigned char *p; + unsigned char *s; + int i; + + if (len < 1) { + i = ASN1_R_STRING_TOO_SHORT; + goto err; + } + + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = M_ASN1_BIT_STRING_new()) == NULL) + return (NULL); + } else + ret = (*a); + + p = *pp; + i = *(p++); + if (i > 7) { + i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } + /* + * We do this to preserve the settings. If we modify the settings, via + * the _set_bit function, we will recalculate on output + */ + ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ + ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ + + if (len-- > 1) { /* using one because of the bits left byte */ + s = (unsigned char *)OPENSSL_malloc((int)len); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + memcpy(s, p, (int)len); + s[len - 1] &= (0xff << i); + p += len; + } else + s = NULL; + + ret->length = (int)len; + if (ret->data != NULL) + OPENSSL_free(ret->data); + ret->data = s; + ret->type = V_ASN1_BIT_STRING; + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_BIT_STRING_free(ret); + return (NULL); +} + +/* + * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> */ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) - { - int w,v,iv; - unsigned char *c; - - w=n/8; - v=1<<(7-(n&0x07)); - iv= ~v; - if (!value) v=0; - - if (a == NULL) - return 0; - - a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ - - if ((a->length < (w+1)) || (a->data == NULL)) - { - if (!value) return(1); /* Don't need to set */ - if (a->data == NULL) - c=(unsigned char *)OPENSSL_malloc(w+1); - else - c=(unsigned char *)OPENSSL_realloc_clean(a->data, - a->length, - w+1); - if (c == NULL) - { - ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); - return 0; - } - if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); - a->data=c; - a->length=w+1; - } - a->data[w]=((a->data[w])&iv)|v; - while ((a->length > 0) && (a->data[a->length-1] == 0)) - a->length--; - return(1); - } +{ + int w, v, iv; + unsigned char *c; + + w = n / 8; + v = 1 << (7 - (n & 0x07)); + iv = ~v; + if (!value) + v = 0; + + if (a == NULL) + return 0; + + a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ + + if ((a->length < (w + 1)) || (a->data == NULL)) { + if (!value) + return (1); /* Don't need to set */ + if (a->data == NULL) + c = (unsigned char *)OPENSSL_malloc(w + 1); + else + c = (unsigned char *)OPENSSL_realloc_clean(a->data, + a->length, w + 1); + if (c == NULL) { + ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); + return 0; + } + if (w + 1 - a->length > 0) + memset(c + a->length, 0, w + 1 - a->length); + a->data = c; + a->length = w + 1; + } + a->data[w] = ((a->data[w]) & iv) | v; + while ((a->length > 0) && (a->data[a->length - 1] == 0)) + a->length--; + return (1); +} int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) - { - int w,v; +{ + int w, v; - w=n/8; - v=1<<(7-(n&0x07)); - if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) - return(0); - return((a->data[w]&v) != 0); - } + w = n / 8; + v = 1 << (7 - (n & 0x07)); + if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) + return (0); + return ((a->data[w] & v) != 0); +} /* - * Checks if the given bit string contains only bits specified by + * Checks if the given bit string contains only bits specified by * the flags vector. Returns 0 if there is at least one bit set in 'a' * which is not specified in 'flags', 1 otherwise. * 'len' is the length of 'flags'. */ int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, - unsigned char *flags, int flags_len) - { - int i, ok; - /* Check if there is one bit set at all. */ - if (!a || !a->data) return 1; - - /* Check each byte of the internal representation of the bit string. */ - ok = 1; - for (i = 0; i < a->length && ok; ++i) - { - unsigned char mask = i < flags_len ? ~flags[i] : 0xff; - /* We are done if there is an unneeded bit set. */ - ok = (a->data[i] & mask) == 0; - } - return ok; - } + unsigned char *flags, int flags_len) +{ + int i, ok; + /* Check if there is one bit set at all. */ + if (!a || !a->data) + return 1; + + /* + * Check each byte of the internal representation of the bit string. + */ + ok = 1; + for (i = 0; i < a->length && ok; ++i) { + unsigned char mask = i < flags_len ? ~flags[i] : 0xff; + /* We are done if there is an unneeded bit set. */ + ok = (a->data[i] & mask) == 0; + } + return ok; +} diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c index 331acdf05350..1b85bc9e61cd 100644 --- a/crypto/asn1/a_bool.c +++ b/crypto/asn1/a_bool.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,54 +61,51 @@ #include <openssl/asn1t.h> int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) - { - int r; - unsigned char *p; +{ + int r; + unsigned char *p; - r=ASN1_object_size(0,1,V_ASN1_BOOLEAN); - if (pp == NULL) return(r); - p= *pp; + r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); + if (pp == NULL) + return (r); + p = *pp; - ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL); - *(p++)= (unsigned char)a; - *pp=p; - return(r); - } + ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); + *(p++) = (unsigned char)a; + *pp = p; + return (r); +} int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) - { - int ret= -1; - const unsigned char *p; - long len; - int inf,tag,xclass; - int i=0; - - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_BOOLEAN) - { - i=ASN1_R_EXPECTING_A_BOOLEAN; - goto err; - } +{ + int ret = -1; + const unsigned char *p; + long len; + int inf, tag, xclass; + int i = 0; - if (len != 1) - { - i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH; - goto err; - } - ret= (int)*(p++); - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); - return(ret); - } + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + if (tag != V_ASN1_BOOLEAN) { + i = ASN1_R_EXPECTING_A_BOOLEAN; + goto err; + } + if (len != 1) { + i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; + goto err; + } + ret = (int)*(p++); + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); + return (ret); +} diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c index 92d630cdbaf8..12715a72809d 100644 --- a/crypto/asn1/a_bytes.c +++ b/crypto/asn1/a_bytes.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,254 +61,246 @@ #include <openssl/asn1.h> static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); -/* type is a 'bitmap' of acceptable string types. +/* + * type is a 'bitmap' of acceptable string types. */ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, - long length, int type) - { - ASN1_STRING *ret=NULL; - const unsigned char *p; - unsigned char *s; - long len; - int inf,tag,xclass; - int i=0; + long length, int type) +{ + ASN1_STRING *ret = NULL; + const unsigned char *p; + unsigned char *s; + long len; + int inf, tag, xclass; + int i = 0; - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) goto err; + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) + goto err; - if (tag >= 32) - { - i=ASN1_R_TAG_VALUE_TOO_HIGH; - goto err; - } - if (!(ASN1_tag2bit(tag) & type)) - { - i=ASN1_R_WRONG_TYPE; - goto err; - } + if (tag >= 32) { + i = ASN1_R_TAG_VALUE_TOO_HIGH; + goto err; + } + if (!(ASN1_tag2bit(tag) & type)) { + i = ASN1_R_WRONG_TYPE; + goto err; + } - /* If a bit-string, exit early */ - if (tag == V_ASN1_BIT_STRING) - return(d2i_ASN1_BIT_STRING(a,pp,length)); + /* If a bit-string, exit early */ + if (tag == V_ASN1_BIT_STRING) + return (d2i_ASN1_BIT_STRING(a, pp, length)); - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=ASN1_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = ASN1_STRING_new()) == NULL) + return (NULL); + } else + ret = (*a); - if (len != 0) - { - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - memcpy(s,p,(int)len); - s[len]='\0'; - p+=len; - } - else - s=NULL; + if (len != 0) { + s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + memcpy(s, p, (int)len); + s[len] = '\0'; + p += len; + } else + s = NULL; - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->length=(int)len; - ret->data=s; - ret->type=tag; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_STRING_free(ret); - return(NULL); - } + if (ret->data != NULL) + OPENSSL_free(ret->data); + ret->length = (int)len; + ret->data = s; + ret->type = tag; + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_STRING_free(ret); + return (NULL); +} int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) - { - int ret,r,constructed; - unsigned char *p; +{ + int ret, r, constructed; + unsigned char *p; - if (a == NULL) return(0); + if (a == NULL) + return (0); - if (tag == V_ASN1_BIT_STRING) - return(i2d_ASN1_BIT_STRING(a,pp)); - - ret=a->length; - r=ASN1_object_size(0,ret,tag); - if (pp == NULL) return(r); - p= *pp; + if (tag == V_ASN1_BIT_STRING) + return (i2d_ASN1_BIT_STRING(a, pp)); - if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) - constructed=1; - else - constructed=0; - ASN1_put_object(&p,constructed,ret,tag,xclass); - memcpy(p,a->data,a->length); - p+=a->length; - *pp= p; - return(r); - } + ret = a->length; + r = ASN1_object_size(0, ret, tag); + if (pp == NULL) + return (r); + p = *pp; -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, - long length, int Ptag, int Pclass) - { - ASN1_STRING *ret=NULL; - const unsigned char *p; - unsigned char *s; - long len; - int inf,tag,xclass; - int i=0; + if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) + constructed = 1; + else + constructed = 0; + ASN1_put_object(&p, constructed, ret, tag, xclass); + memcpy(p, a->data, a->length); + p += a->length; + *pp = p; + return (r); +} - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=ASN1_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, + long length, int Ptag, int Pclass) +{ + ASN1_STRING *ret = NULL; + const unsigned char *p; + unsigned char *s; + long len; + int inf, tag, xclass; + int i = 0; - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = ASN1_STRING_new()) == NULL) + return (NULL); + } else + ret = (*a); - if (tag != Ptag) - { - i=ASN1_R_WRONG_TAG; - goto err; - } + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; + goto err; + } - if (inf & V_ASN1_CONSTRUCTED) - { - ASN1_const_CTX c; + if (tag != Ptag) { + i = ASN1_R_WRONG_TAG; + goto err; + } - c.pp=pp; - c.p=p; - c.inf=inf; - c.slen=len; - c.tag=Ptag; - c.xclass=Pclass; - c.max=(length == 0)?0:(p+length); - if (!asn1_collate_primitive(ret,&c)) - goto err; - else - { - p=c.p; - } - } - else - { - if (len != 0) - { - if ((ret->length < len) || (ret->data == NULL)) - { - if (ret->data != NULL) OPENSSL_free(ret->data); - s=(unsigned char *)OPENSSL_malloc((int)len + 1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - } - else - s=ret->data; - memcpy(s,p,(int)len); - s[len] = '\0'; - p+=len; - } - else - { - s=NULL; - if (ret->data != NULL) OPENSSL_free(ret->data); - } + if (inf & V_ASN1_CONSTRUCTED) { + ASN1_const_CTX c; - ret->length=(int)len; - ret->data=s; - ret->type=Ptag; - } + c.pp = pp; + c.p = p; + c.inf = inf; + c.slen = len; + c.tag = Ptag; + c.xclass = Pclass; + c.max = (length == 0) ? 0 : (p + length); + if (!asn1_collate_primitive(ret, &c)) + goto err; + else { + p = c.p; + } + } else { + if (len != 0) { + if ((ret->length < len) || (ret->data == NULL)) { + if (ret->data != NULL) + OPENSSL_free(ret->data); + s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + } else + s = ret->data; + memcpy(s, p, (int)len); + s[len] = '\0'; + p += len; + } else { + s = NULL; + if (ret->data != NULL) + OPENSSL_free(ret->data); + } - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_STRING_free(ret); - ASN1err(ASN1_F_D2I_ASN1_BYTES,i); - return(NULL); - } + ret->length = (int)len; + ret->data = s; + ret->type = Ptag; + } + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_STRING_free(ret); + ASN1err(ASN1_F_D2I_ASN1_BYTES, i); + return (NULL); +} -/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse - * them into the one structure that is then returned */ -/* There have been a few bug fixes for this function from - * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ +/* + * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them + * into the one structure that is then returned + */ +/* + * There have been a few bug fixes for this function from Paul Keogh + * <paul.keogh@sse.ie>, many thanks to him + */ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) - { - ASN1_STRING *os=NULL; - BUF_MEM b; - int num; - - b.length=0; - b.max=0; - b.data=NULL; +{ + ASN1_STRING *os = NULL; + BUF_MEM b; + int num; - if (a == NULL) - { - c->error=ERR_R_PASSED_NULL_PARAMETER; - goto err; - } + b.length = 0; + b.max = 0; + b.data = NULL; - num=0; - for (;;) - { - if (c->inf & 1) - { - c->eos=ASN1_const_check_infinite_end(&c->p, - (long)(c->max-c->p)); - if (c->eos) break; - } - else - { - if (c->slen <= 0) break; - } + if (a == NULL) { + c->error = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } - c->q=c->p; - if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) - == NULL) - { - c->error=ERR_R_ASN1_LIB; - goto err; - } + num = 0; + for (;;) { + if (c->inf & 1) { + c->eos = ASN1_const_check_infinite_end(&c->p, + (long)(c->max - c->p)); + if (c->eos) + break; + } else { + if (c->slen <= 0) + break; + } - if (!BUF_MEM_grow_clean(&b,num+os->length)) - { - c->error=ERR_R_BUF_LIB; - goto err; - } - memcpy(&(b.data[num]),os->data,os->length); - if (!(c->inf & 1)) - c->slen-=(c->p-c->q); - num+=os->length; - } + c->q = c->p; + if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass) + == NULL) { + c->error = ERR_R_ASN1_LIB; + goto err; + } - if (!asn1_const_Finish(c)) goto err; + if (!BUF_MEM_grow_clean(&b, num + os->length)) { + c->error = ERR_R_BUF_LIB; + goto err; + } + memcpy(&(b.data[num]), os->data, os->length); + if (!(c->inf & 1)) + c->slen -= (c->p - c->q); + num += os->length; + } - a->length=num; - if (a->data != NULL) OPENSSL_free(a->data); - a->data=(unsigned char *)b.data; - if (os != NULL) ASN1_STRING_free(os); - return(1); -err: - ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); - if (os != NULL) ASN1_STRING_free(os); - if (b.data != NULL) OPENSSL_free(b.data); - return(0); - } + if (!asn1_const_Finish(c)) + goto err; + a->length = num; + if (a->data != NULL) + OPENSSL_free(a->data); + a->data = (unsigned char *)b.data; + if (os != NULL) + ASN1_STRING_free(os); + return (1); + err: + ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error); + if (os != NULL) + ASN1_STRING_free(os); + if (b.data != NULL) + OPENSSL_free(b.data); + return (0); +} diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index 52b2ebdb631b..a1864b42c977 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,222 +65,204 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); #ifndef NO_OLD_ASN1 -#ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_FP_API -void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) - { - BIO *b; - void *ret; +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) +{ + BIO *b; + void *ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); - return(NULL); - } - BIO_set_fp(b,in,BIO_NOCLOSE); - ret=ASN1_d2i_bio(xnew,d2i,b,x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_d2i_bio(xnew, d2i, b, x); + BIO_free(b); + return (ret); +} +# endif -void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) - { - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret=NULL; - int len; +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; - len = asn1_d2i_read_bio(in, &b); - if(len < 0) goto err; + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; - p=(unsigned char *)b->data; - ret=d2i(x,&p,len); -err: - if (b != NULL) BUF_MEM_free(b); - return(ret); - } + p = (unsigned char *)b->data; + ret = d2i(x, &p, len); + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} #endif void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) - { - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret=NULL; - int len; +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; - len = asn1_d2i_read_bio(in, &b); - if(len < 0) goto err; + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; - p=(const unsigned char *)b->data; - ret=ASN1_item_d2i(x,&p,len, it); -err: - if (b != NULL) BUF_MEM_free(b); - return(ret); - } + p = (const unsigned char *)b->data; + ret = ASN1_item_d2i(x, &p, len, it); + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} #ifndef OPENSSL_NO_FP_API void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) - { - BIO *b; - char *ret; +{ + BIO *b; + char *ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); - return(NULL); - } - BIO_set_fp(b,in,BIO_NOCLOSE); - ret=ASN1_item_d2i_bio(it,b,x); - BIO_free(b); - return(ret); - } + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_item_d2i_bio(it, b, x); + BIO_free(b); + return (ret); +} #endif #define HEADER_SIZE 8 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - { - BUF_MEM *b; - unsigned char *p; - int i; - ASN1_const_CTX c; - size_t want=HEADER_SIZE; - int eos=0; - size_t off=0; - size_t len=0; +{ + BUF_MEM *b; + unsigned char *p; + int i; + ASN1_const_CTX c; + size_t want = HEADER_SIZE; + int eos = 0; + size_t off = 0; + size_t len = 0; - b=BUF_MEM_new(); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); - return -1; - } + b = BUF_MEM_new(); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + return -1; + } - ERR_clear_error(); - for (;;) - { - if (want >= (len-off)) - { - want-=(len-off); + ERR_clear_error(); + for (;;) { + if (want >= (len - off)) { + want -= (len - off); - if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); - goto err; - } - i=BIO_read(in,&(b->data[len]),want); - if ((i < 0) && ((len-off) == 0)) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); - goto err; - } - if (i > 0) - { - if (len+i < len) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); - goto err; - } - len+=i; - } - } - /* else data already loaded */ + if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + i = BIO_read(in, &(b->data[len]), want); + if ((i < 0) && ((len - off) == 0)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + if (i > 0) { + if (len + i < len) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } + len += i; + } + } + /* else data already loaded */ - p=(unsigned char *)&(b->data[off]); - c.p=p; - c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass), - len-off); - if (c.inf & 0x80) - { - unsigned long e; + p = (unsigned char *)&(b->data[off]); + c.p = p; + c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), + len - off); + if (c.inf & 0x80) { + unsigned long e; - e=ERR_GET_REASON(ERR_peek_error()); - if (e != ASN1_R_TOO_LONG) - goto err; - else - ERR_clear_error(); /* clear error */ - } - i=c.p-p;/* header length */ - off+=i; /* end of data */ + e = ERR_GET_REASON(ERR_peek_error()); + if (e != ASN1_R_TOO_LONG) + goto err; + else + ERR_clear_error(); /* clear error */ + } + i = c.p - p; /* header length */ + off += i; /* end of data */ - if (c.inf & 1) - { - /* no data body so go round again */ - eos++; - if (eos < 0) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); - goto err; - } - want=HEADER_SIZE; - } - else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) - { - /* eos value, so go back and read another header */ - eos--; - if (eos <= 0) - break; - else - want=HEADER_SIZE; - } - else - { - /* suck in c.slen bytes of data */ - want=c.slen; - if (want > (len-off)) - { - want-=(len-off); - if (want > INT_MAX /* BIO_read takes an int length */ || - len+want < len) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); - goto err; - } - if (!BUF_MEM_grow_clean(b,len+want)) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); - goto err; - } - while (want > 0) - { - i=BIO_read(in,&(b->data[len]),want); - if (i <= 0) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_NOT_ENOUGH_DATA); - goto err; - } - /* This can't overflow because - * |len+want| didn't overflow. */ - len+=i; - want-=i; - } - } - if (off + c.slen < off) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); - goto err; - } - off+=c.slen; - if (eos <= 0) - { - break; - } - else - want=HEADER_SIZE; - } - } + if (c.inf & 1) { + /* no data body so go round again */ + eos++; + if (eos < 0) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); + goto err; + } + want = HEADER_SIZE; + } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { + /* eos value, so go back and read another header */ + eos--; + if (eos <= 0) + break; + else + want = HEADER_SIZE; + } else { + /* suck in c.slen bytes of data */ + want = c.slen; + if (want > (len - off)) { + want -= (len - off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len + want < len) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } + if (!BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + while (want > 0) { + i = BIO_read(in, &(b->data[len]), want); + if (i <= 0) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, + ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + /* + * This can't overflow because |len+want| didn't + * overflow. + */ + len += i; + want -= i; + } + } + if (off + c.slen < off) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } + off += c.slen; + if (eos <= 0) { + break; + } else + want = HEADER_SIZE; + } + } - if (off > INT_MAX) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); - goto err; - } + if (off > INT_MAX) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } - *pb = b; - return off; -err: - if (b != NULL) BUF_MEM_free(b); - return -1; - } + *pb = b; + return off; + err: + if (b != NULL) + BUF_MEM_free(b); + return -1; +} diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index cbdeea6ac07d..7cbc4751cd81 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -73,41 +73,39 @@ #ifndef NO_ASN1_OLD int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len) - { - int i; - unsigned char *str,*p; + unsigned char *md, unsigned int *len) +{ + int i; + unsigned char *str, *p; - i=i2d(data,NULL); - if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) - { - ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); - return(0); - } - p=str; - i2d(data,&p); + i = i2d(data, NULL); + if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { + ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); + return (0); + } + p = str; + i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) - return 0; - OPENSSL_free(str); - return(1); - } + if (!EVP_Digest(str, i, md, len, type, NULL)) + return 0; + OPENSSL_free(str); + return (1); +} #endif - int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - unsigned char *md, unsigned int *len) - { - int i; - unsigned char *str = NULL; - - i=ASN1_item_i2d(asn,&str, it); - if (!str) return(0); + unsigned char *md, unsigned int *len) +{ + int i; + unsigned char *str = NULL; - if (!EVP_Digest(str, i, md, len, type, NULL)) - return 0; - OPENSSL_free(str); - return(1); - } + i = ASN1_item_i2d(asn, &str, it); + if (!str) + return (0); + if (!EVP_Digest(str, i, md, len, type, NULL)) + return 0; + OPENSSL_free(str); + return (1); +} diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c index d98992548ab1..349ab5621377 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,47 +63,55 @@ #ifndef NO_OLD_ASN1 void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) - { - unsigned char *b,*p; - const unsigned char *p2; - int i; - char *ret; +{ + unsigned char *b, *p; + const unsigned char *p2; + int i; + char *ret; - if (x == NULL) return(NULL); + if (x == NULL) + return (NULL); - i=i2d(x,NULL); - b=OPENSSL_malloc(i+10); - if (b == NULL) - { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } - p= b; - i=i2d(x,&p); - p2= b; - ret=d2i(NULL,&p2,i); - OPENSSL_free(b); - return(ret); - } + i = i2d(x, NULL); + b = OPENSSL_malloc(i + 10); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + i = i2d(x, &p); + p2 = b; + ret = d2i(NULL, &p2, i); + OPENSSL_free(b); + return (ret); +} #endif -/* ASN1_ITEM version of dup: this follows the model above except we don't need - * to allocate the buffer. At some point this could be rewritten to directly dup - * the underlying structure instead of doing and encode and decode. +/* + * ASN1_ITEM version of dup: this follows the model above except we don't + * need to allocate the buffer. At some point this could be rewritten to + * directly dup the underlying structure instead of doing and encode and + * decode. */ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) - { - unsigned char *b = NULL; - const unsigned char *p; - long i; - void *ret; +{ + unsigned char *b = NULL; + const unsigned char *p; + long i; + void *ret; - if (x == NULL) return(NULL); + if (x == NULL) + return (NULL); - i=ASN1_item_i2d(x,&b,it); - if (b == NULL) - { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } - p= b; - ret=ASN1_item_d2i(NULL,&p,i, it); - OPENSSL_free(b); - return(ret); - } + i = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + ret = ASN1_item_d2i(NULL, &p, i, it); + OPENSSL_free(b); + return (ret); +} diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index fe9aa13b9cd5..c3498ac99c71 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,122 +61,121 @@ #include <openssl/asn1.h> #include <openssl/bn.h> -/* +/* * Code for ENUMERATED type: identical to INTEGER apart from a different tag. * for comments on encoding see a_int.c */ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) - { - int j,k; - unsigned int i; - unsigned char buf[sizeof(long)+1]; - long d; +{ + int j, k; + unsigned int i; + unsigned char buf[sizeof(long) + 1]; + long d; - a->type=V_ASN1_ENUMERATED; - if (a->length < (int)(sizeof(long)+1)) - { - if (a->data != NULL) - OPENSSL_free(a->data); - if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) - memset((char *)a->data,0,sizeof(long)+1); - } - if (a->data == NULL) - { - ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - d=v; - if (d < 0) - { - d= -d; - a->type=V_ASN1_NEG_ENUMERATED; - } + a->type = V_ASN1_ENUMERATED; + if (a->length < (int)(sizeof(long) + 1)) { + if (a->data != NULL) + OPENSSL_free(a->data); + if ((a->data = + (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) + memset((char *)a->data, 0, sizeof(long) + 1); + } + if (a->data == NULL) { + ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); + return (0); + } + d = v; + if (d < 0) { + d = -d; + a->type = V_ASN1_NEG_ENUMERATED; + } - for (i=0; i<sizeof(long); i++) - { - if (d == 0) break; - buf[i]=(int)d&0xff; - d>>=8; - } - j=0; - for (k=i-1; k >=0; k--) - a->data[j++]=buf[k]; - a->length=j; - return(1); - } + for (i = 0; i < sizeof(long); i++) { + if (d == 0) + break; + buf[i] = (int)d & 0xff; + d >>= 8; + } + j = 0; + for (k = i - 1; k >= 0; k--) + a->data[j++] = buf[k]; + a->length = j; + return (1); +} long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) - { - int neg=0,i; - long r=0; +{ + int neg = 0, i; + long r = 0; + + if (a == NULL) + return (0L); + i = a->type; + if (i == V_ASN1_NEG_ENUMERATED) + neg = 1; + else if (i != V_ASN1_ENUMERATED) + return -1; - if (a == NULL) return(0L); - i=a->type; - if (i == V_ASN1_NEG_ENUMERATED) - neg=1; - else if (i != V_ASN1_ENUMERATED) - return -1; - - if (a->length > (int)sizeof(long)) - { - /* hmm... a bit ugly */ - return(0xffffffffL); - } - if (a->data == NULL) - return 0; + if (a->length > (int)sizeof(long)) { + /* hmm... a bit ugly */ + return (0xffffffffL); + } + if (a->data == NULL) + return 0; - for (i=0; i<a->length; i++) - { - r<<=8; - r|=(unsigned char)a->data[i]; - } - if (neg) r= -r; - return(r); - } + for (i = 0; i < a->length; i++) { + r <<= 8; + r |= (unsigned char)a->data[i]; + } + if (neg) + r = -r; + return (r); +} ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) - { - ASN1_ENUMERATED *ret; - int len,j; +{ + ASN1_ENUMERATED *ret; + int len, j; - if (ai == NULL) - ret=M_ASN1_ENUMERATED_new(); - else - ret=ai; - if (ret == NULL) - { - ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); - goto err; - } - if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; - else ret->type=V_ASN1_ENUMERATED; - j=BN_num_bits(bn); - len=((j == 0)?0:((j/8)+1)); - if (ret->length < len+4) - { - unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); - if (!new_data) - { - ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data=new_data; - } + if (ai == NULL) + ret = M_ASN1_ENUMERATED_new(); + else + ret = ai; + if (ret == NULL) { + ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_ENUMERATED; + else + ret->type = V_ASN1_ENUMERATED; + j = BN_num_bits(bn); + len = ((j == 0) ? 0 : ((j / 8) + 1)); + if (ret->length < len + 4) { + unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); + if (!new_data) { + ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data = new_data; + } - ret->length=BN_bn2bin(bn,ret->data); - return(ret); -err: - if (ret != ai) M_ASN1_ENUMERATED_free(ret); - return(NULL); - } + ret->length = BN_bn2bin(bn, ret->data); + return (ret); + err: + if (ret != ai) + M_ASN1_ENUMERATED_free(ret); + return (NULL); +} BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) - { - BIGNUM *ret; +{ + BIGNUM *ret; - if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); - return(ret); - } + if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) + ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); + else if (ai->type == V_ASN1_NEG_ENUMERATED) + BN_set_negative(ret, 1); + return (ret); +} diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index c79c6f538cdc..8b3ef716e334 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,14 +49,16 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ +/* + * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME + */ #include <stdio.h> #include <time.h> @@ -67,197 +69,202 @@ #if 0 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) - { -#ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING tmpstr = *(ASN1_STRING *)a; - - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; +{ +# ifdef CHARSET_EBCDIC + /* KLUDGE! We convert to ascii before writing DER */ + int len; + char tmp[24]; + ASN1_STRING tmpstr = *(ASN1_STRING *)a; - a = (ASN1_GENERALIZEDTIME *) &tmpstr; -#endif - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL)); - } + len = tmpstr.length; + ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); + tmpstr.data = tmp; + a = (ASN1_GENERALIZEDTIME *)&tmpstr; +# endif + return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, + V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); +} ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, - unsigned char **pp, long length) - { - ASN1_GENERALIZEDTIME *ret=NULL; + unsigned char **pp, + long length) +{ + ASN1_GENERALIZEDTIME *ret = NULL; - ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, - V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); - if (ret == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); - return(NULL); - } -#ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -#endif - if (!ASN1_GENERALIZEDTIME_check(ret)) - { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); - goto err; - } + ret = + (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, + V_ASN1_GENERALIZEDTIME, + V_ASN1_UNIVERSAL); + if (ret == NULL) { + ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); + return (NULL); + } +# ifdef CHARSET_EBCDIC + ascii2ebcdic(ret->data, ret->data, ret->length); +# endif + if (!ASN1_GENERALIZEDTIME_check(ret)) { + ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); + goto err; + } - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_GENERALIZEDTIME_free(ret); - return(NULL); - } + return (ret); + err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_GENERALIZEDTIME_free(ret); + return (NULL); +} #endif int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) - { - static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; - static const int max[9]={99, 99,12,31,23,59,59,12,59}; - char *a; - int n,i,l,o; +{ + static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; + static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; + char *a; + int n, i, l, o; - if (d->type != V_ASN1_GENERALIZEDTIME) return(0); - l=d->length; - a=(char *)d->data; - o=0; - /* GENERALIZEDTIME is similar to UTCTIME except the year is - * represented as YYYY. This stuff treats everything as a two digit - * field so make first two fields 00 to 99 - */ - if (l < 13) goto err; - for (i=0; i<7; i++) - { - if ((i == 6) && ((a[o] == 'Z') || - (a[o] == '+') || (a[o] == '-'))) - { i++; break; } - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - if (++o > l) goto err; + if (d->type != V_ASN1_GENERALIZEDTIME) + return (0); + l = d->length; + a = (char *)d->data; + o = 0; + /* + * GENERALIZEDTIME is similar to UTCTIME except the year is represented + * as YYYY. This stuff treats everything as a two digit field so make + * first two fields 00 to 99 + */ + if (l < 13) + goto err; + for (i = 0; i < 7; i++) { + if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + i++; + break; + } + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = a[o] - '0'; + if (++o > l) + goto err; - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if (++o > l) goto err; + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = (n * 10) + a[o] - '0'; + if (++o > l) + goto err; - if ((n < min[i]) || (n > max[i])) goto err; - } - /* Optional fractional seconds: decimal point followed by one - * or more digits. - */ - if (a[o] == '.') - { - if (++o > l) goto err; - i = o; - while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) - o++; - /* Must have at least one digit after decimal point */ - if (i == o) goto err; - } + if ((n < min[i]) || (n > max[i])) + goto err; + } + /* + * Optional fractional seconds: decimal point followed by one or more + * digits. + */ + if (a[o] == '.') { + if (++o > l) + goto err; + i = o; + while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) + o++; + /* Must have at least one digit after decimal point */ + if (i == o) + goto err; + } - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) - { - o++; - if (o+4 > l) goto err; - for (i=7; i<9; i++) - { - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if ((n < min[i]) || (n > max[i])) goto err; - o++; - } - } - else - { - /* Missing time zone information. */ - goto err; - } - return(o == l); -err: - return(0); - } + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) { + o++; + if (o + 4 > l) + goto err; + for (i = 7; i < 9; i++) { + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = a[o] - '0'; + o++; + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = (n * 10) + a[o] - '0'; + if ((n < min[i]) || (n > max[i])) + goto err; + o++; + } + } else { + /* Missing time zone information. */ + goto err; + } + return (o == l); + err: + return (0); +} int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) - { - ASN1_GENERALIZEDTIME t; +{ + ASN1_GENERALIZEDTIME t; - t.type=V_ASN1_GENERALIZEDTIME; - t.length=strlen(str); - t.data=(unsigned char *)str; - if (ASN1_GENERALIZEDTIME_check(&t)) - { - if (s != NULL) - { - if (!ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length)) - return 0; - s->type=V_ASN1_GENERALIZEDTIME; - } - return(1); - } - else - return(0); - } + t.type = V_ASN1_GENERALIZEDTIME; + t.length = strlen(str); + t.data = (unsigned char *)str; + if (ASN1_GENERALIZEDTIME_check(&t)) { + if (s != NULL) { + if (!ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str, t.length)) + return 0; + s->type = V_ASN1_GENERALIZEDTIME; + } + return (1); + } else + return (0); +} ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t) - { - return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); - } + time_t t) +{ + return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); +} ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - time_t t, int offset_day, long offset_sec) - { - char *p; - struct tm *ts; - struct tm data; - size_t len = 20; + time_t t, int offset_day, + long offset_sec) +{ + char *p; + struct tm *ts; + struct tm data; + size_t len = 20; - if (s == NULL) - s=M_ASN1_GENERALIZEDTIME_new(); - if (s == NULL) - return(NULL); + if (s == NULL) + s = M_ASN1_GENERALIZEDTIME_new(); + if (s == NULL) + return (NULL); - ts=OPENSSL_gmtime(&t, &data); - if (ts == NULL) - return(NULL); + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) + return (NULL); - if (offset_day || offset_sec) - { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; - } + if (offset_day || offset_sec) { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } - p=(char *)s->data; - if ((p == NULL) || ((size_t)s->length < len)) - { - p=OPENSSL_malloc(len); - if (p == NULL) - { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, - ERR_R_MALLOC_FAILURE); - return(NULL); - } - if (s->data != NULL) - OPENSSL_free(s->data); - s->data=(unsigned char *)p; - } + p = (char *)s->data; + if ((p == NULL) || ((size_t)s->length < len)) { + p = OPENSSL_malloc(len); + if (p == NULL) { + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); + return (NULL); + } + if (s->data != NULL) + OPENSSL_free(s->data); + s->data = (unsigned char *)p; + } - BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); - s->length=strlen(p); - s->type=V_ASN1_GENERALIZEDTIME; + BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, + ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); + s->length = strlen(p); + s->type = V_ASN1_GENERALIZEDTIME; #ifdef CHARSET_EBCDIC_not - ebcdic2ascii(s->data, s->data, s->length); + ebcdic2ascii(s->data, s->data, s->length); #endif - return(s); - } + return (s); +} diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c index a3ad76d35687..0f56cd4e0745 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,101 +63,95 @@ #ifndef NO_OLD_ASN1 -#ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_FP_API int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) - { - BIO *b; - int ret; +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,out,BIO_NOCLOSE); - ret=ASN1_i2d_bio(i2d,b,x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_i2d_bio(i2d, b, x); + BIO_free(b); + return (ret); +} +# endif int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) - { - char *b; - unsigned char *p; - int i,j=0,n,ret=1; +{ + char *b; + unsigned char *p; + int i, j = 0, n, ret = 1; + + n = i2d(x, NULL); + b = (char *)OPENSSL_malloc(n); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); + return (0); + } - n=i2d(x,NULL); - b=(char *)OPENSSL_malloc(n); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); - return(0); - } + p = (unsigned char *)b; + i2d(x, &p); - p=(unsigned char *)b; - i2d(x,&p); - - for (;;) - { - i=BIO_write(out,&(b[j]),n); - if (i == n) break; - if (i <= 0) - { - ret=0; - break; - } - j+=i; - n-=i; - } - OPENSSL_free(b); - return(ret); - } + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + OPENSSL_free(b); + return (ret); +} #endif #ifndef OPENSSL_NO_FP_API int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) - { - BIO *b; - int ret; +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,out,BIO_NOCLOSE); - ret=ASN1_item_i2d_bio(it,b,x); - BIO_free(b); - return(ret); - } + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_item_i2d_bio(it, b, x); + BIO_free(b); + return (ret); +} #endif int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) - { - unsigned char *b = NULL; - int i,j=0,n,ret=1; +{ + unsigned char *b = NULL; + int i, j = 0, n, ret = 1; - n = ASN1_item_i2d(x, &b, it); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); - return(0); - } + n = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); + return (0); + } - for (;;) - { - i=BIO_write(out,&(b[j]),n); - if (i == n) break; - if (i <= 0) - { - ret=0; - break; - } - j+=i; - n-=i; - } - OPENSSL_free(b); - return(ret); - } + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + OPENSSL_free(b); + return (ret); +} diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 297c45a9ff12..70c2b8e62c43 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,45 +62,45 @@ #include <openssl/bn.h> ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) -{ return M_ASN1_INTEGER_dup(x);} +{ + return M_ASN1_INTEGER_dup(x); +} int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) - { - int neg, ret; - /* Compare signs */ - neg = x->type & V_ASN1_NEG; - if (neg != (y->type & V_ASN1_NEG)) - { - if (neg) - return -1; - else - return 1; - } - - ret = ASN1_STRING_cmp(x, y); - - if (neg) - return -ret; - else - return ret; - } - - -/* +{ + int neg, ret; + /* Compare signs */ + neg = x->type & V_ASN1_NEG; + if (neg != (y->type & V_ASN1_NEG)) { + if (neg) + return -1; + else + return 1; + } + + ret = ASN1_STRING_cmp(x, y); + + if (neg) + return -ret; + else + return ret; +} + +/*- * This converts an ASN1 INTEGER into its content encoding. * The internal representation is an ASN1_STRING whose data is a big endian * representation of the value, ignoring the sign. The sign is determined by - * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. * * Positive integers are no problem: they are almost the same as the DER * encoding, except if the first byte is >= 0x80 we need to add a zero pad. * * Negative integers are a bit trickier... * The DER representation of negative integers is in 2s complement form. - * The internal form is converted by complementing each octet and finally + * The internal form is converted by complementing each octet and finally * adding one to the result. This can be done less messily with a little trick. * If the internal form has trailing zeroes then they will become FF by the - * complement and 0 by the add one (due to carry) so just copy as many trailing + * complement and 0 by the add one (due to carry) so just copy as many trailing * zeros to the destination as there are in the source. The carry will add one * to the last none zero octet: so complement this octet and add one and finally * complement any left over until you get to the start of the string. @@ -112,347 +112,351 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) */ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) - { - int pad=0,ret,i,neg; - unsigned char *p,*n,pb=0; - - if (a == NULL) return(0); - neg=a->type & V_ASN1_NEG; - if (a->length == 0) - ret=1; - else - { - ret=a->length; - i=a->data[0]; - if (!neg && (i > 127)) { - pad=1; - pb=0; - } else if(neg) { - if(i>128) { - pad=1; - pb=0xFF; - } else if(i == 128) { - /* - * Special case: if any other bytes non zero we pad: - * otherwise we don't. - */ - for(i = 1; i < a->length; i++) if(a->data[i]) { - pad=1; - pb=0xFF; - break; - } - } - } - ret+=pad; - } - if (pp == NULL) return(ret); - p= *pp; - - if (pad) *(p++)=pb; - if (a->length == 0) *(p++)=0; - else if (!neg) memcpy(p,a->data,(unsigned int)a->length); - else { - /* Begin at the end of the encoding */ - n=a->data + a->length - 1; - p += a->length - 1; - i = a->length; - /* Copy zeros to destination as long as source is zero */ - while(!*n) { - *(p--) = 0; - n--; - i--; - } - /* Complement and increment next octet */ - *(p--) = ((*(n--)) ^ 0xff) + 1; - i--; - /* Complement any octets left */ - for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; - } - - *pp+=ret; - return(ret); - } +{ + int pad = 0, ret, i, neg; + unsigned char *p, *n, pb = 0; + + if (a == NULL) + return (0); + neg = a->type & V_ASN1_NEG; + if (a->length == 0) + ret = 1; + else { + ret = a->length; + i = a->data[0]; + if (!neg && (i > 127)) { + pad = 1; + pb = 0; + } else if (neg) { + if (i > 128) { + pad = 1; + pb = 0xFF; + } else if (i == 128) { + /* + * Special case: if any other bytes non zero we pad: + * otherwise we don't. + */ + for (i = 1; i < a->length; i++) + if (a->data[i]) { + pad = 1; + pb = 0xFF; + break; + } + } + } + ret += pad; + } + if (pp == NULL) + return (ret); + p = *pp; + + if (pad) + *(p++) = pb; + if (a->length == 0) + *(p++) = 0; + else if (!neg) + memcpy(p, a->data, (unsigned int)a->length); + else { + /* Begin at the end of the encoding */ + n = a->data + a->length - 1; + p += a->length - 1; + i = a->length; + /* Copy zeros to destination as long as source is zero */ + while (!*n) { + *(p--) = 0; + n--; + i--; + } + /* Complement and increment next octet */ + *(p--) = ((*(n--)) ^ 0xff) + 1; + i--; + /* Complement any octets left */ + for (; i > 0; i--) + *(p--) = *(n--) ^ 0xff; + } + + *pp += ret; + return (ret); +} /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) - { - ASN1_INTEGER *ret=NULL; - const unsigned char *p, *pend; - unsigned char *to,*s; - int i; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); - - p= *pp; - pend = p + len; - - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - to=s; - if(!len) { - /* Strictly speaking this is an illegal INTEGER but we - * tolerate it. - */ - ret->type=V_ASN1_INTEGER; - } else if (*p & 0x80) /* a negative number */ - { - ret->type=V_ASN1_NEG_INTEGER; - if ((*p == 0xff) && (len != 1)) { - p++; - len--; - } - i = len; - p += i - 1; - to += i - 1; - while((!*p) && i) { - *(to--) = 0; - i--; - p--; - } - /* Special case: if all zeros then the number will be of - * the form FF followed by n zero bytes: this corresponds to - * 1 followed by n zero bytes. We've already written n zeros - * so we just append an extra one and set the first byte to - * a 1. This is treated separately because it is the only case - * where the number of bytes is larger than len. - */ - if(!i) { - *s = 1; - s[len] = 0; - len++; - } else { - *(to--) = (*(p--) ^ 0xff) + 1; - i--; - for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; - } - } else { - ret->type=V_ASN1_INTEGER; - if ((*p == 0) && (len != 1)) - { - p++; - len--; - } - memcpy(s,p,(int)len); - } - - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=pend; - return(ret); -err: - ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } - - -/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of - * ASN1 integers: some broken software can encode a positive INTEGER - * with its MSB set as negative (it doesn't add a padding zero). + long len) +{ + ASN1_INTEGER *ret = NULL; + const unsigned char *p, *pend; + unsigned char *to, *s; + int i; + + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = M_ASN1_INTEGER_new()) == NULL) + return (NULL); + ret->type = V_ASN1_INTEGER; + } else + ret = (*a); + + p = *pp; + pend = p + len; + + /* + * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies + * a missing NULL parameter. + */ + s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + to = s; + if (!len) { + /* + * Strictly speaking this is an illegal INTEGER but we tolerate it. + */ + ret->type = V_ASN1_INTEGER; + } else if (*p & 0x80) { /* a negative number */ + ret->type = V_ASN1_NEG_INTEGER; + if ((*p == 0xff) && (len != 1)) { + p++; + len--; + } + i = len; + p += i - 1; + to += i - 1; + while ((!*p) && i) { + *(to--) = 0; + i--; + p--; + } + /* + * Special case: if all zeros then the number will be of the form FF + * followed by n zero bytes: this corresponds to 1 followed by n zero + * bytes. We've already written n zeros so we just append an extra + * one and set the first byte to a 1. This is treated separately + * because it is the only case where the number of bytes is larger + * than len. + */ + if (!i) { + *s = 1; + s[len] = 0; + len++; + } else { + *(to--) = (*(p--) ^ 0xff) + 1; + i--; + for (; i > 0; i--) + *(to--) = *(p--) ^ 0xff; + } + } else { + ret->type = V_ASN1_INTEGER; + if ((*p == 0) && (len != 1)) { + p++; + len--; + } + memcpy(s, p, (int)len); + } + + if (ret->data != NULL) + OPENSSL_free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) + (*a) = ret; + *pp = pend; + return (ret); + err: + ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return (NULL); +} + +/* + * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1 + * integers: some broken software can encode a positive INTEGER with its MSB + * set as negative (it doesn't add a padding zero). */ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length) - { - ASN1_INTEGER *ret=NULL; - const unsigned char *p; - unsigned char *s; - long len; - int inf,tag,xclass; - int i; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); - - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_INTEGER) - { - i=ASN1_R_EXPECTING_AN_INTEGER; - goto err; - } - - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - ret->type=V_ASN1_INTEGER; - if(len) { - if ((*p == 0) && (len != 1)) - { - p++; - len--; - } - memcpy(s,p,(int)len); - p+=len; - } - - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } + long length) +{ + ASN1_INTEGER *ret = NULL; + const unsigned char *p; + unsigned char *s; + long len; + int inf, tag, xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = M_ASN1_INTEGER_new()) == NULL) + return (NULL); + ret->type = V_ASN1_INTEGER; + } else + ret = (*a); + + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_INTEGER) { + i = ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } + + /* + * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies + * a missing NULL parameter. + */ + s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + ret->type = V_ASN1_INTEGER; + if (len) { + if ((*p == 0) && (len != 1)) { + p++; + len--; + } + memcpy(s, p, (int)len); + p += len; + } + + if (ret->data != NULL) + OPENSSL_free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return (NULL); +} int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) - { - int j,k; - unsigned int i; - unsigned char buf[sizeof(long)+1]; - long d; - - a->type=V_ASN1_INTEGER; - if (a->length < (int)(sizeof(long)+1)) - { - if (a->data != NULL) - OPENSSL_free(a->data); - if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) - memset((char *)a->data,0,sizeof(long)+1); - } - if (a->data == NULL) - { - ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - d=v; - if (d < 0) - { - d= -d; - a->type=V_ASN1_NEG_INTEGER; - } - - for (i=0; i<sizeof(long); i++) - { - if (d == 0) break; - buf[i]=(int)d&0xff; - d>>=8; - } - j=0; - for (k=i-1; k >=0; k--) - a->data[j++]=buf[k]; - a->length=j; - return(1); - } +{ + int j, k; + unsigned int i; + unsigned char buf[sizeof(long) + 1]; + long d; + + a->type = V_ASN1_INTEGER; + if (a->length < (int)(sizeof(long) + 1)) { + if (a->data != NULL) + OPENSSL_free(a->data); + if ((a->data = + (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) + memset((char *)a->data, 0, sizeof(long) + 1); + } + if (a->data == NULL) { + ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); + return (0); + } + d = v; + if (d < 0) { + d = -d; + a->type = V_ASN1_NEG_INTEGER; + } + + for (i = 0; i < sizeof(long); i++) { + if (d == 0) + break; + buf[i] = (int)d & 0xff; + d >>= 8; + } + j = 0; + for (k = i - 1; k >= 0; k--) + a->data[j++] = buf[k]; + a->length = j; + return (1); +} long ASN1_INTEGER_get(const ASN1_INTEGER *a) - { - int neg=0,i; - long r=0; - - if (a == NULL) return(0L); - i=a->type; - if (i == V_ASN1_NEG_INTEGER) - neg=1; - else if (i != V_ASN1_INTEGER) - return -1; - - if (a->length > (int)sizeof(long)) - { - /* hmm... a bit ugly, return all ones */ - return -1; - } - if (a->data == NULL) - return 0; - - for (i=0; i<a->length; i++) - { - r<<=8; - r|=(unsigned char)a->data[i]; - } - if (neg) r= -r; - return(r); - } +{ + int neg = 0, i; + long r = 0; + + if (a == NULL) + return (0L); + i = a->type; + if (i == V_ASN1_NEG_INTEGER) + neg = 1; + else if (i != V_ASN1_INTEGER) + return -1; + + if (a->length > (int)sizeof(long)) { + /* hmm... a bit ugly, return all ones */ + return -1; + } + if (a->data == NULL) + return 0; + + for (i = 0; i < a->length; i++) { + r <<= 8; + r |= (unsigned char)a->data[i]; + } + if (neg) + r = -r; + return (r); +} ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) - { - ASN1_INTEGER *ret; - int len,j; - - if (ai == NULL) - ret=M_ASN1_INTEGER_new(); - else - ret=ai; - if (ret == NULL) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); - goto err; - } - if (BN_is_negative(bn)) - ret->type = V_ASN1_NEG_INTEGER; - else ret->type=V_ASN1_INTEGER; - j=BN_num_bits(bn); - len=((j == 0)?0:((j/8)+1)); - if (ret->length < len+4) - { - unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); - if (!new_data) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data=new_data; - } - ret->length=BN_bn2bin(bn,ret->data); - /* Correct zero case */ - if(!ret->length) - { - ret->data[0] = 0; - ret->length = 1; - } - return(ret); -err: - if (ret != ai) M_ASN1_INTEGER_free(ret); - return(NULL); - } +{ + ASN1_INTEGER *ret; + int len, j; + + if (ai == NULL) + ret = M_ASN1_INTEGER_new(); + else + ret = ai; + if (ret == NULL) { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_INTEGER; + else + ret->type = V_ASN1_INTEGER; + j = BN_num_bits(bn); + len = ((j == 0) ? 0 : ((j / 8) + 1)); + if (ret->length < len + 4) { + unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); + if (!new_data) { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data = new_data; + } + ret->length = BN_bn2bin(bn, ret->data); + /* Correct zero case */ + if (!ret->length) { + ret->data[0] = 0; + ret->length = 1; + } + return (ret); + err: + if (ret != ai) + M_ASN1_INTEGER_free(ret); + return (NULL); +} BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) - { - BIGNUM *ret; +{ + BIGNUM *ret; - if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_INTEGER) - BN_set_negative(ret, 1); - return(ret); - } + if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) + ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); + else if (ai->type == V_ASN1_NEG_INTEGER) + BN_set_negative(ret, 1); + return (ret); +} IMPLEMENT_STACK_OF(ASN1_INTEGER) + IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 1538e0a4fc25..6935efe09fb5 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -1,6 +1,7 @@ /* a_mbstr.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,7 +63,8 @@ #include <openssl/asn1.h> static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc)(unsigned long value, void *in), void *arg); + int (*rfunc) (unsigned long value, void *in), + void *arg); static int in_utf8(unsigned long value, void *arg); static int out_utf8(unsigned long value, void *arg); static int type_str(unsigned long value, void *arg); @@ -72,212 +74,221 @@ static int cpy_univ(unsigned long value, void *arg); static int cpy_utf8(unsigned long value, void *arg); static int is_printable(unsigned long value); -/* These functions take a string in UTF8, ASCII or multibyte form and - * a mask of permissible ASN1 string types. It then works out the minimal - * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) - * and creates a string of the correct type with the supplied data. - * Yes this is horrible: it has to be :-( - * The 'ncopy' form checks minimum and maximum size limits too. +/* + * These functions take a string in UTF8, ASCII or multibyte form and a mask + * of permissible ASN1 string types. It then works out the minimal type + * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and + * creates a string of the correct type with the supplied data. Yes this is + * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum + * size limits too. */ int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask) + int inform, unsigned long mask) { - return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); + return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); } int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize) + int inform, unsigned long mask, + long minsize, long maxsize) { - int str_type; - int ret; - char free_out; - int outform, outlen = 0; - ASN1_STRING *dest; - unsigned char *p; - int nchar; - char strbuf[32]; - int (*cpyfunc)(unsigned long,void *) = NULL; - if(len == -1) len = strlen((const char *)in); - if(!mask) mask = DIRSTRING_TYPE; - - /* First do a string check and work out the number of characters */ - switch(inform) { - - case MBSTRING_BMP: - if(len & 1) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ASN1_R_INVALID_BMPSTRING_LENGTH); - return -1; - } - nchar = len >> 1; - break; - - case MBSTRING_UNIV: - if(len & 3) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); - return -1; - } - nchar = len >> 2; - break; - - case MBSTRING_UTF8: - nchar = 0; - /* This counts the characters and does utf8 syntax checking */ - ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); - if(ret < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ASN1_R_INVALID_UTF8STRING); - return -1; - } - break; - - case MBSTRING_ASC: - nchar = len; - break; - - default: - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); - return -1; - } - - if((minsize > 0) && (nchar < minsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); - ERR_add_error_data(2, "minsize=", strbuf); - return -1; - } - - if((maxsize > 0) && (nchar > maxsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); - ERR_add_error_data(2, "maxsize=", strbuf); - return -1; - } - - /* Now work out minimal type (if any) */ - if(traverse_string(in, len, inform, type_str, &mask) < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); - return -1; - } - - - /* Now work out output format and string type */ - outform = MBSTRING_ASC; - if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; - else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; - else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; - else if(mask & B_ASN1_BMPSTRING) { - str_type = V_ASN1_BMPSTRING; - outform = MBSTRING_BMP; - } else if(mask & B_ASN1_UNIVERSALSTRING) { - str_type = V_ASN1_UNIVERSALSTRING; - outform = MBSTRING_UNIV; - } else { - str_type = V_ASN1_UTF8STRING; - outform = MBSTRING_UTF8; - } - if(!out) return str_type; - if(*out) { - free_out = 0; - dest = *out; - if(dest->data) { - dest->length = 0; - OPENSSL_free(dest->data); - dest->data = NULL; - } - dest->type = str_type; - } else { - free_out = 1; - dest = ASN1_STRING_type_new(str_type); - if(!dest) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ERR_R_MALLOC_FAILURE); - return -1; - } - *out = dest; - } - /* If both the same type just copy across */ - if(inform == outform) { - if(!ASN1_STRING_set(dest, in, len)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); - return -1; - } - return str_type; - } - - /* Work out how much space the destination will need */ - switch(outform) { - case MBSTRING_ASC: - outlen = nchar; - cpyfunc = cpy_asc; - break; - - case MBSTRING_BMP: - outlen = nchar << 1; - cpyfunc = cpy_bmp; - break; - - case MBSTRING_UNIV: - outlen = nchar << 2; - cpyfunc = cpy_univ; - break; - - case MBSTRING_UTF8: - outlen = 0; - traverse_string(in, len, inform, out_utf8, &outlen); - cpyfunc = cpy_utf8; - break; - } - if(!(p = OPENSSL_malloc(outlen + 1))) { - if(free_out) ASN1_STRING_free(dest); - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); - return -1; - } - dest->length = outlen; - dest->data = p; - p[outlen] = 0; - traverse_string(in, len, inform, cpyfunc, &p); - return str_type; + int str_type; + int ret; + char free_out; + int outform, outlen = 0; + ASN1_STRING *dest; + unsigned char *p; + int nchar; + char strbuf[32]; + int (*cpyfunc) (unsigned long, void *) = NULL; + if (len == -1) + len = strlen((const char *)in); + if (!mask) + mask = DIRSTRING_TYPE; + + /* First do a string check and work out the number of characters */ + switch (inform) { + + case MBSTRING_BMP: + if (len & 1) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, + ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + nchar = len >> 1; + break; + + case MBSTRING_UNIV: + if (len & 3) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, + ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + nchar = len >> 2; + break; + + case MBSTRING_UTF8: + nchar = 0; + /* This counts the characters and does utf8 syntax checking */ + ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); + if (ret < 0) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); + return -1; + } + break; + + case MBSTRING_ASC: + nchar = len; + break; + + default: + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); + return -1; + } + + if ((minsize > 0) && (nchar < minsize)) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); + ERR_add_error_data(2, "minsize=", strbuf); + return -1; + } + + if ((maxsize > 0) && (nchar > maxsize)) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); + ERR_add_error_data(2, "maxsize=", strbuf); + return -1; + } + + /* Now work out minimal type (if any) */ + if (traverse_string(in, len, inform, type_str, &mask) < 0) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); + return -1; + } + + /* Now work out output format and string type */ + outform = MBSTRING_ASC; + if (mask & B_ASN1_PRINTABLESTRING) + str_type = V_ASN1_PRINTABLESTRING; + else if (mask & B_ASN1_IA5STRING) + str_type = V_ASN1_IA5STRING; + else if (mask & B_ASN1_T61STRING) + str_type = V_ASN1_T61STRING; + else if (mask & B_ASN1_BMPSTRING) { + str_type = V_ASN1_BMPSTRING; + outform = MBSTRING_BMP; + } else if (mask & B_ASN1_UNIVERSALSTRING) { + str_type = V_ASN1_UNIVERSALSTRING; + outform = MBSTRING_UNIV; + } else { + str_type = V_ASN1_UTF8STRING; + outform = MBSTRING_UTF8; + } + if (!out) + return str_type; + if (*out) { + free_out = 0; + dest = *out; + if (dest->data) { + dest->length = 0; + OPENSSL_free(dest->data); + dest->data = NULL; + } + dest->type = str_type; + } else { + free_out = 1; + dest = ASN1_STRING_type_new(str_type); + if (!dest) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + return -1; + } + *out = dest; + } + /* If both the same type just copy across */ + if (inform == outform) { + if (!ASN1_STRING_set(dest, in, len)) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + return -1; + } + return str_type; + } + + /* Work out how much space the destination will need */ + switch (outform) { + case MBSTRING_ASC: + outlen = nchar; + cpyfunc = cpy_asc; + break; + + case MBSTRING_BMP: + outlen = nchar << 1; + cpyfunc = cpy_bmp; + break; + + case MBSTRING_UNIV: + outlen = nchar << 2; + cpyfunc = cpy_univ; + break; + + case MBSTRING_UTF8: + outlen = 0; + traverse_string(in, len, inform, out_utf8, &outlen); + cpyfunc = cpy_utf8; + break; + } + if (!(p = OPENSSL_malloc(outlen + 1))) { + if (free_out) + ASN1_STRING_free(dest); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + return -1; + } + dest->length = outlen; + dest->data = p; + p[outlen] = 0; + traverse_string(in, len, inform, cpyfunc, &p); + return str_type; } -/* This function traverses a string and passes the value of each character - * to an optional function along with a void * argument. +/* + * This function traverses a string and passes the value of each character to + * an optional function along with a void * argument. */ static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc)(unsigned long value, void *in), void *arg) + int (*rfunc) (unsigned long value, void *in), + void *arg) { - unsigned long value; - int ret; - while(len) { - if(inform == MBSTRING_ASC) { - value = *p++; - len--; - } else if(inform == MBSTRING_BMP) { - value = *p++ << 8; - value |= *p++; - len -= 2; - } else if(inform == MBSTRING_UNIV) { - value = ((unsigned long)*p++) << 24; - value |= ((unsigned long)*p++) << 16; - value |= *p++ << 8; - value |= *p++; - len -= 4; - } else { - ret = UTF8_getc(p, len, &value); - if(ret < 0) return -1; - len -= ret; - p += ret; - } - if(rfunc) { - ret = rfunc(value, arg); - if(ret <= 0) return ret; - } - } - return 1; + unsigned long value; + int ret; + while (len) { + if (inform == MBSTRING_ASC) { + value = *p++; + len--; + } else if (inform == MBSTRING_BMP) { + value = *p++ << 8; + value |= *p++; + len -= 2; + } else if (inform == MBSTRING_UNIV) { + value = ((unsigned long)*p++) << 24; + value |= ((unsigned long)*p++) << 16; + value |= *p++ << 8; + value |= *p++; + len -= 4; + } else { + ret = UTF8_getc(p, len, &value); + if (ret < 0) + return -1; + len -= ret; + p += ret; + } + if (rfunc) { + ret = rfunc(value, arg); + if (ret <= 0) + return ret; + } + } + return 1; } /* Various utility functions for traverse_string */ @@ -286,115 +297,127 @@ static int traverse_string(const unsigned char *p, int len, int inform, static int in_utf8(unsigned long value, void *arg) { - int *nchar; - nchar = arg; - (*nchar)++; - return 1; + int *nchar; + nchar = arg; + (*nchar)++; + return 1; } /* Determine size of output as a UTF8 String */ static int out_utf8(unsigned long value, void *arg) { - int *outlen; - outlen = arg; - *outlen += UTF8_putc(NULL, -1, value); - return 1; + int *outlen; + outlen = arg; + *outlen += UTF8_putc(NULL, -1, value); + return 1; } -/* Determine the "type" of a string: check each character against a - * supplied "mask". +/* + * Determine the "type" of a string: check each character against a supplied + * "mask". */ static int type_str(unsigned long value, void *arg) { - unsigned long types; - types = *((unsigned long *)arg); - if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) - types &= ~B_ASN1_PRINTABLESTRING; - if((types & B_ASN1_IA5STRING) && (value > 127)) - types &= ~B_ASN1_IA5STRING; - if((types & B_ASN1_T61STRING) && (value > 0xff)) - types &= ~B_ASN1_T61STRING; - if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) - types &= ~B_ASN1_BMPSTRING; - if(!types) return -1; - *((unsigned long *)arg) = types; - return 1; + unsigned long types; + types = *((unsigned long *)arg); + if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) + types &= ~B_ASN1_PRINTABLESTRING; + if ((types & B_ASN1_IA5STRING) && (value > 127)) + types &= ~B_ASN1_IA5STRING; + if ((types & B_ASN1_T61STRING) && (value > 0xff)) + types &= ~B_ASN1_T61STRING; + if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) + types &= ~B_ASN1_BMPSTRING; + if (!types) + return -1; + *((unsigned long *)arg) = types; + return 1; } /* Copy one byte per character ASCII like strings */ static int cpy_asc(unsigned long value, void *arg) { - unsigned char **p, *q; - p = arg; - q = *p; - *q = (unsigned char) value; - (*p)++; - return 1; + unsigned char **p, *q; + p = arg; + q = *p; + *q = (unsigned char)value; + (*p)++; + return 1; } /* Copy two byte per character BMPStrings */ static int cpy_bmp(unsigned long value, void *arg) { - unsigned char **p, *q; - p = arg; - q = *p; - *q++ = (unsigned char) ((value >> 8) & 0xff); - *q = (unsigned char) (value & 0xff); - *p += 2; - return 1; + unsigned char **p, *q; + p = arg; + q = *p; + *q++ = (unsigned char)((value >> 8) & 0xff); + *q = (unsigned char)(value & 0xff); + *p += 2; + return 1; } /* Copy four byte per character UniversalStrings */ static int cpy_univ(unsigned long value, void *arg) { - unsigned char **p, *q; - p = arg; - q = *p; - *q++ = (unsigned char) ((value >> 24) & 0xff); - *q++ = (unsigned char) ((value >> 16) & 0xff); - *q++ = (unsigned char) ((value >> 8) & 0xff); - *q = (unsigned char) (value & 0xff); - *p += 4; - return 1; + unsigned char **p, *q; + p = arg; + q = *p; + *q++ = (unsigned char)((value >> 24) & 0xff); + *q++ = (unsigned char)((value >> 16) & 0xff); + *q++ = (unsigned char)((value >> 8) & 0xff); + *q = (unsigned char)(value & 0xff); + *p += 4; + return 1; } /* Copy to a UTF8String */ static int cpy_utf8(unsigned long value, void *arg) { - unsigned char **p; - int ret; - p = arg; - /* We already know there is enough room so pass 0xff as the length */ - ret = UTF8_putc(*p, 0xff, value); - *p += ret; - return 1; + unsigned char **p; + int ret; + p = arg; + /* We already know there is enough room so pass 0xff as the length */ + ret = UTF8_putc(*p, 0xff, value); + *p += ret; + return 1; } /* Return 1 if the character is permitted in a PrintableString */ static int is_printable(unsigned long value) { - int ch; - if(value > 0x7f) return 0; - ch = (int) value; - /* Note: we can't use 'isalnum' because certain accented - * characters may count as alphanumeric in some environments. - */ + int ch; + if (value > 0x7f) + return 0; + ch = (int)value; + /* + * Note: we can't use 'isalnum' because certain accented characters may + * count as alphanumeric in some environments. + */ #ifndef CHARSET_EBCDIC - if((ch >= 'a') && (ch <= 'z')) return 1; - if((ch >= 'A') && (ch <= 'Z')) return 1; - if((ch >= '0') && (ch <= '9')) return 1; - if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; -#else /*CHARSET_EBCDIC*/ - if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; - if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; - if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; - if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; -#endif /*CHARSET_EBCDIC*/ - return 0; + if ((ch >= 'a') && (ch <= 'z')) + return 1; + if ((ch >= 'A') && (ch <= 'Z')) + return 1; + if ((ch >= '0') && (ch <= '9')) + return 1; + if ((ch == ' ') || strchr("'()+,-./:=?", ch)) + return 1; +#else /* CHARSET_EBCDIC */ + if ((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) + return 1; + if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) + return 1; + if ((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) + return 1; + if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) + return 1; +#endif /* CHARSET_EBCDIC */ + return 0; } diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 77b2768967e3..27f9c1691462 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,351 +65,338 @@ #include <openssl/bn.h> int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) - { - unsigned char *p; - int objsize; +{ + unsigned char *p; + int objsize; - if ((a == NULL) || (a->data == NULL)) return(0); + if ((a == NULL) || (a->data == NULL)) + return (0); - objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); - if (pp == NULL) return objsize; + objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); + if (pp == NULL) + return objsize; - p= *pp; - ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); - memcpy(p,a->data,a->length); - p+=a->length; + p = *pp; + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); + memcpy(p, a->data, a->length); + p += a->length; - *pp=p; - return(objsize); - } + *pp = p; + return (objsize); +} int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) - { - int i,first,len=0,c, use_bn; - char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; - const char *p; - unsigned long l; - BIGNUM *bl = NULL; +{ + int i, first, len = 0, c, use_bn; + char ftmp[24], *tmp = ftmp; + int tmpsize = sizeof ftmp; + const char *p; + unsigned long l; + BIGNUM *bl = NULL; - if (num == 0) - return(0); - else if (num == -1) - num=strlen(buf); + if (num == 0) + return (0); + else if (num == -1) + num = strlen(buf); - p=buf; - c= *(p++); - num--; - if ((c >= '0') && (c <= '2')) - { - first= c-'0'; - } - else - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE); - goto err; - } + p = buf; + c = *(p++); + num--; + if ((c >= '0') && (c <= '2')) { + first = c - '0'; + } else { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); + goto err; + } - if (num <= 0) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); - goto err; - } - c= *(p++); - num--; - for (;;) - { - if (num <= 0) break; - if ((c != '.') && (c != ' ')) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); - goto err; - } - l=0; - use_bn = 0; - for (;;) - { - if (num <= 0) break; - num--; - c= *(p++); - if ((c == ' ') || (c == '.')) - break; - if ((c < '0') || (c > '9')) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); - goto err; - } - if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) - { - use_bn = 1; - if (!bl) - bl = BN_new(); - if (!bl || !BN_set_word(bl, l)) - goto err; - } - if (use_bn) - { - if (!BN_mul_word(bl, 10L) - || !BN_add_word(bl, c-'0')) - goto err; - } - else - l=l*10L+(long)(c-'0'); - } - if (len == 0) - { - if ((first < 2) && (l >= 40)) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); - goto err; - } - if (use_bn) - { - if (!BN_add_word(bl, first * 40)) - goto err; - } - else - l+=(long)first*40; - } - i=0; - if (use_bn) - { - int blsize; - blsize = BN_num_bits(bl); - blsize = (blsize + 6)/7; - if (blsize > tmpsize) - { - if (tmp != ftmp) - OPENSSL_free(tmp); - tmpsize = blsize + 32; - tmp = OPENSSL_malloc(tmpsize); - if (!tmp) - goto err; - } - while(blsize--) - tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); - } - else - { - - for (;;) - { - tmp[i++]=(unsigned char)l&0x7f; - l>>=7L; - if (l == 0L) break; - } + if (num <= 0) { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); + goto err; + } + c = *(p++); + num--; + for (;;) { + if (num <= 0) + break; + if ((c != '.') && (c != ' ')) { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); + goto err; + } + l = 0; + use_bn = 0; + for (;;) { + if (num <= 0) + break; + num--; + c = *(p++); + if ((c == ' ') || (c == '.')) + break; + if ((c < '0') || (c > '9')) { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); + goto err; + } + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { + use_bn = 1; + if (!bl) + bl = BN_new(); + if (!bl || !BN_set_word(bl, l)) + goto err; + } + if (use_bn) { + if (!BN_mul_word(bl, 10L) + || !BN_add_word(bl, c - '0')) + goto err; + } else + l = l * 10L + (long)(c - '0'); + } + if (len == 0) { + if ((first < 2) && (l >= 40)) { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, + ASN1_R_SECOND_NUMBER_TOO_LARGE); + goto err; + } + if (use_bn) { + if (!BN_add_word(bl, first * 40)) + goto err; + } else + l += (long)first *40; + } + i = 0; + if (use_bn) { + int blsize; + blsize = BN_num_bits(bl); + blsize = (blsize + 6) / 7; + if (blsize > tmpsize) { + if (tmp != ftmp) + OPENSSL_free(tmp); + tmpsize = blsize + 32; + tmp = OPENSSL_malloc(tmpsize); + if (!tmp) + goto err; + } + while (blsize--) + tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); + } else { - } - if (out != NULL) - { - if (len+i > olen) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - while (--i > 0) - out[len++]=tmp[i]|0x80; - out[len++]=tmp[0]; - } - else - len+=i; - } - if (tmp != ftmp) - OPENSSL_free(tmp); - if (bl) - BN_free(bl); - return(len); -err: - if (tmp != ftmp) - OPENSSL_free(tmp); - if (bl) - BN_free(bl); - return(0); - } + for (;;) { + tmp[i++] = (unsigned char)l & 0x7f; + l >>= 7L; + if (l == 0L) + break; + } + + } + if (out != NULL) { + if (len + i > olen) { + ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + while (--i > 0) + out[len++] = tmp[i] | 0x80; + out[len++] = tmp[0]; + } else + len += i; + } + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); + return (len); + err: + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); + return (0); +} int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) { - return OBJ_obj2txt(buf, buf_len, a, 0); + return OBJ_obj2txt(buf, buf_len, a, 0); } int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) - { - char buf[80], *p = buf; - int i; +{ + char buf[80], *p = buf; + int i; - if ((a == NULL) || (a->data == NULL)) - return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > (int)(sizeof(buf) - 1)) - { - p = OPENSSL_malloc(i + 1); - if (!p) - return -1; - i2t_ASN1_OBJECT(p,i + 1,a); - } - if (i <= 0) - return BIO_write(bp, "<INVALID>", 9); - BIO_write(bp,p,i); - if (p != buf) - OPENSSL_free(p); - return(i); - } + if ((a == NULL) || (a->data == NULL)) + return (BIO_write(bp, "NULL", 4)); + i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + if (i > (int)(sizeof(buf) - 1)) { + p = OPENSSL_malloc(i + 1); + if (!p) + return -1; + i2t_ASN1_OBJECT(p, i + 1, a); + } + if (i <= 0) + return BIO_write(bp, "<INVALID>", 9); + BIO_write(bp, p, i); + if (p != buf) + OPENSSL_free(p); + return (i); +} ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length) + long length) { - const unsigned char *p; - long len; - int tag,xclass; - int inf,i; - ASN1_OBJECT *ret = NULL; - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } + const unsigned char *p; + long len; + int tag, xclass; + int inf, i; + ASN1_OBJECT *ret = NULL; + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; + goto err; + } - if (tag != V_ASN1_OBJECT) - { - i=ASN1_R_EXPECTING_AN_OBJECT; - goto err; - } - ret = c2i_ASN1_OBJECT(a, &p, len); - if(ret) *pp = p; - return ret; -err: - ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); - return(NULL); + if (tag != V_ASN1_OBJECT) { + i = ASN1_R_EXPECTING_AN_OBJECT; + goto err; + } + ret = c2i_ASN1_OBJECT(a, &p, len); + if (ret) + *pp = p; + return ret; + err: + ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); + return (NULL); } ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) - { - ASN1_OBJECT *ret=NULL; - const unsigned char *p; - unsigned char *data; - int i, length; + long len) +{ + ASN1_OBJECT *ret = NULL; + const unsigned char *p; + unsigned char *data; + int i, length; - /* Sanity check OID encoding. - * Need at least one content octet. - * MSB must be clear in the last octet. - * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 - */ - if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || - p[len - 1] & 0x80) - { - ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); - return NULL; - } - /* Now 0 < len <= INT_MAX, so the cast is safe. */ - length = (int)len; - for (i = 0; i < length; i++, p++) - { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) - { - ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); - return NULL; - } - } + /* + * Sanity check OID encoding. Need at least one content octet. MSB must + * be clear in the last octet. can't have leading 0x80 in subidentifiers, + * see: X.690 8.19.2 + */ + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) { + ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { + ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } - /* only the ASN1_OBJECTs from the 'table' will have values - * for ->sn or ->ln */ - if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) - { - if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); - } - else ret=(*a); + /* + * only the ASN1_OBJECTs from the 'table' will have values for ->sn or + * ->ln + */ + if ((a == NULL) || ((*a) == NULL) || + !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { + if ((ret = ASN1_OBJECT_new()) == NULL) + return (NULL); + } else + ret = (*a); - p= *pp; - /* detach data from object */ - data = (unsigned char *)ret->data; - ret->data = NULL; - /* once detached we can change it */ - if ((data == NULL) || (ret->length < length)) - { - ret->length=0; - if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(length); - if (data == NULL) - { i=ERR_R_MALLOC_FAILURE; goto err; } - ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; - } - memcpy(data,p,length); - /* reattach data to object, after which it remains const */ - ret->data =data; - ret->length=length; - ret->sn=NULL; - ret->ln=NULL; - /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=length; + p = *pp; + /* detach data from object */ + data = (unsigned char *)ret->data; + ret->data = NULL; + /* once detached we can change it */ + if ((data == NULL) || (ret->length < length)) { + ret->length = 0; + if (data != NULL) + OPENSSL_free(data); + data = (unsigned char *)OPENSSL_malloc(length); + if (data == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + } + memcpy(data, p, length); + /* reattach data to object, after which it remains const */ + ret->data = data; + ret->length = length; + ret->sn = NULL; + ret->ln = NULL; + /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ + p += length; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_OBJECT_free(ret); - return(NULL); - } + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + err: + ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_OBJECT_free(ret); + return (NULL); +} ASN1_OBJECT *ASN1_OBJECT_new(void) - { - ASN1_OBJECT *ret; +{ + ASN1_OBJECT *ret; - ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); - if (ret == NULL) - { - ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->length=0; - ret->data=NULL; - ret->nid=0; - ret->sn=NULL; - ret->ln=NULL; - ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; - return(ret); - } + ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); + if (ret == NULL) { + ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } + ret->length = 0; + ret->data = NULL; + ret->nid = 0; + ret->sn = NULL; + ret->ln = NULL; + ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; + return (ret); +} void ASN1_OBJECT_free(ASN1_OBJECT *a) - { - if (a == NULL) return; - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) - { -#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ - if (a->sn != NULL) OPENSSL_free((void *)a->sn); - if (a->ln != NULL) OPENSSL_free((void *)a->ln); +{ + if (a == NULL) + return; + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { +#ifndef CONST_STRICT /* disable purely for compile-time strict + * const checking. Doing this on a "real" + * compile will cause memory leaks */ + if (a->sn != NULL) + OPENSSL_free((void *)a->sn); + if (a->ln != NULL) + OPENSSL_free((void *)a->ln); #endif - a->sn=a->ln=NULL; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) - { - if (a->data != NULL) OPENSSL_free((void *)a->data); - a->data=NULL; - a->length=0; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) - OPENSSL_free(a); - } + a->sn = a->ln = NULL; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { + if (a->data != NULL) + OPENSSL_free((void *)a->data); + a->data = NULL; + a->length = 0; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) + OPENSSL_free(a); +} ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln) - { - ASN1_OBJECT o; + const char *sn, const char *ln) +{ + ASN1_OBJECT o; - o.sn=sn; - o.ln=ln; - o.data=data; - o.nid=nid; - o.length=len; - o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return(OBJ_dup(&o)); - } + o.sn = sn; + o.ln = ln; + o.data = data; + o.nid = nid; + o.length = len; + o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + return (OBJ_dup(&o)); +} IMPLEMENT_STACK_OF(ASN1_OBJECT) + IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index e8725e44f1f5..1a6e9ca9cce3 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,11 +61,18 @@ #include <openssl/asn1.h> ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) -{ return M_ASN1_OCTET_STRING_dup(x); } - -int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b) -{ return M_ASN1_OCTET_STRING_cmp(a, b); } +{ + return M_ASN1_OCTET_STRING_dup(x); +} -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) -{ return M_ASN1_OCTET_STRING_set(x, d, len); } +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b) +{ + return M_ASN1_OCTET_STRING_cmp(a, b); +} +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, + int len) +{ + return M_ASN1_OCTET_STRING_set(x, d, len); +} diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index d18e77232044..d83e4ad82c5d 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,67 +61,69 @@ #include <openssl/asn1.h> int ASN1_PRINTABLE_type(const unsigned char *s, int len) - { - int c; - int ia5=0; - int t61=0; +{ + int c; + int ia5 = 0; + int t61 = 0; - if (len <= 0) len= -1; - if (s == NULL) return(V_ASN1_PRINTABLESTRING); + if (len <= 0) + len = -1; + if (s == NULL) + return (V_ASN1_PRINTABLESTRING); - while ((*s) && (len-- != 0)) - { - c= *(s++); + while ((*s) && (len-- != 0)) { + c = *(s++); #ifndef CHARSET_EBCDIC - if (!( ((c >= 'a') && (c <= 'z')) || - ((c >= 'A') && (c <= 'Z')) || - (c == ' ') || - ((c >= '0') && (c <= '9')) || - (c == ' ') || (c == '\'') || - (c == '(') || (c == ')') || - (c == '+') || (c == ',') || - (c == '-') || (c == '.') || - (c == '/') || (c == ':') || - (c == '=') || (c == '?'))) - ia5=1; - if (c&0x80) - t61=1; + if (!(((c >= 'a') && (c <= 'z')) || + ((c >= 'A') && (c <= 'Z')) || + (c == ' ') || + ((c >= '0') && (c <= '9')) || + (c == ' ') || (c == '\'') || + (c == '(') || (c == ')') || + (c == '+') || (c == ',') || + (c == '-') || (c == '.') || + (c == '/') || (c == ':') || (c == '=') || (c == '?'))) + ia5 = 1; + if (c & 0x80) + t61 = 1; #else - if (!isalnum(c) && (c != ' ') && - strchr("'()+,-./:=?", c) == NULL) - ia5=1; - if (os_toascii[c] & 0x80) - t61=1; + if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL) + ia5 = 1; + if (os_toascii[c] & 0x80) + t61 = 1; #endif - } - if (t61) return(V_ASN1_T61STRING); - if (ia5) return(V_ASN1_IA5STRING); - return(V_ASN1_PRINTABLESTRING); - } + } + if (t61) + return (V_ASN1_T61STRING); + if (ia5) + return (V_ASN1_IA5STRING); + return (V_ASN1_PRINTABLESTRING); +} int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) - { - int i; - unsigned char *p; +{ + int i; + unsigned char *p; - if (s->type != V_ASN1_UNIVERSALSTRING) return(0); - if ((s->length%4) != 0) return(0); - p=s->data; - for (i=0; i<s->length; i+=4) - { - if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) - break; - else - p+=4; - } - if (i < s->length) return(0); - p=s->data; - for (i=3; i<s->length; i+=4) - { - *(p++)=s->data[i]; - } - *(p)='\0'; - s->length/=4; - s->type=ASN1_PRINTABLE_type(s->data,s->length); - return(1); - } + if (s->type != V_ASN1_UNIVERSALSTRING) + return (0); + if ((s->length % 4) != 0) + return (0); + p = s->data; + for (i = 0; i < s->length; i += 4) { + if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) + break; + else + p += 4; + } + if (i < s->length) + return (0); + p = s->data; + for (i = 3; i < s->length; i += 4) { + *(p++) = s->data[i]; + } + *(p) = '\0'; + s->length /= 4; + s->type = ASN1_PRINTABLE_type(s->data, s->length); + return (1); +} diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c index d726c8d3a87c..bf3f97188926 100644 --- a/crypto/asn1/a_set.c +++ b/crypto/asn1/a_set.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,180 +62,177 @@ #ifndef NO_ASN1_OLD -typedef struct - { +typedef struct { unsigned char *pbData; int cbData; - } MYBLOB; +} MYBLOB; -/* SetBlobCmp - * This function compares two elements of SET_OF block +/* + * SetBlobCmp This function compares two elements of SET_OF block */ -static int SetBlobCmp(const void *elem1, const void *elem2 ) - { +static int SetBlobCmp(const void *elem1, const void *elem2) +{ const MYBLOB *b1 = (const MYBLOB *)elem1; const MYBLOB *b2 = (const MYBLOB *)elem2; int r; r = memcmp(b1->pbData, b2->pbData, - b1->cbData < b2->cbData ? b1->cbData : b2->cbData); - if(r != 0) - return r; - return b1->cbData-b2->cbData; - } - -/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ + b1->cbData < b2->cbData ? b1->cbData : b2->cbData); + if (r != 0) + return r; + return b1->cbData - b2->cbData; +} + +/* + * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) + */ int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, - i2d_of_void *i2d, int ex_tag, int ex_class, - int is_set) - { - int ret=0,r; - int i; - unsigned char *p; - unsigned char *pStart, *pTempMem; - MYBLOB *rgSetBlob; - int totSize; - - if (a == NULL) return(0); - for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--) - ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL); - r=ASN1_object_size(1,ret,ex_tag); - if (pp == NULL) return(r); - - p= *pp; - ASN1_put_object(&p,1,ret,ex_tag,ex_class); + i2d_of_void *i2d, int ex_tag, int ex_class, int is_set) +{ + int ret = 0, r; + int i; + unsigned char *p; + unsigned char *pStart, *pTempMem; + MYBLOB *rgSetBlob; + int totSize; + + if (a == NULL) + return (0); + for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) + ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); + r = ASN1_object_size(1, ret, ex_tag); + if (pp == NULL) + return (r); + + p = *pp; + ASN1_put_object(&p, 1, ret, ex_tag, ex_class); /* Modified by gp@nsj.co.jp */ - /* And then again by Ben */ - /* And again by Steve */ - - if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) - { - for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++) - i2d(sk_OPENSSL_BLOCK_value(a,i),&p); - - *pp=p; - return(r); - } - - pStart = p; /* Catch the beg of Setblobs*/ - /* In this array we will store the SET blobs */ - rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); - if (rgSetBlob == NULL) - { - ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - - for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++) - { - rgSetBlob[i].pbData = p; /* catch each set encode blob */ - i2d(sk_OPENSSL_BLOCK_value(a,i),&p); - rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this -SetBlob -*/ - } - *pp=p; - totSize = p - pStart; /* This is the total size of all set blobs */ - - /* Now we have to sort the blobs. I am using a simple algo. - *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ - qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); - if (!(pTempMem = OPENSSL_malloc(totSize))) - { - ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); - return(0); - } + /* And then again by Ben */ + /* And again by Steve */ + + if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) { + for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) + i2d(sk_OPENSSL_BLOCK_value(a, i), &p); + + *pp = p; + return (r); + } + + pStart = p; /* Catch the beg of Setblobs */ + /* In this array we will store the SET blobs */ + rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); + if (rgSetBlob == NULL) { + ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); + return (0); + } + + for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) { + rgSetBlob[i].pbData = p; /* catch each set encode blob */ + i2d(sk_OPENSSL_BLOCK_value(a, i), &p); + rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this + * SetBlob */ + } + *pp = p; + totSize = p - pStart; /* This is the total size of all set blobs */ + + /* + * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs + * *Copy to temp-mem *Copy from temp-mem to user-mem + */ + qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); + if (!(pTempMem = OPENSSL_malloc(totSize))) { + ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); + return (0); + } /* Copy to temp mem */ - p = pTempMem; - for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i) - { - memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); - p += rgSetBlob[i].cbData; - } + p = pTempMem; + for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) { + memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); + p += rgSetBlob[i].cbData; + } /* Copy back to user mem*/ - memcpy(pStart, pTempMem, totSize); - OPENSSL_free(pTempMem); - OPENSSL_free(rgSetBlob); + memcpy(pStart, pTempMem, totSize); + OPENSSL_free(pTempMem); + OPENSSL_free(rgSetBlob); - return(r); - } + return (r); +} STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, - const unsigned char **pp, - long length, d2i_of_void *d2i, - void (*free_func)(OPENSSL_BLOCK), int ex_tag, - int ex_class) - { - ASN1_const_CTX c; - STACK_OF(OPENSSL_BLOCK) *ret=NULL; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - } - else - ret=(*a); - - c.p= *pp; - c.max=(length == 0)?0:(c.p+length); - - c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p); - if (c.inf & 0x80) goto err; - if (ex_class != c.xclass) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS); - goto err; - } - if (ex_tag != c.tag) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG); - goto err; - } - if ((c.slen+c.p) > c.max) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); - goto err; - } - /* check for infinite constructed - it can be as long - * as the amount of data passed to us */ - if (c.inf == (V_ASN1_CONSTRUCTED+1)) - c.slen=length+ *pp-c.p; - c.max=c.p+c.slen; - - while (c.p < c.max) - { - char *s; - - if (M_ASN1_D2I_end_sequence()) break; - /* XXX: This was called with 4 arguments, incorrectly, it seems - if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ - if ((s=d2i(NULL,&c.p,c.slen)) == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); - asn1_add_error(*pp,(int)(c.p- *pp)); - goto err; - } - if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err; - } - if (a != NULL) (*a)=ret; - *pp=c.p; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - { - if (free_func != NULL) - sk_OPENSSL_BLOCK_pop_free(ret,free_func); - else - sk_OPENSSL_BLOCK_free(ret); - } - return(NULL); - } + const unsigned char **pp, + long length, d2i_of_void *d2i, + void (*free_func) (OPENSSL_BLOCK), + int ex_tag, int ex_class) +{ + ASN1_const_CTX c; + STACK_OF(OPENSSL_BLOCK) *ret = NULL; + + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) { + ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE); + goto err; + } + } else + ret = (*a); + + c.p = *pp; + c.max = (length == 0) ? 0 : (c.p + length); + + c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); + if (c.inf & 0x80) + goto err; + if (ex_class != c.xclass) { + ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); + goto err; + } + if (ex_tag != c.tag) { + ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); + goto err; + } + if ((c.slen + c.p) > c.max) { + ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); + goto err; + } + /* + * check for infinite constructed - it can be as long as the amount of + * data passed to us + */ + if (c.inf == (V_ASN1_CONSTRUCTED + 1)) + c.slen = length + *pp - c.p; + c.max = c.p + c.slen; + + while (c.p < c.max) { + char *s; + + if (M_ASN1_D2I_end_sequence()) + break; + /* + * XXX: This was called with 4 arguments, incorrectly, it seems if + * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) + */ + if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { + ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); + asn1_add_error(*pp, (int)(c.p - *pp)); + goto err; + } + if (!sk_OPENSSL_BLOCK_push(ret, s)) + goto err; + } + if (a != NULL) + (*a) = ret; + *pp = c.p; + return (ret); + err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) { + if (free_func != NULL) + sk_OPENSSL_BLOCK_pop_free(ret, free_func); + else + sk_OPENSSL_BLOCK_free(ret); + } + return (NULL); +} #endif diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 7b4a193d6b15..51c6a0c34daf 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -128,206 +128,204 @@ #ifndef NO_ASN1_OLD int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type) - { - EVP_MD_CTX ctx; - unsigned char *p,*buf_in=NULL,*buf_out=NULL; - int i,inl=0,outl=0,outll=0; - X509_ALGOR *a; + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type) +{ + EVP_MD_CTX ctx; + unsigned char *p, *buf_in = NULL, *buf_out = NULL; + int i, inl = 0, outl = 0, outll = 0; + X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); - for (i=0; i<2; i++) - { - if (i == 0) - a=algor1; - else - a=algor2; - if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1) - { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ - ASN1_TYPE_free(a->parameter); - a->parameter = NULL; - } - else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; - a->parameter->type=V_ASN1_NULL; - } - ASN1_OBJECT_free(a->algorithm); - a->algorithm=OBJ_nid2obj(type->pkey_type); - if (a->algorithm == NULL) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); - goto err; - } - if (a->algorithm->length == 0) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - goto err; - } - } - inl=i2d(data,NULL); - buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); - outll=outl=EVP_PKEY_size(pkey); - buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); - goto err; - } - p=buf_in; + EVP_MD_CTX_init(&ctx); + for (i = 0; i < 2; i++) { + if (i == 0) + a = algor1; + else + a = algor2; + if (a == NULL) + continue; + if (type->pkey_type == NID_dsaWithSHA1) { + /* + * special case: RFC 2459 tells us to omit 'parameters' with + * id-dsa-with-sha1 + */ + ASN1_TYPE_free(a->parameter); + a->parameter = NULL; + } else if ((a->parameter == NULL) || + (a->parameter->type != V_ASN1_NULL)) { + ASN1_TYPE_free(a->parameter); + if ((a->parameter = ASN1_TYPE_new()) == NULL) + goto err; + a->parameter->type = V_ASN1_NULL; + } + ASN1_OBJECT_free(a->algorithm); + a->algorithm = OBJ_nid2obj(type->pkey_type); + if (a->algorithm == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); + goto err; + } + if (a->algorithm->length == 0) { + ASN1err(ASN1_F_ASN1_SIGN, + ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + goto err; + } + } + inl = i2d(data, NULL); + buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); + outll = outl = EVP_PKEY_size(pkey); + buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + p = buf_in; - i2d(data,&p); - if (!EVP_SignInit_ex(&ctx,type, NULL) - || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl) - || !EVP_SignFinal(&ctx,(unsigned char *)buf_out, - (unsigned int *)&outl,pkey)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); - goto err; - } - if (signature->data != NULL) OPENSSL_free(signature->data); - signature->data=buf_out; - buf_out=NULL; - signature->length=outl; - /* In the interests of compatibility, I'll make sure that - * the bit string has a 'not-used bits' value of 0 - */ - signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; -err: - EVP_MD_CTX_cleanup(&ctx); - if (buf_in != NULL) - { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } - if (buf_out != NULL) - { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } - return(outl); - } + i2d(data, &p); + if (!EVP_SignInit_ex(&ctx, type, NULL) + || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + (unsigned int *)&outl, pkey)) { + outl = 0; + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); + goto err; + } + if (signature->data != NULL) + OPENSSL_free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; + /* + * In the interests of compatibility, I'll make sure that the bit string + * has a 'not-used bits' value of 0 + */ + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: + EVP_MD_CTX_cleanup(&ctx); + if (buf_in != NULL) { + OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); + OPENSSL_free(buf_in); + } + if (buf_out != NULL) { + OPENSSL_cleanse((char *)buf_out, outll); + OPENSSL_free(buf_out); + } + return (outl); +} #endif -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, - const EVP_MD *type) - { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) - { - EVP_MD_CTX_cleanup(&ctx); - return 0; - } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); - } - +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, + EVP_PKEY *pkey, const EVP_MD *type) +{ + EVP_MD_CTX ctx; + EVP_MD_CTX_init(&ctx); + if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_cleanup(&ctx); + return 0; + } + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); +} int ASN1_item_sign_ctx(const ASN1_ITEM *it, - X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) - { - const EVP_MD *type; - EVP_PKEY *pkey; - unsigned char *buf_in=NULL,*buf_out=NULL; - size_t inl=0,outl=0,outll=0; - int signid, paramtype; - int rv; + X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +{ + const EVP_MD *type; + EVP_PKEY *pkey; + unsigned char *buf_in = NULL, *buf_out = NULL; + size_t inl = 0, outl = 0, outll = 0; + int signid, paramtype; + int rv; - type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + type = EVP_MD_CTX_md(ctx); + pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); - if (!type || !pkey) - { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); - return 0; - } + if (!type || !pkey) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); + return 0; + } - if (pkey->ameth->item_sign) - { - rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, - signature); - if (rv == 1) - outl = signature->length; - /* Return value meanings: - * <=0: error. - * 1: method does everything. - * 2: carry on as normal. - * 3: ASN1 method sets algorithm identifiers: just sign. - */ - if (rv <= 0) - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); - if (rv <= 1) - goto err; - } - else - rv = 2; + if (pkey->ameth->item_sign) { + rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); + if (rv == 1) + outl = signature->length; + /*- + * Return value meanings: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal. + * 3: ASN1 method sets algorithm identifiers: just sign. + */ + if (rv <= 0) + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + if (rv <= 1) + goto err; + } else + rv = 2; - if (rv == 2) - { - if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) - { - if (!pkey->ameth || - !OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), - pkey->ameth->pkey_id)) - { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, - ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - return 0; - } - } - else - signid = type->pkey_type; + if (rv == 2) { + if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, + EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, + ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } + } else + signid = type->pkey_type; - if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) - paramtype = V_ASN1_NULL; - else - paramtype = V_ASN1_UNDEF; + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; + else + paramtype = V_ASN1_UNDEF; - if (algor1) - X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); - if (algor2) - X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); + if (algor1) + X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); + if (algor2) + X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); - } + } - inl=ASN1_item_i2d(asn,&buf_in, it); - outll=outl=EVP_PKEY_size(pkey); - buf_out=OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) - { - outl=0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE); - goto err; - } + inl = ASN1_item_i2d(asn, &buf_in, it); + outll = outl = EVP_PKEY_size(pkey); + buf_out = OPENSSL_malloc((unsigned int)outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); + goto err; + } - if (!EVP_DigestSignUpdate(ctx, buf_in, inl) - || !EVP_DigestSignFinal(ctx, buf_out, &outl)) - { - outl=0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB); - goto err; - } - if (signature->data != NULL) OPENSSL_free(signature->data); - signature->data=buf_out; - buf_out=NULL; - signature->length=outl; - /* In the interests of compatibility, I'll make sure that - * the bit string has a 'not-used bits' value of 0 - */ - signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; -err: - EVP_MD_CTX_cleanup(ctx); - if (buf_in != NULL) - { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } - if (buf_out != NULL) - { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } - return(outl); - } + if (!EVP_DigestSignUpdate(ctx, buf_in, inl) + || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + outl = 0; + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + goto err; + } + if (signature->data != NULL) + OPENSSL_free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; + /* + * In the interests of compatibility, I'll make sure that the bit string + * has a 'not-used bits' value of 0 + */ + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: + EVP_MD_CTX_cleanup(ctx); + if (buf_in != NULL) { + OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); + OPENSSL_free(buf_in); + } + if (buf_out != NULL) { + OPENSSL_cleanse((char *)buf_out, outll); + OPENSSL_free(buf_out); + } + return (outl); +} diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 8fb4193bc0b2..35fd44cd22b8 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,6 +1,7 @@ /* a_strex.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2000. */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,512 +66,584 @@ #include "charmap.h" -/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). - * Enhanced string and name printing routines handling - * multibyte characters, RFC2253 and a host of other - * options. +/* + * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name + * printing routines handling multibyte characters, RFC2253 and a host of + * other options. */ - -#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) -/* Three IO functions for sending data to memory, a BIO and - * and a FILE pointer. +/* + * Three IO functions for sending data to memory, a BIO and and a FILE + * pointer. */ -#if 0 /* never used */ +#if 0 /* never used */ static int send_mem_chars(void *arg, const void *buf, int len) { - unsigned char **out = arg; - if(!out) return 1; - memcpy(*out, buf, len); - *out += len; - return 1; + unsigned char **out = arg; + if (!out) + return 1; + memcpy(*out, buf, len); + *out += len; + return 1; } #endif static int send_bio_chars(void *arg, const void *buf, int len) { - if(!arg) return 1; - if(BIO_write(arg, buf, len) != len) return 0; - return 1; + if (!arg) + return 1; + if (BIO_write(arg, buf, len) != len) + return 0; + return 1; } static int send_fp_chars(void *arg, const void *buf, int len) { - if(!arg) return 1; - if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; - return 1; + if (!arg) + return 1; + if (fwrite(buf, 1, len, arg) != (unsigned int)len) + return 0; + return 1; } -typedef int char_io(void *arg, const void *buf, int len); +typedef int char_io (void *arg, const void *buf, int len); -/* This function handles display of - * strings, one character at a time. - * It is passed an unsigned long for each - * character because it could come from 2 or even - * 4 byte forms. +/* + * This function handles display of strings, one character at a time. It is + * passed an unsigned long for each character because it could come from 2 or + * even 4 byte forms. */ -static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) +static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, + char_io *io_ch, void *arg) { - unsigned char chflgs, chtmp; - char tmphex[HEX_SIZE(long)+3]; - - if(c > 0xffffffffL) - return -1; - if(c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); - if(!io_ch(arg, tmphex, 10)) return -1; - return 10; - } - if(c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); - if(!io_ch(arg, tmphex, 6)) return -1; - return 6; - } - chtmp = (unsigned char)c; - if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; - else chflgs = char_type[chtmp] & flags; - if(chflgs & CHARTYPE_BS_ESC) { - /* If we don't escape with quotes, signal we need quotes */ - if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { - if(do_quotes) *do_quotes = 1; - if(!io_ch(arg, &chtmp, 1)) return -1; - return 1; - } - if(!io_ch(arg, "\\", 1)) return -1; - if(!io_ch(arg, &chtmp, 1)) return -1; - return 2; - } - if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { - BIO_snprintf(tmphex, 11, "\\%02X", chtmp); - if(!io_ch(arg, tmphex, 3)) return -1; - return 3; - } - /* If we get this far and do any escaping at all must escape - * the escape character itself: backslash. - */ - if (chtmp == '\\' && flags & ESC_FLAGS) { - if(!io_ch(arg, "\\\\", 2)) return -1; - return 2; - } - if(!io_ch(arg, &chtmp, 1)) return -1; - return 1; + unsigned char chflgs, chtmp; + char tmphex[HEX_SIZE(long) + 3]; + + if (c > 0xffffffffL) + return -1; + if (c > 0xffff) { + BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + if (!io_ch(arg, tmphex, 10)) + return -1; + return 10; + } + if (c > 0xff) { + BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + if (!io_ch(arg, tmphex, 6)) + return -1; + return 6; + } + chtmp = (unsigned char)c; + if (chtmp > 0x7f) + chflgs = flags & ASN1_STRFLGS_ESC_MSB; + else + chflgs = char_type[chtmp] & flags; + if (chflgs & CHARTYPE_BS_ESC) { + /* If we don't escape with quotes, signal we need quotes */ + if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { + if (do_quotes) + *do_quotes = 1; + if (!io_ch(arg, &chtmp, 1)) + return -1; + return 1; + } + if (!io_ch(arg, "\\", 1)) + return -1; + if (!io_ch(arg, &chtmp, 1)) + return -1; + return 2; + } + if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { + BIO_snprintf(tmphex, 11, "\\%02X", chtmp); + if (!io_ch(arg, tmphex, 3)) + return -1; + return 3; + } + /* + * If we get this far and do any escaping at all must escape the escape + * character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if (!io_ch(arg, "\\\\", 2)) + return -1; + return 2; + } + if (!io_ch(arg, &chtmp, 1)) + return -1; + return 1; } -#define BUF_TYPE_WIDTH_MASK 0x7 -#define BUF_TYPE_CONVUTF8 0x8 +#define BUF_TYPE_WIDTH_MASK 0x7 +#define BUF_TYPE_CONVUTF8 0x8 -/* This function sends each character in a buffer to - * do_esc_char(). It interprets the content formats - * and converts to or from UTF8 as appropriate. +/* + * This function sends each character in a buffer to do_esc_char(). It + * interprets the content formats and converts to or from UTF8 as + * appropriate. */ static int do_buf(unsigned char *buf, int buflen, - int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) + int type, unsigned char flags, char *quotes, char_io *io_ch, + void *arg) { - int i, outlen, len; - unsigned char orflags, *p, *q; - unsigned long c; - p = buf; - q = buf + buflen; - outlen = 0; - while(p != q) { - if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; - else orflags = 0; - switch(type & BUF_TYPE_WIDTH_MASK) { - case 4: - c = ((unsigned long)*p++) << 24; - c |= ((unsigned long)*p++) << 16; - c |= ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 2: - c = ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 1: - c = *p++; - break; - - case 0: - i = UTF8_getc(p, buflen, &c); - if(i < 0) return -1; /* Invalid UTF8String */ - p += i; - break; - default: - return -1; /* invalid width */ - } - if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; - if(type & BUF_TYPE_CONVUTF8) { - unsigned char utfbuf[6]; - int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); - for(i = 0; i < utflen; i++) { - /* We don't need to worry about setting orflags correctly - * because if utflen==1 its value will be correct anyway - * otherwise each character will be > 0x7f and so the - * character will never be escaped on first and last. - */ - len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; - outlen += len; - } - } else { - len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; - outlen += len; - } - } - return outlen; + int i, outlen, len; + unsigned char orflags, *p, *q; + unsigned long c; + p = buf; + q = buf + buflen; + outlen = 0; + while (p != q) { + if (p == buf && flags & ASN1_STRFLGS_ESC_2253) + orflags = CHARTYPE_FIRST_ESC_2253; + else + orflags = 0; + switch (type & BUF_TYPE_WIDTH_MASK) { + case 4: + c = ((unsigned long)*p++) << 24; + c |= ((unsigned long)*p++) << 16; + c |= ((unsigned long)*p++) << 8; + c |= *p++; + break; + + case 2: + c = ((unsigned long)*p++) << 8; + c |= *p++; + break; + + case 1: + c = *p++; + break; + + case 0: + i = UTF8_getc(p, buflen, &c); + if (i < 0) + return -1; /* Invalid UTF8String */ + p += i; + break; + default: + return -1; /* invalid width */ + } + if (p == q && flags & ASN1_STRFLGS_ESC_2253) + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; + int utflen; + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + for (i = 0; i < utflen; i++) { + /* + * We don't need to worry about setting orflags correctly + * because if utflen==1 its value will be correct anyway + * otherwise each character will be > 0x7f and so the + * character will never be escaped on first and last. + */ + len = + do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), + quotes, io_ch, arg); + if (len < 0) + return -1; + outlen += len; + } + } else { + len = + do_esc_char(c, (unsigned char)(flags | orflags), quotes, + io_ch, arg); + if (len < 0) + return -1; + outlen += len; + } + } + return outlen; } /* This function hex dumps a buffer of characters */ -static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) +static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, + int buflen) { - static const char hexdig[] = "0123456789ABCDEF"; - unsigned char *p, *q; - char hextmp[2]; - if(arg) { - p = buf; - q = buf + buflen; - while(p != q) { - hextmp[0] = hexdig[*p >> 4]; - hextmp[1] = hexdig[*p & 0xf]; - if(!io_ch(arg, hextmp, 2)) return -1; - p++; - } - } - return buflen << 1; + static const char hexdig[] = "0123456789ABCDEF"; + unsigned char *p, *q; + char hextmp[2]; + if (arg) { + p = buf; + q = buf + buflen; + while (p != q) { + hextmp[0] = hexdig[*p >> 4]; + hextmp[1] = hexdig[*p & 0xf]; + if (!io_ch(arg, hextmp, 2)) + return -1; + p++; + } + } + return buflen << 1; } -/* "dump" a string. This is done when the type is unknown, - * or the flags request it. We can either dump the content - * octets or the entire DER encoding. This uses the RFC2253 - * #01234 format. +/* + * "dump" a string. This is done when the type is unknown, or the flags + * request it. We can either dump the content octets or the entire DER + * encoding. This uses the RFC2253 #01234 format. */ -static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) +static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, + ASN1_STRING *str) { - /* Placing the ASN1_STRING in a temp ASN1_TYPE allows - * the DER encoding to readily obtained - */ - ASN1_TYPE t; - unsigned char *der_buf, *p; - int outlen, der_len; - - if(!io_ch(arg, "#", 1)) return -1; - /* If we don't dump DER encoding just dump content octets */ - if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { - outlen = do_hex_dump(io_ch, arg, str->data, str->length); - if(outlen < 0) return -1; - return outlen + 1; - } - t.type = str->type; - t.value.ptr = (char *)str; - der_len = i2d_ASN1_TYPE(&t, NULL); - der_buf = OPENSSL_malloc(der_len); - if(!der_buf) return -1; - p = der_buf; - i2d_ASN1_TYPE(&t, &p); - outlen = do_hex_dump(io_ch, arg, der_buf, der_len); - OPENSSL_free(der_buf); - if(outlen < 0) return -1; - return outlen + 1; + /* + * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to + * readily obtained + */ + ASN1_TYPE t; + unsigned char *der_buf, *p; + int outlen, der_len; + + if (!io_ch(arg, "#", 1)) + return -1; + /* If we don't dump DER encoding just dump content octets */ + if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { + outlen = do_hex_dump(io_ch, arg, str->data, str->length); + if (outlen < 0) + return -1; + return outlen + 1; + } + t.type = str->type; + t.value.ptr = (char *)str; + der_len = i2d_ASN1_TYPE(&t, NULL); + der_buf = OPENSSL_malloc(der_len); + if (!der_buf) + return -1; + p = der_buf; + i2d_ASN1_TYPE(&t, &p); + outlen = do_hex_dump(io_ch, arg, der_buf, der_len); + OPENSSL_free(der_buf); + if (outlen < 0) + return -1; + return outlen + 1; } -/* Lookup table to convert tags to character widths, - * 0 = UTF8 encoded, -1 is used for non string types - * otherwise it is the number of bytes per character +/* + * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is + * used for non string types otherwise it is the number of bytes per + * character */ static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, 0, -1, /* 10-13 */ - -1, -1, -1, -1, /* 15-17 */ - -1, 1, 1, /* 18-20 */ - -1, 1, 1, 1, /* 21-24 */ - -1, 1, -1, /* 25-27 */ - 4, -1, 2 /* 28-30 */ + -1, -1, -1, -1, -1, /* 0-4 */ + -1, -1, -1, -1, -1, /* 5-9 */ + -1, -1, 0, -1, /* 10-13 */ + -1, -1, -1, -1, /* 15-17 */ + -1, 1, 1, /* 18-20 */ + -1, 1, 1, 1, /* 21-24 */ + -1, 1, -1, /* 25-27 */ + 4, -1, 2 /* 28-30 */ }; -/* This is the main function, print out an - * ASN1_STRING taking note of various escape - * and display options. Returns number of - * characters written or -1 if an error - * occurred. +/* + * This is the main function, print out an ASN1_STRING taking note of various + * escape and display options. Returns number of characters written or -1 if + * an error occurred. */ -static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) +static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, + ASN1_STRING *str) { - int outlen, len; - int type; - char quotes; - unsigned char flags; - quotes = 0; - /* Keep a copy of escape flags */ - flags = (unsigned char)(lflags & ESC_FLAGS); - - type = str->type; - - outlen = 0; - - - if(lflags & ASN1_STRFLGS_SHOW_TYPE) { - const char *tagname; - tagname = ASN1_tag2str(type); - outlen += strlen(tagname); - if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; - outlen++; - } - - /* Decide what to do with type, either dump content or display it */ - - /* Dump everything */ - if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; - /* Ignore the string type */ - else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; - else { - /* Else determine width based on type */ - if((type > 0) && (type < 31)) type = tag2nbyte[type]; - else type = -1; - if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; - } - - if(type == -1) { - len = do_dump(lflags, io_ch, arg, str); - if(len < 0) return -1; - outlen += len; - return outlen; - } - - if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { - /* Note: if string is UTF8 and we want - * to convert to UTF8 then we just interpret - * it as 1 byte per character to avoid converting - * twice. - */ - if(!type) type = 1; - else type |= BUF_TYPE_CONVUTF8; - } - - len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if(len < 0) return -1; - outlen += len; - if(quotes) outlen += 2; - if(!arg) return outlen; - if(quotes && !io_ch(arg, "\"", 1)) return -1; - if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) - return -1; - if(quotes && !io_ch(arg, "\"", 1)) return -1; - return outlen; + int outlen, len; + int type; + char quotes; + unsigned char flags; + quotes = 0; + /* Keep a copy of escape flags */ + flags = (unsigned char)(lflags & ESC_FLAGS); + + type = str->type; + + outlen = 0; + + if (lflags & ASN1_STRFLGS_SHOW_TYPE) { + const char *tagname; + tagname = ASN1_tag2str(type); + outlen += strlen(tagname); + if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) + return -1; + outlen++; + } + + /* Decide what to do with type, either dump content or display it */ + + /* Dump everything */ + if (lflags & ASN1_STRFLGS_DUMP_ALL) + type = -1; + /* Ignore the string type */ + else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) + type = 1; + else { + /* Else determine width based on type */ + if ((type > 0) && (type < 31)) + type = tag2nbyte[type]; + else + type = -1; + if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) + type = 1; + } + + if (type == -1) { + len = do_dump(lflags, io_ch, arg, str); + if (len < 0) + return -1; + outlen += len; + return outlen; + } + + if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { + /* + * Note: if string is UTF8 and we want to convert to UTF8 then we + * just interpret it as 1 byte per character to avoid converting + * twice. + */ + if (!type) + type = 1; + else + type |= BUF_TYPE_CONVUTF8; + } + + len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); + if (len < 0) + return -1; + outlen += len; + if (quotes) + outlen += 2; + if (!arg) + return outlen; + if (quotes && !io_ch(arg, "\"", 1)) + return -1; + if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) + return -1; + if (quotes && !io_ch(arg, "\"", 1)) + return -1; + return outlen; } /* Used for line indenting: print 'indent' spaces */ static int do_indent(char_io *io_ch, void *arg, int indent) { - int i; - for(i = 0; i < indent; i++) - if(!io_ch(arg, " ", 1)) return 0; - return 1; + int i; + for (i = 0; i < indent; i++) + if (!io_ch(arg, " ", 1)) + return 0; + return 1; } -#define FN_WIDTH_LN 25 -#define FN_WIDTH_SN 10 +#define FN_WIDTH_LN 25 +#define FN_WIDTH_SN 10 static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, - int indent, unsigned long flags) + int indent, unsigned long flags) { - int i, prev = -1, orflags, cnt; - int fn_opt, fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME_ENTRY *ent; - char objtmp[80]; - const char *objbuf; - int outlen, len; - char *sep_dn, *sep_mv, *sep_eq; - int sep_dn_len, sep_mv_len, sep_eq_len; - if(indent < 0) indent = 0; - outlen = indent; - if(!do_indent(io_ch, arg, indent)) return -1; - switch (flags & XN_FLAG_SEP_MASK) - { - case XN_FLAG_SEP_MULTILINE: - sep_dn = "\n"; - sep_dn_len = 1; - sep_mv = " + "; - sep_mv_len = 3; - break; - - case XN_FLAG_SEP_COMMA_PLUS: - sep_dn = ","; - sep_dn_len = 1; - sep_mv = "+"; - sep_mv_len = 1; - indent = 0; - break; - - case XN_FLAG_SEP_CPLUS_SPC: - sep_dn = ", "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - case XN_FLAG_SEP_SPLUS_SPC: - sep_dn = "; "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - default: - return -1; - } - - if(flags & XN_FLAG_SPC_EQ) { - sep_eq = " = "; - sep_eq_len = 3; - } else { - sep_eq = "="; - sep_eq_len = 1; - } - - fn_opt = flags & XN_FLAG_FN_MASK; - - cnt = X509_NAME_entry_count(n); - for(i = 0; i < cnt; i++) { - if(flags & XN_FLAG_DN_REV) - ent = X509_NAME_get_entry(n, cnt - i - 1); - else ent = X509_NAME_get_entry(n, i); - if(prev != -1) { - if(prev == ent->set) { - if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; - outlen += sep_mv_len; - } else { - if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; - outlen += sep_dn_len; - if(!do_indent(io_ch, arg, indent)) return -1; - outlen += indent; - } - } - prev = ent->set; - fn = X509_NAME_ENTRY_get_object(ent); - val = X509_NAME_ENTRY_get_data(ent); - fn_nid = OBJ_obj2nid(fn); - if(fn_opt != XN_FLAG_FN_NONE) { - int objlen, fld_len; - if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); - fld_len = 0; /* XXX: what should this be? */ - objbuf = objtmp; - } else { - if(fn_opt == XN_FLAG_FN_SN) { - fld_len = FN_WIDTH_SN; - objbuf = OBJ_nid2sn(fn_nid); - } else if(fn_opt == XN_FLAG_FN_LN) { - fld_len = FN_WIDTH_LN; - objbuf = OBJ_nid2ln(fn_nid); - } else { - fld_len = 0; /* XXX: what should this be? */ - objbuf = ""; - } - } - objlen = strlen(objbuf); - if(!io_ch(arg, objbuf, objlen)) return -1; - if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { - if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; - outlen += fld_len - objlen; - } - if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; - outlen += objlen + sep_eq_len; - } - /* If the field name is unknown then fix up the DER dump - * flag. We might want to limit this further so it will - * DER dump on anything other than a few 'standard' fields. - */ - if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) - orflags = ASN1_STRFLGS_DUMP_ALL; - else orflags = 0; - - len = do_print_ex(io_ch, arg, flags | orflags, val); - if(len < 0) return -1; - outlen += len; - } - return outlen; + int i, prev = -1, orflags, cnt; + int fn_opt, fn_nid; + ASN1_OBJECT *fn; + ASN1_STRING *val; + X509_NAME_ENTRY *ent; + char objtmp[80]; + const char *objbuf; + int outlen, len; + char *sep_dn, *sep_mv, *sep_eq; + int sep_dn_len, sep_mv_len, sep_eq_len; + if (indent < 0) + indent = 0; + outlen = indent; + if (!do_indent(io_ch, arg, indent)) + return -1; + switch (flags & XN_FLAG_SEP_MASK) { + case XN_FLAG_SEP_MULTILINE: + sep_dn = "\n"; + sep_dn_len = 1; + sep_mv = " + "; + sep_mv_len = 3; + break; + + case XN_FLAG_SEP_COMMA_PLUS: + sep_dn = ","; + sep_dn_len = 1; + sep_mv = "+"; + sep_mv_len = 1; + indent = 0; + break; + + case XN_FLAG_SEP_CPLUS_SPC: + sep_dn = ", "; + sep_dn_len = 2; + sep_mv = " + "; + sep_mv_len = 3; + indent = 0; + break; + + case XN_FLAG_SEP_SPLUS_SPC: + sep_dn = "; "; + sep_dn_len = 2; + sep_mv = " + "; + sep_mv_len = 3; + indent = 0; + break; + + default: + return -1; + } + + if (flags & XN_FLAG_SPC_EQ) { + sep_eq = " = "; + sep_eq_len = 3; + } else { + sep_eq = "="; + sep_eq_len = 1; + } + + fn_opt = flags & XN_FLAG_FN_MASK; + + cnt = X509_NAME_entry_count(n); + for (i = 0; i < cnt; i++) { + if (flags & XN_FLAG_DN_REV) + ent = X509_NAME_get_entry(n, cnt - i - 1); + else + ent = X509_NAME_get_entry(n, i); + if (prev != -1) { + if (prev == ent->set) { + if (!io_ch(arg, sep_mv, sep_mv_len)) + return -1; + outlen += sep_mv_len; + } else { + if (!io_ch(arg, sep_dn, sep_dn_len)) + return -1; + outlen += sep_dn_len; + if (!do_indent(io_ch, arg, indent)) + return -1; + outlen += indent; + } + } + prev = ent->set; + fn = X509_NAME_ENTRY_get_object(ent); + val = X509_NAME_ENTRY_get_data(ent); + fn_nid = OBJ_obj2nid(fn); + if (fn_opt != XN_FLAG_FN_NONE) { + int objlen, fld_len; + if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + fld_len = 0; /* XXX: what should this be? */ + objbuf = objtmp; + } else { + if (fn_opt == XN_FLAG_FN_SN) { + fld_len = FN_WIDTH_SN; + objbuf = OBJ_nid2sn(fn_nid); + } else if (fn_opt == XN_FLAG_FN_LN) { + fld_len = FN_WIDTH_LN; + objbuf = OBJ_nid2ln(fn_nid); + } else { + fld_len = 0; /* XXX: what should this be? */ + objbuf = ""; + } + } + objlen = strlen(objbuf); + if (!io_ch(arg, objbuf, objlen)) + return -1; + if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { + if (!do_indent(io_ch, arg, fld_len - objlen)) + return -1; + outlen += fld_len - objlen; + } + if (!io_ch(arg, sep_eq, sep_eq_len)) + return -1; + outlen += objlen + sep_eq_len; + } + /* + * If the field name is unknown then fix up the DER dump flag. We + * might want to limit this further so it will DER dump on anything + * other than a few 'standard' fields. + */ + if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) + orflags = ASN1_STRFLGS_DUMP_ALL; + else + orflags = 0; + + len = do_print_ex(io_ch, arg, flags | orflags, val); + if (len < 0) + return -1; + outlen += len; + } + return outlen; } /* Wrappers round the main functions */ -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) +int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, + unsigned long flags) { - if(flags == XN_FLAG_COMPAT) - return X509_NAME_print(out, nm, indent); - return do_name_ex(send_bio_chars, out, nm, indent, flags); + if (flags == XN_FLAG_COMPAT) + return X509_NAME_print(out, nm, indent); + return do_name_ex(send_bio_chars, out, nm, indent, flags); } #ifndef OPENSSL_NO_FP_API -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) +int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, + unsigned long flags) { - if(flags == XN_FLAG_COMPAT) - { - BIO *btmp; - int ret; - btmp = BIO_new_fp(fp, BIO_NOCLOSE); - if(!btmp) return -1; - ret = X509_NAME_print(btmp, nm, indent); - BIO_free(btmp); - return ret; - } - return do_name_ex(send_fp_chars, fp, nm, indent, flags); + if (flags == XN_FLAG_COMPAT) { + BIO *btmp; + int ret; + btmp = BIO_new_fp(fp, BIO_NOCLOSE); + if (!btmp) + return -1; + ret = X509_NAME_print(btmp, nm, indent); + BIO_free(btmp); + return ret; + } + return do_name_ex(send_fp_chars, fp, nm, indent, flags); } #endif int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) { - return do_print_ex(send_bio_chars, out, flags, str); + return do_print_ex(send_bio_chars, out, flags, str); } #ifndef OPENSSL_NO_FP_API int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) { - return do_print_ex(send_fp_chars, fp, flags, str); + return do_print_ex(send_fp_chars, fp, flags, str); } #endif -/* Utility function: convert any string type to UTF8, returns number of bytes +/* + * Utility function: convert any string type to UTF8, returns number of bytes * in output string or a negative error code */ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) { - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; - if(!in) return -1; - type = in->type; - if((type < 0) || (type > 30)) return -1; - mbflag = tag2nbyte[type]; - if(mbflag == -1) return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; - stmp.length = 0; - stmp.flags = 0; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); - if(ret < 0) return ret; - *out = stmp.data; - return stmp.length; + ASN1_STRING stmp, *str = &stmp; + int mbflag, type, ret; + if (!in) + return -1; + type = in->type; + if ((type < 0) || (type > 30)) + return -1; + mbflag = tag2nbyte[type]; + if (mbflag == -1) + return -1; + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; + stmp.length = 0; + stmp.flags = 0; + ret = + ASN1_mbstring_copy(&str, in->data, in->length, mbflag, + B_ASN1_UTF8STRING); + if (ret < 0) + return ret; + *out = stmp.data; + return stmp.length; } diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 2afd5a41368d..52243453689a 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,6 +1,7 @@ /* a_strnid.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,31 +63,31 @@ #include <openssl/asn1.h> #include <openssl/objects.h> - static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b); - +static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, + const ASN1_STRING_TABLE *const *b); -/* This is the global mask for the mbstring functions: this is use to - * mask out certain types (such as BMPString and UTF8String) because - * certain software (e.g. Netscape) has problems with them. +/* + * This is the global mask for the mbstring functions: this is use to mask + * out certain types (such as BMPString and UTF8String) because certain + * software (e.g. Netscape) has problems with them. */ static unsigned long global_mask = B_ASN1_UTF8STRING; void ASN1_STRING_set_default_mask(unsigned long mask) { - global_mask = mask; + global_mask = mask; } unsigned long ASN1_STRING_get_default_mask(void) { - return global_mask; + return global_mask; } -/* This function sets the default to various "flavours" of configuration. +/*- + * This function sets the default to various "flavours" of configuration. * based on an ASCII string. Currently this is: * MASK:XXXX : a numerical mask value. * nobmp : Don't use BMPStrings (just Printable, T61). @@ -97,160 +98,185 @@ unsigned long ASN1_STRING_get_default_mask(void) int ASN1_STRING_set_default_mask_asc(const char *p) { - unsigned long mask; - char *end; - if(!strncmp(p, "MASK:", 5)) { - if(!p[5]) return 0; - mask = strtoul(p + 5, &end, 0); - if(*end) return 0; - } else if(!strcmp(p, "nombstr")) - mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); - else if(!strcmp(p, "pkix")) - mask = ~((unsigned long)B_ASN1_T61STRING); - else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; - else if(!strcmp(p, "default")) - mask = 0xFFFFFFFFL; - else return 0; - ASN1_STRING_set_default_mask(mask); - return 1; + unsigned long mask; + char *end; + if (!strncmp(p, "MASK:", 5)) { + if (!p[5]) + return 0; + mask = strtoul(p + 5, &end, 0); + if (*end) + return 0; + } else if (!strcmp(p, "nombstr")) + mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); + else if (!strcmp(p, "pkix")) + mask = ~((unsigned long)B_ASN1_T61STRING); + else if (!strcmp(p, "utf8only")) + mask = B_ASN1_UTF8STRING; + else if (!strcmp(p, "default")) + mask = 0xFFFFFFFFL; + else + return 0; + ASN1_STRING_set_default_mask(mask); + return 1; } -/* The following function generates an ASN1_STRING based on limits in a table. - * Frequently the types and length of an ASN1_STRING are restricted by a - * corresponding OID. For example certificates and certificate requests. +/* + * The following function generates an ASN1_STRING based on limits in a + * table. Frequently the types and length of an ASN1_STRING are restricted by + * a corresponding OID. For example certificates and certificate requests. */ -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, - int inlen, int inform, int nid) +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid) { - ASN1_STRING_TABLE *tbl; - ASN1_STRING *str = NULL; - unsigned long mask; - int ret; - if(!out) out = &str; - tbl = ASN1_STRING_TABLE_get(nid); - if(tbl) { - mask = tbl->mask; - if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, - tbl->minsize, tbl->maxsize); - } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); - if(ret <= 0) return NULL; - return *out; + ASN1_STRING_TABLE *tbl; + ASN1_STRING *str = NULL; + unsigned long mask; + int ret; + if (!out) + out = &str; + tbl = ASN1_STRING_TABLE_get(nid); + if (tbl) { + mask = tbl->mask; + if (!(tbl->flags & STABLE_NO_MASK)) + mask &= global_mask; + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, + tbl->minsize, tbl->maxsize); + } else + ret = + ASN1_mbstring_copy(out, in, inlen, inform, + DIRSTRING_TYPE & global_mask); + if (ret <= 0) + return NULL; + return *out; } -/* Now the tables and helper functions for the string table: +/* + * Now the tables and helper functions for the string table: */ /* size limits: this stuff is taken straight from RFC3280 */ -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 - +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 +#define ub_serial_number 64 /* This table must be kept in NID order */ static const ASN1_STRING_TABLE tbl_standard[] = { -{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, -{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, -{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, -{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, -{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, -{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, -{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, -{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, -{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, + {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, + {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, + {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, + {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, + 0}, + {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, + STABLE_NO_MASK}, + {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, + {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, + STABLE_NO_MASK}, + {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} }; -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b) +static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, + const ASN1_STRING_TABLE *const *b) { - return (*a)->nid - (*b)->nid; + return (*a)->nid - (*b)->nid; } DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) { - return a->nid - b->nid; + return a->nid - b->nid; } IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { - int idx; - ASN1_STRING_TABLE *ttmp; - ASN1_STRING_TABLE fnd; - fnd.nid = nid; - ttmp = OBJ_bsearch_table(&fnd, tbl_standard, - sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); - if(ttmp) return ttmp; - if(!stable) return NULL; - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if(idx < 0) return NULL; - return sk_ASN1_STRING_TABLE_value(stable, idx); + int idx; + ASN1_STRING_TABLE *ttmp; + ASN1_STRING_TABLE fnd; + fnd.nid = nid; + ttmp = OBJ_bsearch_table(&fnd, tbl_standard, + sizeof(tbl_standard) / + sizeof(ASN1_STRING_TABLE)); + if (ttmp) + return ttmp; + if (!stable) + return NULL; + idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); + if (idx < 0) + return NULL; + return sk_ASN1_STRING_TABLE_value(stable, idx); } - + int ASN1_STRING_TABLE_add(int nid, - long minsize, long maxsize, unsigned long mask, - unsigned long flags) + long minsize, long maxsize, unsigned long mask, + unsigned long flags) { - ASN1_STRING_TABLE *tmp; - char new_nid = 0; - flags &= ~STABLE_FLAGS_MALLOC; - if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if(!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } - if(!(tmp = ASN1_STRING_TABLE_get(nid))) { - tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); - if(!tmp) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, - ERR_R_MALLOC_FAILURE); - return 0; - } - tmp->flags = flags | STABLE_FLAGS_MALLOC; - tmp->nid = nid; - new_nid = 1; - } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; - if(minsize != -1) tmp->minsize = minsize; - if(maxsize != -1) tmp->maxsize = maxsize; - tmp->mask = mask; - if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); - return 1; + ASN1_STRING_TABLE *tmp; + char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; + if (!stable) + stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if (!stable) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!(tmp = ASN1_STRING_TABLE_get(nid))) { + tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); + if (!tmp) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } + tmp->flags = flags | STABLE_FLAGS_MALLOC; + tmp->nid = nid; + new_nid = 1; + } else + tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; + if (minsize != -1) + tmp->minsize = minsize; + if (maxsize != -1) + tmp->maxsize = maxsize; + tmp->mask = mask; + if (new_nid) + sk_ASN1_STRING_TABLE_push(stable, tmp); + return 1; } void ASN1_STRING_TABLE_cleanup(void) { - STACK_OF(ASN1_STRING_TABLE) *tmp; - tmp = stable; - if(!tmp) return; - stable = NULL; - sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); + STACK_OF(ASN1_STRING_TABLE) *tmp; + tmp = stable; + if (!tmp) + return; + stable = NULL; + sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); } static void st_free(ASN1_STRING_TABLE *tbl) { - if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); + if (tbl->flags & STABLE_FLAGS_MALLOC) + OPENSSL_free(tbl); } @@ -260,30 +286,27 @@ IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) main() { - ASN1_STRING_TABLE *tmp; - int i, last_nid = -1; - - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) - { - if (tmp->nid < last_nid) - { - last_nid = 0; - break; - } - last_nid = tmp->nid; - } - - if (last_nid != 0) - { - printf("Table order OK\n"); - exit(0); - } - - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) - printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, - OBJ_nid2ln(tmp->nid)); + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { + if (tmp->nid < last_nid) { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) { + printf("Table order OK\n"); + exit(0); + } + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); } diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index e2eb9b243efb..c81f0de5a9e8 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,8 +53,8 @@ * */ - -/* This is an implementation of the ASN1 Time structure which is: +/*- + * This is an implementation of the ASN1 Time structure which is: * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } @@ -73,126 +73,126 @@ IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) #if 0 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) - { -#ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - char tmp[24]; - ASN1_STRING tmpstr; - - if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { - int len; - - tmpstr = *(ASN1_STRING *)a; - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - a = (ASN1_GENERALIZEDTIME *) &tmpstr; - } -#endif - if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - a->type ,V_ASN1_UNIVERSAL)); - ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); - return -1; - } +{ +# ifdef CHARSET_EBCDIC + /* KLUDGE! We convert to ascii before writing DER */ + char tmp[24]; + ASN1_STRING tmpstr; + + if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { + int len; + + tmpstr = *(ASN1_STRING *)a; + len = tmpstr.length; + ebcdic2ascii(tmp, tmpstr.data, + (len >= sizeof tmp) ? sizeof tmp : len); + tmpstr.data = tmp; + a = (ASN1_GENERALIZEDTIME *)&tmpstr; + } +# endif + if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) + return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, + a->type, V_ASN1_UNIVERSAL)); + ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); + return -1; +} #endif - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) - { - return ASN1_TIME_adj(s, t, 0, 0); - } +{ + return ASN1_TIME_adj(s, t, 0, 0); +} ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec) - { - struct tm *ts; - struct tm data; - - ts=OPENSSL_gmtime(&t,&data); - if (ts == NULL) - { - ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); - return NULL; - } - if (offset_day || offset_sec) - { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; - } - if((ts->tm_year >= 50) && (ts->tm_year < 150)) - return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); - } + int offset_day, long offset_sec) +{ + struct tm *ts; + struct tm data; + + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) { + ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); + return NULL; + } + if (offset_day || offset_sec) { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } + if ((ts->tm_year >= 50) && (ts->tm_year < 150)) + return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); +} int ASN1_TIME_check(ASN1_TIME *t) - { - if (t->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_check(t); - else if (t->type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_check(t); - return 0; - } +{ + if (t->type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_check(t); + else if (t->type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_check(t); + return 0; +} /* Convert an ASN1_TIME structure to GeneralizedTime */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) - { - ASN1_GENERALIZEDTIME *ret; - char *str; - int newlen; - - if (!ASN1_TIME_check(t)) return NULL; - - if (!out || !*out) - { - if (!(ret = ASN1_GENERALIZEDTIME_new ())) - return NULL; - if (out) *out = ret; - } - else ret = *out; - - /* If already GeneralizedTime just copy across */ - if (t->type == V_ASN1_GENERALIZEDTIME) - { - if(!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; - } - - /* grow the string */ - if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; - /* ASN1_STRING_set() allocated 'len + 1' bytes. */ - newlen = t->length + 2 + 1; - str = (char *)ret->data; - /* Work out the century and prepend */ - if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); - else BUF_strlcpy(str, "20", newlen); - - BUF_strlcat(str, (char *)t->data, newlen); - - return ret; - } +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out) +{ + ASN1_GENERALIZEDTIME *ret; + char *str; + int newlen; + + if (!ASN1_TIME_check(t)) + return NULL; + + if (!out || !*out) { + if (!(ret = ASN1_GENERALIZEDTIME_new())) + return NULL; + if (out) + *out = ret; + } else + ret = *out; + + /* If already GeneralizedTime just copy across */ + if (t->type == V_ASN1_GENERALIZEDTIME) { + if (!ASN1_STRING_set(ret, t->data, t->length)) + return NULL; + return ret; + } + + /* grow the string */ + if (!ASN1_STRING_set(ret, NULL, t->length + 2)) + return NULL; + /* ASN1_STRING_set() allocated 'len + 1' bytes. */ + newlen = t->length + 2 + 1; + str = (char *)ret->data; + /* Work out the century and prepend */ + if (t->data[0] >= '5') + BUF_strlcpy(str, "19", newlen); + else + BUF_strlcpy(str, "20", newlen); + + BUF_strlcat(str, (char *)t->data, newlen); + + return ret; +} int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) - { - ASN1_TIME t; - - t.length = strlen(str); - t.data = (unsigned char *)str; - t.flags = 0; - - t.type = V_ASN1_UTCTIME; - - if (!ASN1_TIME_check(&t)) - { - t.type = V_ASN1_GENERALIZEDTIME; - if (!ASN1_TIME_check(&t)) - return 0; - } - - if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) - return 0; - - return 1; - } +{ + ASN1_TIME t; + + t.length = strlen(str); + t.data = (unsigned char *)str; + t.flags = 0; + + t.type = V_ASN1_UTCTIME; + + if (!ASN1_TIME_check(&t)) { + t.type = V_ASN1_GENERALIZEDTIME; + if (!ASN1_TIME_check(&t)) + return 0; + } + + if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) + return 0; + + return 1; +} diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 5e1bc762d08b..af795306b5bf 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,98 +62,96 @@ #include <openssl/objects.h> int ASN1_TYPE_get(ASN1_TYPE *a) - { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) - return(a->type); - else - return(0); - } +{ + if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + return (a->type); + else + return (0); +} void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) - { - if (a->value.ptr != NULL) - { - ASN1_TYPE **tmp_a = &a; - ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); - } - a->type=type; - if (type == V_ASN1_BOOLEAN) - a->value.boolean = value ? 0xff : 0; - else - a->value.ptr=value; - } +{ + if (a->value.ptr != NULL) { + ASN1_TYPE **tmp_a = &a; + ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); + } + a->type = type; + if (type == V_ASN1_BOOLEAN) + a->value.boolean = value ? 0xff : 0; + else + a->value.ptr = value; +} int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) - { - if (!value || (type == V_ASN1_BOOLEAN)) - { - void *p = (void *)value; - ASN1_TYPE_set(a, type, p); - } - else if (type == V_ASN1_OBJECT) - { - ASN1_OBJECT *odup; - odup = OBJ_dup(value); - if (!odup) - return 0; - ASN1_TYPE_set(a, type, odup); - } - else - { - ASN1_STRING *sdup; - sdup = ASN1_STRING_dup(value); - if (!sdup) - return 0; - ASN1_TYPE_set(a, type, sdup); - } - return 1; - } +{ + if (!value || (type == V_ASN1_BOOLEAN)) { + void *p = (void *)value; + ASN1_TYPE_set(a, type, p); + } else if (type == V_ASN1_OBJECT) { + ASN1_OBJECT *odup; + odup = OBJ_dup(value); + if (!odup) + return 0; + ASN1_TYPE_set(a, type, odup); + } else { + ASN1_STRING *sdup; + sdup = ASN1_STRING_dup(value); + if (!sdup) + return 0; + ASN1_TYPE_set(a, type, sdup); + } + return 1; +} IMPLEMENT_STACK_OF(ASN1_TYPE) + IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) - { - int result = -1; +{ + int result = -1; - if (!a || !b || a->type != b->type) return -1; + if (!a || !b || a->type != b->type) + return -1; - switch (a->type) - { - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; - case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: - case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: - case V_ASN1_BIT_STRING: - case V_ASN1_OCTET_STRING: - case V_ASN1_SEQUENCE: - case V_ASN1_SET: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - default: - result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, - (ASN1_STRING *) b->value.ptr); - break; - } + switch (a->type) { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, + (ASN1_STRING *)b->value.ptr); + break; + } - return result; - } + return result; +} diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index bbdc9b3222ab..179de6d39590 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,269 +64,267 @@ #if 0 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) - { -#ifndef CHARSET_EBCDIC - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - V_ASN1_UTCTIME,V_ASN1_UNIVERSAL)); -#else - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING x = *(ASN1_STRING *)a; - - len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); - x.data = tmp; - return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); -#endif - } - +{ +# ifndef CHARSET_EBCDIC + return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, + V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); +# else + /* KLUDGE! We convert to ascii before writing DER */ + int len; + char tmp[24]; + ASN1_STRING x = *(ASN1_STRING *)a; + + len = x.length; + ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); + x.data = tmp; + return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); +# endif +} ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, - long length) - { - ASN1_UTCTIME *ret=NULL; - - ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, - V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); - if (ret == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR); - return(NULL); - } -#ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -#endif - if (!ASN1_UTCTIME_check(ret)) - { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_UTCTIME_free(ret); - return(NULL); - } + long length) +{ + ASN1_UTCTIME *ret = NULL; + + ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, + V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); + if (ret == NULL) { + ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); + return (NULL); + } +# ifdef CHARSET_EBCDIC + ascii2ebcdic(ret->data, ret->data, ret->length); +# endif + if (!ASN1_UTCTIME_check(ret)) { + ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); + goto err; + } + + return (ret); + err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_UTCTIME_free(ret); + return (NULL); +} #endif int ASN1_UTCTIME_check(ASN1_UTCTIME *d) - { - static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; - static const int max[8]={99,12,31,23,59,59,12,59}; - char *a; - int n,i,l,o; - - if (d->type != V_ASN1_UTCTIME) return(0); - l=d->length; - a=(char *)d->data; - o=0; - - if (l < 11) goto err; - for (i=0; i<6; i++) - { - if ((i == 5) && ((a[o] == 'Z') || - (a[o] == '+') || (a[o] == '-'))) - { i++; break; } - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - if (++o > l) goto err; - - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if (++o > l) goto err; - - if ((n < min[i]) || (n > max[i])) goto err; - } - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) - { - o++; - if (o+4 > l) goto err; - for (i=6; i<8; i++) - { - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if ((n < min[i]) || (n > max[i])) goto err; - o++; - } - } - return(o == l); -err: - return(0); - } +{ + static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; + static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; + char *a; + int n, i, l, o; + + if (d->type != V_ASN1_UTCTIME) + return (0); + l = d->length; + a = (char *)d->data; + o = 0; + + if (l < 11) + goto err; + for (i = 0; i < 6; i++) { + if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + i++; + break; + } + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = a[o] - '0'; + if (++o > l) + goto err; + + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = (n * 10) + a[o] - '0'; + if (++o > l) + goto err; + + if ((n < min[i]) || (n > max[i])) + goto err; + } + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) { + o++; + if (o + 4 > l) + goto err; + for (i = 6; i < 8; i++) { + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = a[o] - '0'; + o++; + if ((a[o] < '0') || (a[o] > '9')) + goto err; + n = (n * 10) + a[o] - '0'; + if ((n < min[i]) || (n > max[i])) + goto err; + o++; + } + } + return (o == l); + err: + return (0); +} int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) - { - ASN1_UTCTIME t; - - t.type=V_ASN1_UTCTIME; - t.length=strlen(str); - t.data=(unsigned char *)str; - if (ASN1_UTCTIME_check(&t)) - { - if (s != NULL) - { - if (!ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length)) - return 0; - s->type = V_ASN1_UTCTIME; - } - return(1); - } - else - return(0); - } +{ + ASN1_UTCTIME t; + + t.type = V_ASN1_UTCTIME; + t.length = strlen(str); + t.data |