Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import SNAP-20091226

This commit is contained in:
christos 2009-12-26 23:29:52 +00:00
parent 48b5ff6259
commit cef2ee707e
248 changed files with 7055 additions and 1550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
crypto/external/bsd/openssl/dist/CHANGES vendored
View File

@ -2,12 +2,65 @@
OpenSSL CHANGES
_______________
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
*) Delete MD2 from algorithm tables. This follows the recommendation in
several standards that it is not used in new applications due to
several cryptographic weaknesses. The algorithm is also disabled in
the default configuration.
*) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
a few changes are required:
Add SSL_OP_NO_TLSv1_1 flag.
Add TLSv1_1 methods.
Update version checking logic to handle version 1.1.
Add explicit IV handling (ported from DTLS code).
Add command line options to s_client/s_server.
[Steve Henson]
*) Experiemental password based recipient info support for CMS library:
implementing RFC3211.
[Steve Henson]
*) Split password based encryption into PBES2 and PBKDF2 functions. This
neatly separates the code into cipher and PBE sections and is required
for some algorithms that split PBES2 into separate pieces (such as
password based CMS).
[Steve Henson]
*) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
return value is ignored. NB. The functions RAND_add(), RAND_seed(),
BIO_set_cipher() and some obscure PEM functions were changed so they
can now return an error. The RAND changes required a change to the
RAND_METHOD structure.
[Steve Henson]
*) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
a gcc attribute to warn if the result of a function is ignored. This
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored.
[Steve Henson]
Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx]
*) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
change when encrypting or decrypting.
[Bodo Moeller]
*) Add load_crls() function to apps tidying load_certs() too. Add option
to verify utility to allow additional CRLs to be included.
[Steve Henson]
*) Update OCSP request code to permit adding custom headers to the request:
some responders need this.
[Steve Henson]
*) The function EVP_PKEY_sign() returns <=0 on error: check return code
correctly.
[Julia Lawall <julia@diku.dk>]
*) Update verify callback code in apps/s_cb.c and apps/verify.c, it
needlessly dereferenced structures, used obsolete functions and
didn't handle all updated verify codes correctly.
[Steve Henson]
*) Disable MD2 in the default configuration.
[Steve Henson]
*) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
@ -20,9 +73,9 @@
or they could free up already freed BIOs.
[Steve Henson]
*) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
OPENSSL_asc2uni the original names were too generic and cause name
clashes on Netware.
*) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
renaming to all platforms (within the 0.9.8 branch, this was
done conditionally on Netware platforms to avoid a name clash).
[Guenter <lists@gknw.net>]
*) Add ECDHE and PSK support to DTLS.
@ -812,12 +865,89 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
*) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
connect (but not renegotiate) with servers which do not support RI.
Until RI is more widely deployed this option is enabled by default.
[Steve Henson]
*) Add "missing" ssl ctrls to clear options and mode.
[Steve Henson]
*) If client attempts to renegotiate and doesn't support RI respond with
a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
Some renegotiating TLS clients will continue a connection gracefully
when they receive the alert. Unfortunately OpenSSL mishandled
this alert and would hang waiting for a server hello which it will never
receive. Now we treat a received no_renegotiation alert as a fatal
error. This is because applications requesting a renegotiation might well
expect it to succeed and would have no code in place to handle the server
denying it so the only safe thing to do is to terminate the connection.
[Steve Henson]
*) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
peer supports secure renegotiation and 0 otherwise. Print out peer
renegotiation support in s_client/s_server.
[Steve Henson]
*) Replace the highly broken and deprecated SPKAC certification method with
the updated NID creation version. This should correctly handle UTF8.
[Steve Henson]
*) Implement draft-ietf-tls-renegotiation. Re-enable
renegotiation but require the extension as needed. Unfortunately,
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
bad idea. It has been replaced by
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
SSL_CTX_set_options(). This is really not recommended unless you
know what you are doing.
[Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
*) Fixes to stateless session resumption handling. Use initial_ctx when
issuing and attempting to decrypt tickets in case it has changed during
servername handling. Use a non-zero length session ID when attempting
stateless session resumption: this makes it possible to determine if
a resumption has occurred immediately after receiving server hello
(several places in OpenSSL subtly assume this) instead of later in
the handshake.
[Steve Henson]
*) The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
fixes for a few places where the return code is not checked
correctly.
[Julia Lawall <julia@diku.dk>]
*) Add --strict-warnings option to Configure script to include devteam
warnings in other configurations.
[Steve Henson]
*) Add support for --libdir option and LIBDIR variable in makefiles. This
makes it possible to install openssl libraries in locations which
have names other than "lib", for example "/usr/lib64" which some
systems need.
[Steve Henson, based on patch from Jeremy Utley]
*) Don't allow the use of leading 0x80 in OIDs. This is a violation of
X690 8.9.12 and can produce some misleading textual output of OIDs.
[Steve Henson, reported by Dan Kaminsky]
*) Delete MD2 from algorithm tables. This follows the recommendation in
several standards that it is not used in new applications due to
several cryptographic weaknesses. For binary compatibility reasons
the MD2 API is still compiled in by default.
[Steve Henson]
*) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
and restored.
[Steve Henson]
*) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
clash.
[Guenter <lists@gknw.net>]
*) Fix the server certificate chain building code to use X509_verify_cert(),
it used to have an ad-hoc builder which was unable to cope with anything
other than a simple chain.
@ -836,7 +966,7 @@
left. Additionally every future messege was buffered, even if the
sequence number made no sense and would be part of another handshake.
So only messages with sequence numbers less than 10 in advance will be
buffered.
buffered. (CVE-2009-1378)
[Robin Seggelmann, discovered by Daniel Mentz]
*) Records are buffered if they arrive with a future epoch to be
@ -845,10 +975,11 @@
a DOS attack with sending records with future epochs until there is no
memory left. This patch adds the pqueue_size() function to detemine
the size of a buffer and limits the record buffer to 100 entries.
(CVE-2009-1377)
[Robin Seggelmann, discovered by Daniel Mentz]
*) Keep a copy of frag->msg_header.frag_len so it can be used after the
parent structure is freed.
parent structure is freed. (CVE-2009-1379)
[Daniel Mentz]
*) Handle non-blocking I/O properly in SSL_shutdown() call.
@ -857,6 +988,16 @@
*) Add 2.5.4.* OIDs
[Ilya O. <vrghost@gmail.com>]
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
@ -895,12 +1036,12 @@
*) Support NumericString type for name components.
[Steve Henson]
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
[Ben Laurie]
Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
*) Properly check EVP_VerifyFinal() and similar return values
@ -941,6 +1082,10 @@
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
*) Fix NULL pointer dereference if a DTLS server received
ChangeCipherSpec as first record (CVE-2009-1386).
[PR #1679]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
[Nagendra Modadugu]
@ -2344,19 +2489,6 @@
differing sizes.
[Richard Levitte]
Changes between 0.9.7m and 0.9.7n [xx XXX xxxx]
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
external cache for different purposes). Previously,
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
set. This did ensure strict client verification, but meant that,
with applications using a single external cache for quite
different requirements, clients could circumvent ciphersuite
restrictions for a given session ID context by starting a session
in a different context.
[Bodo Moeller]
Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
*) Cleanse PEM buffers before freeing them since they may contain

62
crypto/external/bsd/openssl/dist/Configure vendored
View File

@ -104,6 +104,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# MD2_CHAR slags pentium pros
@ -170,9 +172,9 @@ my %table=(
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -186,7 +188,7 @@ my %table=(
"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@ -212,11 +214,11 @@ my %table=(
# actually recommend to consider using gcc shared build even with vendor
# compiler:-)
# <appro@fy.chalmers.se>
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -349,7 +351,7 @@ my %table=(
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
@ -549,7 +551,7 @@ my %table=(
"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
@ -618,9 +620,10 @@ my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
my $exe_ext="";
my $install_prefix="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $no_threads=0;
my $threads=0;
@ -664,7 +667,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"gmp" => "default",
"jpake" => "experimental",
"md2" => "default",
"mdc2" => "default",
"rc5" => "default",
"rfc3779" => "default",
"shared" => "default",
@ -676,7 +678,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@ -774,6 +776,10 @@ PROCESS_ARGS:
{
exit(&test_sanity());
}
elsif (/^--strict-warnings/)
{
$strict_warnings = 1;
}
elsif (/^reconfigure/ || /^reconf/)
{
if (open(IN,"<$Makefile"))
@ -819,6 +825,10 @@ PROCESS_ARGS:
{
$prefix=$1;
}
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
}
elsif (/^--openssldir=(.*)$/)
{
$openssldir=$1;
@ -1031,9 +1041,14 @@ $exe_ext=".pm" if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
$libdir="lib" if $libdir eq "";
$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
my $make = $ENV{'MAKE'} || "make";
$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /.\/$/;
@ -1075,7 +1090,8 @@ my $shared_target = $fields[$idx_shared_target];
my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
my $ar = $ENV{'AR'} || "ar";
my $arflags = $fields[$idx_arflags];
my $multilib = $fields[$idx_multilib];
@ -1430,6 +1446,16 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
}
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
@ -1460,20 +1486,22 @@ while (<IN>)
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^MULTILIB=.*$/MULTILIB=$multilib/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^LIBDIR=.*$/LIBDIR=$libdir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
s/^OPTIONS=.*$/OPTIONS=$options/;
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
if ($cross_compile_prefix)
{
s/^CC=.*$/CROSS_COMPILE_PREFIX= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE_PREFIX\)$cc/;
s/^AR=\s*/AR= \$\(CROSS_COMPILE_PREFIX\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE_PREFIX\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE_PREFIX\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE_PREFIX\)$cc/ if $cc eq "gcc";
s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
}
@ -1757,7 +1785,7 @@ if($IsMK1MF) {
EOF
close(OUT);
} else {
my $make_command = "make PERL=\'$perl\'";
my $make_command = "$make PERL=\'$perl\'";
my $make_targets = "";
$make_targets .= " links" if $symlink;
$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;

12
crypto/external/bsd/openssl/dist/FAQ vendored
View File

@ -70,6 +70,7 @@ OpenSSL - Frequently Asked Questions
* I think I've detected a memory leak, is this a bug?
* Why does Valgrind complain about the use of uninitialized data?
* Why doesn't a memory BIO work when a file does?
* Where are the declarations and implementations of d2i_X509() etc?
===============================================================================
@ -967,4 +968,15 @@ is needed. This must be done by calling:
See the manual pages for more details.
* Where are the declarations and implementations of d2i_X509() etc?
These are defined and implemented by macros of the form:
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
The implementation passes an ASN1 "template" defining the structure into an
ASN1 interpreter using generalised functions such as ASN1_item_d2i().
===============================================================================

56
crypto/external/bsd/openssl/dist/Makefile.org vendored
View File

@ -71,6 +71,7 @@ PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
@ -179,11 +180,12 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
@ -299,7 +301,7 @@ build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
@ -313,7 +315,7 @@ do_$(SHLIB_TARGET):
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
@ -326,7 +328,7 @@ libcrypto.pc: Makefile
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
@ -339,7 +341,7 @@ libssl.pc: Makefile
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
@ -392,7 +394,7 @@ dclean:
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE_PREFIX)" ]; then \
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
@ -424,7 +426,7 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
$(PERL) util/ck_errf.pl */*.c */*/*.c
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
@ -494,9 +496,9 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@ -511,10 +513,10 @@ install_sw:
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
@ -524,17 +526,17 @@ install_sw:
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
@ -558,12 +560,12 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \

4
crypto/external/bsd/openssl/dist/Makefile.shared vendored
View File

@ -238,7 +238,7 @@ link_a.darwin:
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/lib/$$SHLIB$(SHLIB_EXT)"; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
$(LINK_SO_A)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
@ -281,7 +281,7 @@ link_a.cygwin:
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(CROSS_COMPILE_PREFIX)windres -o rc.o; \
$(CROSS_COMPILE)windres -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

25
crypto/external/bsd/openssl/dist/README vendored
View File

@ -1,7 +1,7 @@
OpenSSL 1.1.0-dev XX xxx XXXX
Copyright (c) 1998-2008 The OpenSSL Project
Copyright (c) 1998-2009 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@ -112,8 +112,6 @@
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
The MDC2 algorithm is patented by IBM.
NTT and Mitsubishi have patents and pending patents on the Camellia
algorithm, but allow use at no charge without requiring an explicit
licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
@ -139,6 +137,9 @@
SUPPORT
-------
See the OpenSSL website www.openssl.org for details of how to obtain
commercial technical support.
If you have any problems with OpenSSL then please take the following steps
first:
@ -165,6 +166,10 @@
openssl-bugs@openssl.org
Note that the request tracker should NOT be used for general assistance
or support queries. Just because something doesn't work the way you expect
does not mean it is necessarily a bug in OpenSSL.
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
readable request tracker database and is forwarded to a public
mailing list. Confidential mail may be sent to openssl-security@openssl.org
@ -175,10 +180,22 @@
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
would like to submit a patch, send it to openssl-dev@openssl.org with
would like to submit a patch, send it to openssl-bugs@openssl.org with
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
If you are unsure as to whether a feature will be useful for the general
OpenSSL community please discuss it on the openssl-dev mailing list first.
Someone may be already working on the same thing or there may be a good
reason as to why that feature isn't implemented.
Patches should be as up to date as possible, preferably relative to the
current CVS or the last snapshot. They should follow the coding style of
OpenSSL and compile without warnings. Some of the core team developer targets
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
compiles on many varied platforms: try to ensure you only use portable
features.
Note: For legal reasons, contributions from the US can be accepted only
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;

109
crypto/external/bsd/openssl/dist/TABLE vendored
View File

@ -1278,7 +1278,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id = MACOSX
$lflags = -Wl,-search_paths_first%
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@ -1953,6 +1953,68 @@ $ranlib =
$arflags =
$multilib =
*** debug-linux-generic32
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** debug-linux-generic64
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** debug-linux-ia32-aes
$cc = gcc
$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
@ -2046,6 +2108,37 @@ $ranlib =
$arflags =
$multilib =
*** debug-linux-x86_64
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
$aes_obj = aes-x86_64.o aesni-x86_64.o
$bf_obj =
$md5_obj = md5-x86_64.o
$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
$cast_obj =
$rc4_obj = rc4-x86_64.o
$rmd160_obj =
$rc5_obj =
$wp_obj = wp-x86_64.o
$cmll_obj = cmll-x86_64.o cmll_misc.o
$perlasm_scheme = elf
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag = -m64
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib = 64
*** debug-rse
$cc = cc
$cflags = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
@ -2208,7 +2301,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@ -2234,7 +2327,7 @@ $multilib =
*** debug-steve32
$cc = gcc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
@ -2265,12 +2358,12 @@ $multilib =
*** debug-steve64
$cc = gcc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g -DMD32_REG_T=int
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@ -3727,7 +3820,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@ -4750,7 +4843,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -lsocket -lnsl -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@ -4781,7 +4874,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -lsocket -lnsl -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =

121
crypto/external/bsd/openssl/dist/apps/CA.sh vendored
View File

@ -5,10 +5,10 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
@ -16,8 +16,8 @@
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
@ -29,52 +29,87 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
cp_pem() {
infile=$1
outfile=$2
bound=$3
flag=0
exec <$infile;
while read line; do
if [ $flag -eq 1 ]; then
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ] ; then
echo $line >>$outfile
break
else
echo $line >>$outfile
fi
fi
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
echo $line >$outfile
flag=1
fi
done
}
usage() {
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
}
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
DAYS="-days 365" # 1 year
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
CATOP=./demoCA
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
for i
do
case $i in
RET=0
while [ "$1" != "" ] ; do
case $1 in
-\?|-h|-help)
echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
usage
exit 0
;;
-newcert)
-newcert)
# create a certificate
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
-newreq)
# create a certificate request
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
-newreq-nodes)
# create a certificate request
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
# create the directory hierarchy
mkdir ${CATOP}
mkdir ${CATOP}/certs
mkdir ${CATOP}/crl
mkdir ${CATOP}/newcerts
mkdir ${CATOP}/private
echo "00" > ${CATOP}/serial
mkdir -p ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
@ -83,37 +118,60 @@ case $i in
# ask user for existing CA certificate
if [ "$FILE" ]; then
cp $FILE ${CATOP}/private/$CAKEY
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
RET=$?
if [ ! -f "${CATOP}/serial" ]; then
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-out ${CATOP}/serial
fi
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-infiles ${CATOP}/$CAREQ
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
;;
-xsign)
$CA -policy policy_anything -infiles newreq.pem
$CA -policy policy_anything -infiles newreq.pem
RET=$?
;;
-sign|-signreq)
-pkcs12)
if [ -z "$2" ] ; then
CNAME="My Certificate"
else
CNAME="$2"
fi
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-out newcert.p12 -export -name "$CNAME"
RET=$?
exit $RET
;;
-sign|-signreq)
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-signcert)
-signCA)
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
RET=$?
echo "Signed CA certificate is in newcert.pem"
;;
-signcert)
echo "Cert passphrase will be requested twice - bug?"
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-verify)
-verify)
shift
if [ -z "$1" ]; then
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
@ -127,13 +185,14 @@ case $i in
fi
done
fi
exit 0
exit $RET
;;
*)
echo "Unknown arg $i";
echo "Unknown arg $i" >&2
usage
exit 1
;;
esac
shift
done
exit $RET

43
crypto/external/bsd/openssl/dist/apps/Makefile vendored
View File

@ -789,14 +789,14 @@ s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_cb.o: s_apps.h s_cb.c
s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -933,19 +933,20 @@ speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
speed.o: ../include/openssl/err.h ../include/openssl/evp.h
speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
speed.o: ../include/openssl/seed.h ../include/openssl/sha.h
speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
speed.o: ../include/openssl/ui_compat.h ../include/openssl/whrlpool.h
speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h
speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
speed.o: speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

130
crypto/external/bsd/openssl/dist/apps/apps.c vendored
View File

@ -1095,76 +1095,120 @@ error:
}
#endif /* ndef OPENSSL_NO_RC4 */
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
static int load_certs_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
{
BIO *certs;
int i;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
BIO *bio;
STACK_OF(X509_INFO) *xis = NULL;
X509_INFO *xi;
PW_CB_DATA cb_data;
int rv = 0;
cb_data.password = pass;
cb_data.prompt_info = file;
if((certs = BIO_new(BIO_s_file())) == NULL)
if (format != FORMAT_PEM)
{
ERR_print_errors(err);
goto end;
BIO_printf(err,"bad input format specified for %s\n", desc);
return 0;
}
if (file == NULL)
BIO_set_fp(certs,stdin,BIO_NOCLOSE);
bio = BIO_new_fp(stdin,BIO_NOCLOSE);
else
bio = BIO_new_file(file, "r");
if (bio == NULL)
{
if (BIO_read_filename(certs,file) <= 0)
{
BIO_printf(err, "Error opening %s %s\n",
cert_descrip, file);
ERR_print_errors(err);
BIO_printf(err, "Error opening %s %s\n",
desc, file ? file : "stdin");
ERR_print_errors(err);
return 0;
}
xis = PEM_X509_INFO_read_bio(bio, NULL,
(pem_password_cb *)password_callback, &cb_data);
BIO_free(bio);
if (pcerts)
{
*pcerts = sk_X509_new_null();
if (!*pcerts)
goto end;
}
if (pcrls)
{
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
}
for(i = 0; i < sk_X509_INFO_num(xis); i++)
{
xi = sk_X509_INFO_value (xis, i);
if (xi->x509 && pcerts)
{
if (!sk_X509_push(*pcerts, xi->x509))
goto end;
xi->x509 = NULL;
}
if (xi->crl && pcrls)
{
if (!sk_X509_CRL_push(*pcrls, xi->crl))
goto end;
xi->crl = NULL;
}
}
if (format == FORMAT_PEM)
if (pcerts && sk_X509_num(*pcerts) > 0)
rv = 1;
if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
rv = 1;
end:
if (xis)
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0)
{
othercerts = sk_X509_new_null();
if(!othercerts)
if (pcerts)
{
sk_X509_free(othercerts);
othercerts = NULL;
goto end;
sk_X509_pop_free(*pcerts, X509_free);
*pcerts = NULL;
}
allcerts = PEM_X509_INFO_read_bio(certs, NULL,
(pem_password_cb *)password_callback, &cb_data);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
if (pcrls)
{
xi = sk_X509_INFO_value (allcerts, i);
if (xi->x509)
{
sk_X509_push(othercerts, xi->x509);
xi->x509 = NULL;
}
sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
*pcrls = NULL;
}
goto end;
}
else {
BIO_printf(err,"bad input format specified for %s\n",
cert_descrip);
goto end;
}
end:
if (othercerts == NULL)
{
BIO_printf(err,"unable to load certificates\n");
BIO_printf(err,"unable to load %s\n",
pcerts ? "certificates" : "CRLs");
ERR_print_errors(err);
}
if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
if (certs != NULL) BIO_free(certs);
return(othercerts);
return rv;
}
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
return certs;
}
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
return crls;
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
/* Return error for unknown extensions */

13
crypto/external/bsd/openssl/dist/apps/apps.h vendored
View File

@ -168,6 +168,12 @@ extern BIO *bio_err;
#define do_pipe_sig()
#endif
#ifdef OPENSSL_NO_COMP
#define zlib_cleanup()
#else
#define zlib_cleanup() COMP_zlib_cleanup()
#endif
#if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
do_pipe_sig()
@ -182,7 +188,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); COMP_zlib_cleanup();} while(0)
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
@ -192,7 +198,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); } while(0)
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
#endif
@ -245,6 +251,8 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
#ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@ -253,6 +261,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);
#ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout);
#endif

37
crypto/external/bsd/openssl/dist/apps/cms.c vendored
View File

@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
char *engine=NULL;
#endif
unsigned char *secret_key = NULL, *secret_keyid = NULL;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
size_t secret_keylen = 0, secret_keyidlen = 0;
ASN1_OBJECT *econtent_type = NULL;
@ -326,6 +327,13 @@ int MAIN(int argc, char **argv)
}
secret_keyidlen = (size_t)ltmp;
}
else if (!strcmp(*args,"-pwri_password"))
{
if (!args[1])
goto argerr;
args++;
pwri_pass = (unsigned char *)*args;
}
else if (!strcmp(*args,"-econtent_type"))
{
if (!args[1])
@ -559,7 +567,7 @@ int MAIN(int argc, char **argv)
else if (operation == SMIME_DECRYPT)
{
if (!recipfile && !keyfile && !secret_key)
if (!recipfile && !keyfile && !secret_key && !pwri_pass)
{
BIO_printf(bio_err, "No recipient certificate or key specified\n");
badarg = 1;
@ -567,7 +575,7 @@ int MAIN(int argc, char **argv)
}
else if (operation == SMIME_ENCRYPT)
{
if (!*args && !secret_key)
if (!*args && !secret_key && !pwri_pass)
{
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
@ -880,7 +888,7 @@ int MAIN(int argc, char **argv)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb_func(store, cms_cb);
X509_STORE_set_verify_cb(store, cms_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
@ -917,6 +925,17 @@ int MAIN(int argc, char **argv)
secret_key = NULL;
secret_keyid = NULL;
}
if (pwri_pass)
{
pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
if (!pwri_tmp)
goto end;
if (!CMS_add0_recipient_password(cms,
-1, NID_undef, NID_undef,
pwri_tmp, -1, NULL))
goto end;
pwri_tmp = NULL;
}
if (!(flags & CMS_STREAM))
{
if (!CMS_final(cms, in, NULL, flags))
@ -1043,6 +1062,16 @@ int MAIN(int argc, char **argv)
}
}
if (pwri_pass)
{
if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
{
BIO_puts(bio_err,
"Error decrypting CMS using password\n");
goto end;
}
}
if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
{
BIO_printf(bio_err, "Error decrypting CMS structure\n");
@ -1167,6 +1196,8 @@ end:
OPENSSL_free(secret_key);
if (secret_keyid)
OPENSSL_free(secret_keyid);
if (pwri_tmp)
OPENSSL_free(pwri_tmp);
if (econtent_type)
ASN1_OBJECT_free(econtent_type);
if (rr)

9
crypto/external/bsd/openssl/dist/apps/dgst.c vendored
View File

@ -155,6 +155,8 @@ int MAIN(int argc, char **argv)
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
separator=1;
if (strcmp(*argv,"-r") == 0)
separator=2;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) break;
@ -262,6 +264,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
@ -602,6 +605,12 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
if(binout) BIO_write(out, buf, len);
else if (sep == 2)
{
for (i=0; i<(int)len; i++)
BIO_printf(out, "%02x",buf[i]);
BIO_printf(out, " *%s\n", file);
}
else
{
if (sig_name)

2
crypto/external/bsd/openssl/dist/apps/dsa.c vendored
View File

@ -351,7 +351,7 @@ bad:
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
if (i <= 0)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);

7
crypto/external/bsd/openssl/dist/apps/enc.c vendored
View File

@ -243,7 +243,12 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0]='\0';
fgets(buf,sizeof buf,infile);
if (!fgets(buf,sizeof buf,infile))
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
fclose(infile);
i=strlen(buf);
if ((i > 0) &&

2
crypto/external/bsd/openssl/dist/apps/install.com vendored
View File

@ -57,7 +57,7 @@ $ LOOP_EXE_END:
$
$ SET NOON
$ COPY CA.COM WRK_SSLEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
$ SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
$ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
$ SET ON

3
crypto/external/bsd/openssl/dist/apps/openssl.c vendored
View File

@ -330,7 +330,8 @@ int main(int Argc, char *Argv[])
else prompt="OpenSSL> ";
fputs(prompt,stdout);
fflush(stdout);
fgets(p,n,stdin);
if (!fgets(p,n,stdin))
goto end;
if (p[0] == '\0') goto end;
i=strlen(p);
if (i <= 1) break;

1
crypto/external/bsd/openssl/dist/apps/pkcs8.c vendored
View File

@ -275,7 +275,6 @@ int MAIN(int argc, char **argv)
}
if (topk8)
{
BIO_free(in); /* Not needed in this section */
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)

34
crypto/external/bsd/openssl/dist/apps/privkey.pem vendored
View File

@ -1,18 +1,16 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
+lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
Ri+qO+HhZFUBqQ==
-----END PRIVATE KEY-----

6
crypto/external/bsd/openssl/dist/apps/req.c vendored
View File

@ -1441,7 +1441,8 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,sizeof buf,stdin);
if (!fgets(buf,sizeof buf,stdin))
return 0;
}
else
{
@ -1499,7 +1500,8 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,sizeof buf,stdin);
if (!fgets(buf,sizeof buf,stdin))
return 0;
}
else
{

2
crypto/external/bsd/openssl/dist/apps/rsa.c vendored
View File

@ -426,7 +426,7 @@ bad:
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
if (i <= 0)
{
BIO_printf(bio_err,"unable to write key\n");
ERR_print_errors(bio_err);

3
crypto/external/bsd/openssl/dist/apps/s_apps.h vendored
View File

@ -171,3 +171,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len,
void *arg);
#endif
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);

224
crypto/external/bsd/openssl/dist/apps/s_cb.c vendored
View File

@ -117,17 +117,21 @@
#undef NON_MAIN
#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "s_apps.h"
#define COOKIE_SECRET_LENGTH 16
int verify_depth=0;
int verify_error=X509_V_OK;
int verify_return_error=0;
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
int cookie_initialized=0;
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
@ -135,8 +139,15 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
BIO_printf(bio_err,"depth=%d ",depth);
if (err_cert)
{
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
}
else
BIO_puts(bio_err, "<no cert>\n");
if (!ok)
{
BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
@ -153,25 +164,33 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (ctx->error)
switch (err)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
BIO_printf(bio_err,"issuer= %s\n",buf);
BIO_puts(bio_err,"issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
policies_print(bio_err, ctx);
BIO_printf(bio_err,"verify return:%d\n",ok);
return(ok);
}
@ -650,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
extname = "server ticket";
break;
case TLSEXT_TYPE_renegotiate:
extname = "renegotiate";
break;
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
@ -668,3 +691,188 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
BIO_dump(bio, (char *)data, len);
(void)BIO_flush(bio);
}
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
#if OPENSSL_USE_IPV6
union {
struct sockaddr_storage ss;
struct sockaddr_in6 s6;
struct sockaddr_in s4;
} peer;
#else
struct sockaddr_in peer;
#endif
/* Initialize a random secret */
if (!cookie_initialized)
{
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
{
BIO_printf(bio_err,"error setting random cookie secret\n");
return 0;
}
cookie_initialized = 1;
}
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
#if OPENSSL_USE_IPV6
length = 0;
switch (peer.ss.ss_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
default:
OPENSSL_assert(0);
break;
}
#else
length = sizeof(peer.sin_addr);
length += sizeof(peer.sin_port);
#endif
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
#if OPENSSL_USE_IPV6
switch (peer.ss.ss_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
default:
OPENSSL_assert(0);
break;
}
#else
memcpy(buffer, &peer.sin_port, sizeof(peer.sin_port));
memcpy(buffer + sizeof(peer.sin_port), &peer.sin_addr, sizeof(peer.sin_addr));
#endif
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
memcpy(cookie, result, resultlength);
*cookie_len = resultlength;
return 1;
}
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
#if OPENSSL_USE_IPV6
union {
struct sockaddr_storage ss;
struct sockaddr_in6 s6;
struct sockaddr_in s4;
} peer;
#else
struct sockaddr_in peer;
#endif
/* If secret isn't initialized yet, the cookie can't be valid */
if (!cookie_initialized)
return 0;
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
#if OPENSSL_USE_IPV6
length = 0;
switch (peer.ss.ss_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
default:
OPENSSL_assert(0);
break;
}
#else
length = sizeof(peer.sin_addr);
length += sizeof(peer.sin_port);
#endif
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
#if OPENSSL_USE_IPV6
switch (peer.ss.ss_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
default:
OPENSSL_assert(0);
break;
}
#else
memcpy(buffer, &peer.sin_port, sizeof(peer.sin_port));
memcpy(buffer + sizeof(peer.sin_port), &peer.sin_addr, sizeof(peer.sin_addr));
#endif
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
return 1;
return 0;
}

42
crypto/external/bsd/openssl/dist/apps/s_client.c vendored
View File

@ -318,10 +318,11 @@ static void sc_usage(void)
#endif
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
BIO_printf(bio_err," -mtu - set the link layer MTU\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
@ -343,6 +344,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
}
#ifndef OPENSSL_NO_TLSEXT
@ -381,7 +383,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int off=0;
unsigned int off=0, clr=0;
SSL *con=NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
@ -411,6 +413,7 @@ int MAIN(int argc, char **argv)
BIO *sbio;
char *inrand=NULL;
int mbuf_len=0;
struct timeval timeout, *timeoutp;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
char *ssl_client_engine_id=NULL;
@ -595,6 +598,8 @@ int MAIN(int argc, char **argv)
meth=SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1_1") == 0)
meth=TLSv1_1_client_method();
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
@ -643,6 +648,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
CAfile= *(++argv);
}
else if (strcmp(*argv,"-no_tls1_1") == 0)
off|=SSL_OP_NO_TLSv1_1;
else if (strcmp(*argv,"-no_tls1") == 0)
off|=SSL_OP_NO_TLSv1;
else if (strcmp(*argv,"-no_ssl3") == 0)
@ -657,6 +664,12 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv,"-serverpref") == 0)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-legacy_server_connect") == 0)
{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@ -867,6 +880,9 @@ bad:
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
if (clr)
SSL_CTX_clear_options(ctx, clr);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
@ -979,7 +995,6 @@ re_start:
if ( SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0)
@ -1196,6 +1211,12 @@ SSL_set_tlsext_status_ids(con, ids);
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
if (SSL_in_init(con) && !SSL_total_renegotiations(con))
{
in_init=1;
@ -1300,7 +1321,7 @@ SSL_set_tlsext_status_ids(con, ids);
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
#endif
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
#elif defined(OPENSSL_SYS_NETWARE)
if(!write_tty) {
@ -1310,7 +1331,7 @@ SSL_set_tlsext_status_ids(con, ids);
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
#elif defined(OPENSSL_SYS_BEOS_R5)
/* Under BeOS-R5 the situation is similar to DOS */
@ -1328,12 +1349,12 @@ SSL_set_tlsext_status_ids(con, ids);
if (!i && (stdin_set != 1 || !read_tty))
continue;
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
(void)fcntl(fileno(stdin), F_SETFL, 0);
#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
#endif
if ( i < 0)
{
@ -1344,6 +1365,11 @@ SSL_set_tlsext_status_ids(con, ids);
}
}
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
{
k=SSL_write(con,&(cbuf[cbuf_off]),
@ -1711,6 +1737,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s);

49
crypto/external/bsd/openssl/dist/apps/s_server.c vendored
View File

@ -458,6 +458,7 @@ static void sv_usage(void)
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1_1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
BIO_printf(bio_err," -timeout - Enable timeouts\n");
@ -466,6 +467,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n");
#ifndef OPENSSL_NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
@ -491,6 +493,7 @@ static void sv_usage(void)
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#endif
}
@ -787,7 +790,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
if (!OCSP_REQUEST_add_ext(req, ext, -1))
goto err;
}
resp = process_responder(err, req, host, path, port, use_ssl,
resp = process_responder(err, req, host, path, port, use_ssl, NULL,
srctx->timeout);
if (!resp)
{
@ -859,6 +862,7 @@ int MAIN(int argc, char *argv[])
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
@ -1001,6 +1005,8 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
CApath= *(++argv);
}
else if (strcmp(*argv,"-no_cache") == 0)
no_cache = 1;
else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
{
if (badarg)
@ -1011,6 +1017,8 @@ int MAIN(int argc, char *argv[])
verify_return_error = 1;
else if (strcmp(*argv,"-serverpref") == 0)
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@ -1114,6 +1122,8 @@ int MAIN(int argc, char *argv[])
{ off|=SSL_OP_NO_SSLv2; }
else if (strcmp(*argv,"-no_ssl3") == 0)
{ off|=SSL_OP_NO_SSLv3; }
else if (strcmp(*argv,"-no_tls1_1") == 0)
{ off|=SSL_OP_NO_TLSv1_1; }
else if (strcmp(*argv,"-no_tls1") == 0)
{ off|=SSL_OP_NO_TLSv1; }
else if (strcmp(*argv,"-no_comp") == 0)
@ -1131,6 +1141,8 @@ int MAIN(int argc, char *argv[])
{ meth=SSLv3_server_method(); }
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1_1") == 0)
{ meth=TLSv1_1_server_method(); }
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
@ -1388,8 +1400,10 @@ bad:
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx,128);
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@ -1455,7 +1469,10 @@ bad:
if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx2,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx2,128);
if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx2)))
@ -1654,6 +1671,10 @@ bad:
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
#ifndef OPENSSL_NO_TLSEXT
if (ctx2)
{
@ -1750,8 +1771,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
#else
struct timeval *timeoutp;
#endif
if ((buf=OPENSSL_malloc(bufsize)) == NULL)
@ -1808,7 +1832,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
@ -1919,7 +1942,19 @@ static int sv_body(char *hostname, int s, unsigned char *context)
read_from_terminal = 1;
(void)fcntl(fileno(stdin), F_SETFL, 0);
#else
i=select(width,(void *)&readfds,NULL,NULL,NULL);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
}
if (i <= 0) continue;
if (FD_ISSET(fileno(stdin),&readfds))
read_from_terminal = 1;
@ -2180,6 +2215,8 @@ static int init_ssl_connection(SSL *con)
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
return(1);
}

2
crypto/external/bsd/openssl/dist/apps/smime.c vendored
View File

@ -671,7 +671,7 @@ int MAIN(int argc, char **argv)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb_func(store, smime_cb);
X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}

4
crypto/external/bsd/openssl/dist/apps/ts.c vendored
View File

@ -649,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits)
/* Generating random byte sequence. */
if (len > (int)sizeof(buf)) goto err;
if (!RAND_bytes(buf, len)) goto err;
if (RAND_bytes(buf, len) <= 0) goto err;
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
for (i = 0; i < len && !buf[i]; ++i);
@ -1083,7 +1083,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
cert_ctx = X509_STORE_new();
/* Setting the callback for certificate chain verification. */
X509_STORE_set_verify_cb_func(cert_ctx, verify_cb);
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
/* Adding a trusted certificate directory source. */
if (ca_path)

13
crypto/external/bsd/openssl/dist/apps/tsget vendored
View File

@ -1,13 +1,13 @@
#!/usr/bin/perl -w
# Written by Zoltan Glozik <zglozik@stones.com>.
# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
$::version = '$Id: tsget,v 1.1.1.1 2009/07/19 23:02:28 christos Exp $';
$::version = '$Id: tsget,v 1.1.1.2 2009/12/26 23:30:58 christos Exp $';
use strict;
use IO::Handle;
use Getopt::Std;
use File::Basename;
use WWW::Curl::easy;
use WWW::Curl::Easy;
use vars qw(%options);
@ -37,7 +37,7 @@ sub create_curl {
my $url = shift;
# Create Curl object.
my $curl = WWW::Curl::easy::new();
my $curl = WWW::Curl::Easy::new();
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
@ -49,7 +49,7 @@ sub create_curl {
$curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
$curl->setopt(CURLOPT_HTTPHEADER,
["Content-Type: application/timestamp-query",
"Accept: application/timestamp-reply"]);
"Accept: application/timestamp-reply,application/timestamp-response"]);
$curl->setopt(CURLOPT_READFUNCTION, \&read_body);
$curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
@ -102,7 +102,8 @@ sub get_timestamp {
$error_string .= " ($::error_buf)" if defined($::error_buf);
} else {
my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
if (lc($ct) ne "application/timestamp-reply") {
if (lc($ct) ne "application/timestamp-reply"
&& lc($ct) ne "application/timestamp-response") {
$error_string = "unexpected content type returned: $ct";
}
}
@ -192,4 +193,4 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::easy::global_cleanup();
WWW::Curl::Easy::global_cleanup();

165
crypto/external/bsd/openssl/dist/apps/verify.c vendored
View File

@ -70,8 +70,9 @@
#define PROG verify_main
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
static STACK_OF(X509) *load_untrusted(char *file);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e);
static int v_verbose=0, vflags = 0;
int MAIN(int, char **);
@ -80,10 +81,10 @@ int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1, badarg = 0;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
char *untfile = NULL, *trustfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
X509_VERIFY_PARAM *vpm = NULL;
@ -93,7 +94,7 @@ int MAIN(int argc, char **argv)
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(cert_ctx,cb);
X509_STORE_set_verify_cb(cert_ctx,cb);
ERR_load_crypto_strings();
@ -139,6 +140,11 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-CRLfile") == 0)
{
if (argc-- < 1) goto end;
crlfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@ -192,26 +198,34 @@ int MAIN(int argc, char **argv)
ERR_clear_error();
if(untfile) {
if(!(untrusted = load_untrusted(untfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
ERR_print_errors(bio_err);
if(untfile)
{
untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
NULL, e, "untrusted certificates");
if(!untrusted)
goto end;
}
}
if(trustfile) {
if(!(trusted = load_untrusted(trustfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
ERR_print_errors(bio_err);
if(trustfile)
{
trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
NULL, e, "trusted certificates");
if(!trusted)
goto end;
}
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
if(crlfile)
{
crls = load_crls(bio_err, crlfile, FORMAT_PEM,
NULL, e, "other CRLs");
if(!crls)
goto end;
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
else
for (i=0; i<argc; i++)
check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
check(cert_ctx,argv[i], untrusted, trusted, crls, e);
ret=0;
end:
if (ret == 1) {
@ -232,11 +246,14 @@ end:
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e)
{
X509 *x=NULL;
int i=0,ret=0;
@ -260,7 +277,8 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
goto end;
}
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
if (crls)
X509_STORE_CTX_set0_crls(csc, crls);
i=X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
@ -278,90 +296,53 @@ end:
return(ret);
}
static STACK_OF(X509) *load_untrusted(char *certfile)
{
STACK_OF(X509_INFO) *sk=NULL;
STACK_OF(X509) *stack=NULL, *ret=NULL;
BIO *in=NULL;
X509_INFO *xi;
if(!(stack = sk_X509_new_null())) {
BIO_printf(bio_err,"memory allocation failure\n");
goto end;
}
if(!(in=BIO_new_file(certfile, "r"))) {
BIO_printf(bio_err,"error opening the file, %s\n",certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
BIO_printf(bio_err,"error reading the file, %s\n",certfile);
goto end;
}
/* scan over it and pull out the certs */
while (sk_X509_INFO_num(sk))
{
xi=sk_X509_INFO_shift(sk);
if (xi->x509 != NULL)
{
sk_X509_push(stack,xi->x509);
xi->x509=NULL;
}
X509_INFO_free(xi);
}
if(!sk_X509_num(stack)) {
BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
sk_X509_free(stack);
goto end;
}
ret=stack;
end:
BIO_free(in);
sk_X509_INFO_free(sk);
return(ret);
}
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
int cert_error = X509_STORE_CTX_get_error(ctx);
X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
if (!ok)
{
if (ctx->current_cert)
if (current_cert)
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf);
printf("%s\n",buf);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(current_cert),
0, XN_FLAG_ONELINE);
printf("\n");
}
printf("%serror %d at %d depth lookup:%s\n",
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
cert_error,
X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error));
switch(cert_error)
{
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(NULL, ctx);
case X509_V_ERR_CERT_HAS_EXPIRED:
/* since we are just checking the certificates, it is
* ok if they are self signed. But we should still warn
* the user.
*/
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
case X509_V_ERR_INVALID_CA:
case X509_V_ERR_INVALID_NON_CA:
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
ok = 1;
}
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
X509_verify_cert_error_string(ctx->error));
if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
/* since we are just checking the certificates, it is
* ok if they are self signed. But we should still warn
* the user.
*/
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
/* Continue after extension errors too */
if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
policies_print(NULL, ctx);
return ok;
}
if ((ctx->error == X509_V_OK) && (ok == 2))
if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx);
if (!v_verbose)
ERR_clear_error();

2
crypto/external/bsd/openssl/dist/apps/x509.c vendored
View File

@ -225,7 +225,7 @@ int MAIN(int argc, char **argv)
ctx=X509_STORE_new();
if (ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(ctx,callb);
X509_STORE_set_verify_cb(ctx,callb);
argc--;
argv++;

8
crypto/external/bsd/openssl/dist/config vendored
View File

@ -48,10 +48,10 @@ done
# First get uname entries that we use below
MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
# Now test for ISC and SCO, since it is has a braindamaged uname.

35
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86.pl vendored
View File

@ -15,6 +15,7 @@
$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
# generates drop-in replacement for
# crypto/aes/asm/aes-586.pl:-)
$inline=1; # inline _aesni_[en|de]crypt
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
@ -105,27 +106,33 @@ sub aesni_generate1 # fully unrolled loop
}
# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
# &aesni_generate1("dec");
&aesni_generate1("enc") if (!$inline);
&function_begin_B("${PREFIX}_encrypt");
&mov ("eax",&wparam(0));
&mov ($key,&wparam(2));
&movups ($inout0,&QWP(0,"eax"));
&mov ($rounds,&DWP(240,$key));
&mov ("eax",&wparam(1));
&aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1");
if ($inline)
{ &aesni_inline_generate1("enc"); }
else
{ &call ("_aesni_encrypt1"); }
&movups (&QWP(0,"eax"),$inout0);
&ret ();
&function_end_B("${PREFIX}_encrypt");
# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
# &aesni_generate1("dec");
&aesni_generate1("dec") if(!$inline);
&function_begin_B("${PREFIX}_decrypt");
&mov ("eax",&wparam(0));
&mov ($key,&wparam(2));
&movups ($inout0,&QWP(0,"eax"));
&mov ($rounds,&DWP(240,$key));
&mov ("eax",&wparam(1));
&aesni_inline_generate1("dec"); # &call ("_aesni_decrypt1");
if ($inline)
{ &aesni_inline_generate1("dec"); }
else
{ &call ("_aesni_decrypt1"); }
&movups (&QWP(0,"eax"),$inout0);
&ret ();
&function_end_B("${PREFIX}_decrypt");
@ -283,7 +290,10 @@ if ($PREFIX eq "aesni") {
jmp (&label("ecb_ret"));
&set_label("ecb_enc_one",16);
&aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1");
if ($inline)
{ &aesni_inline_generate1("enc"); }
else
{ &call ("_aesni_encrypt1"); }
&movups (&QWP(0,$out),$inout0);
&jmp (&label("ecb_ret"));
@ -342,7 +352,10 @@ if ($PREFIX eq "aesni") {
&jmp (&label("ecb_ret"));
&set_label("ecb_dec_one",16);
&aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3");
if ($inline)
{ &aesni_inline_generate1("dec"); }
else
{ &call ("_aesni_decrypt1"); }
&movups (&QWP(0,$out),$inout0);
&jmp (&label("ecb_ret"));
@ -391,7 +404,10 @@ if ($PREFIX eq "aesni") {
&movups ($ivec,&QWP(0,$inp));
&lea ($inp,&DWP(16,$inp));
&pxor ($inout0,$ivec);
&aesni_inline_generate1("enc"); # &call ("_aesni_encrypt3");
if ($inline)
{ &aesni_inline_generate1("enc"); }
else
{ &call ("_aesni_encrypt1"); }
&sub ($len,16);
&lea ($out,&DWP(16,$out));
&mov ($rounds,$rounds_); # restore $rounds
@ -474,7 +490,10 @@ if ($PREFIX eq "aesni") {
&jmp (&label("cbc_dec_tail_collected"));
&set_label("cbc_dec_one");
&aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3");
if ($inline)
{ &aesni_inline_generate1("dec"); }
else
{ &call ("_aesni_decrypt1"); }
&pxor ($inout0,$ivec);
&movaps ($ivec,$in0);
&jmp (&label("cbc_dec_tail_collected"));

6
crypto/external/bsd/openssl/dist/crypto/asn1/a_digest.c vendored
View File

@ -87,7 +87,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
p=str;
i2d(data,&p);
EVP_Digest(str, i, md, len, type, NULL);
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return(1);
}
@ -104,7 +105,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
i=ASN1_item_i2d(asn,&str, it);
if (!str) return(0);
EVP_Digest(str, i, md, len, type, NULL);
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return(1);
}

2
crypto/external/bsd/openssl/dist/crypto/asn1/a_dup.c vendored
View File

@ -62,7 +62,7 @@
#ifndef NO_OLD_ASN1
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
{
unsigned char *b,*p;
const unsigned char *p2;

2
crypto/external/bsd/openssl/dist/crypto/asn1/a_mbstr.c vendored
View File

@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int str_type;
int ret;
char free_out;
int outform, outlen;
int outform, outlen = 0;
ASN1_STRING *dest;
unsigned char *p;
int nchar;

11
crypto/external/bsd/openssl/dist/crypto/asn1/a_object.c vendored
View File

@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
const unsigned char *p;
unsigned char *data;
int i;
/* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
* X.690 8.19.2
*/
for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
{
if (*p == 0x80)
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
return NULL;
}
}
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */

12
crypto/external/bsd/openssl/dist/crypto/asn1/a_sign.c vendored
View File

@ -184,9 +184,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
p=buf_in;
i2d(data,&p);
EVP_SignInit_ex(&ctx,type, NULL);
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
if (!EVP_SignInit_ex(&ctx,type, NULL)
|| !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl)
|| !EVP_SignFinal(&ctx,(unsigned char *)buf_out,
(unsigned int *)&outl,pkey))
{
outl=0;
@ -270,9 +270,9 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
goto err;
}
EVP_SignInit_ex(&ctx,type, NULL);
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
if (!EVP_SignInit_ex(&ctx,type, NULL)
|| !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl)
|| !EVP_SignFinal(&ctx,(unsigned char *)buf_out,
(unsigned int *)&outl,pkey))
{
outl=0;

16
crypto/external/bsd/openssl/dist/crypto/asn1/a_verify.c vendored
View File

@ -101,8 +101,13 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p=buf_in;
i2d(data,&p);
EVP_VerifyInit_ex(&ctx,type, NULL);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_VerifyInit_ex(&ctx,type, NULL)
|| !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
{
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
@ -173,7 +178,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
goto err;
}
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);

4
crypto/external/bsd/openssl/dist/crypto/asn1/ameth_lib.c vendored
View File

@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
if (!ameth->info)
goto err;
}
else
ameth->info = NULL;
if (pem_str)
{
@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
if (!ameth->pem_str)
goto err;
}
else
ameth->pem_str = NULL;
ameth->pub_decode = 0;
ameth->pub_encode = 0;

8
crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h vendored
View File

@ -230,6 +230,10 @@ typedef struct asn1_object_st
*/
#define ASN1_STRING_FLAG_CONT 0x020
/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
* type.
*/
#define ASN1_STRING_FLAG_MSTRING 0x040
/* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st
{
@ -948,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp);
int ASN1_object_size(int constructed, int length, int tag);
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
#define ASN1_dup_of(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
@ -1262,6 +1266,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_PKCS5_PBE2_SET_IV 167
#define ASN1_F_PKCS5_PBE_SET 202
#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215
#define ASN1_F_PKCS5_PBKDF2_SET 219
#define ASN1_F_SMIME_READ_ASN1 212
#define ASN1_F_SMIME_TEXT 213
#define ASN1_F_X509_CINF_NEW 168
@ -1328,6 +1333,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_INVALID_MIME_TYPE 205
#define ASN1_R_INVALID_MODIFIER 186
#define ASN1_R_INVALID_NUMBER 187
#define ASN1_R_INVALID_OBJECT_ENCODING 216
#define ASN1_R_INVALID_SEPARATOR 131
#define ASN1_R_INVALID_TIME_FORMAT 132
#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133

4
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c vendored
View File

@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -179,6 +179,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
{ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
@ -248,6 +249,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},

10
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_gen.c vendored
View File

@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
/* Allocate buffer for new encoding */
new_der = OPENSSL_malloc(len);
if (!new_der)
goto err;
/* Generate tagged encoding */
@ -452,6 +454,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
int derlen;
int i;
sk = sk_ASN1_TYPE_new_null();
if (!sk)
goto bad;
if (section)
{
if (!cnf)
@ -464,7 +468,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
if (!typ)
goto bad;
sk_ASN1_TYPE_push(sk, typ);
if (!sk_ASN1_TYPE_push(sk, typ))
goto bad;
}
}
@ -475,6 +480,9 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
else
derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
if (derlen < 0)
goto bad;
if (!(ret = ASN1_TYPE_new()))
goto bad;

2
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c vendored
View File

@ -239,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
if (ii < 0)
{
if (BIO_write(bp,"Bad boolean\n",12))
if (BIO_write(bp,"Bad boolean\n",12) <= 0)
goto end;
}
BIO_printf(bp,":%d",ii);

10
crypto/external/bsd/openssl/dist/crypto/asn1/d2i_pu.c vendored
View File

@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
}
else ret= *a;
ret->save_type=type;
ret->type=EVP_PKEY_type(type);
switch (ret->type)
if (!EVP_PKEY_set_type(ret, type))
{
ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
goto err;
}
switch (EVP_PKEY_id(ret))
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:

38
crypto/external/bsd/openssl/dist/crypto/asn1/n_pkey.c vendored
View File

@ -129,6 +129,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
unsigned char buf[256],*zz;
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
if (a == NULL) return(0);
@ -206,24 +207,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if(sgckey) {
EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
goto err;
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
goto err;
OPENSSL_cleanse(buf,256);
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
EVP_EncryptFinal_ex(&ctx,zz + i,&j);
EVP_CIPHER_CTX_cleanup(&ctx);
if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
goto err;
if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
goto err;
if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
goto err;
ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
err:
EVP_CIPHER_CTX_cleanup(&ctx);
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
NETSCAPE_PKEY_free(pkey);
return(ret);
@ -289,6 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
const unsigned char *zz;
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
i=cb((char *)buf,256,"Enter Private Key password:",0);
if (i != 0)
@ -299,19 +305,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
i = strlen((char *)buf);
if(sgckey){
EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
goto err;
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
goto err;
OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
goto err;
if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
goto err;
if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
goto err;
os->length=i+j;
zz=os->data;
@ -329,6 +338,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
goto err;
}
err:
EVP_CIPHER_CTX_cleanup(&ctx);
NETSCAPE_PKEY_free(pkey);
return(ret);
}

143
crypto/external/bsd/openssl/dist/crypto/asn1/p5_pbev2.c vendored
View File

@ -91,12 +91,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *aiv, int prf_nid)
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid;
int alg_nid, keylen;
EVP_CIPHER_CTX ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBKDF2PARAM *kdf = NULL;
PBE2PARAM *pbe2 = NULL;
ASN1_OCTET_STRING *osalt = NULL;
ASN1_OBJECT *obj;
alg_nid = EVP_CIPHER_type(cipher);
@ -127,7 +125,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
EVP_CIPHER_CTX_init(&ctx);
/* Dummy cipherinit to just setup the IV, and PRF */
EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
goto err;
if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
@ -145,55 +144,19 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
}
EVP_CIPHER_CTX_cleanup(&ctx);
if(!(kdf = PBKDF2PARAM_new())) goto merr;
if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
if (!saltlen) saltlen = PKCS5_SALT_LEN;
if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
osalt->length = saltlen;
if (salt) memcpy (osalt->data, salt, saltlen);
else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
/* Now include salt in kdf structure */
kdf->salt->value.octet_string = osalt;
kdf->salt->type = V_ASN1_OCTET_STRING;
osalt = NULL;
/* If its RC2 then we'd better setup the key length */
if(alg_nid == NID_rc2_cbc) {
if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
if(!ASN1_INTEGER_set (kdf->keylength,
EVP_CIPHER_key_length(cipher))) goto merr;
}
if(alg_nid == NID_rc2_cbc)
keylen = EVP_CIPHER_key_length(cipher);
else
keylen = -1;
/* prf can stay NULL if we are using hmacWithSHA1 */
if (prf_nid != NID_hmacWithSHA1)
{
kdf->prf = X509_ALGOR_new();
if (!kdf->prf)
goto merr;
X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
V_ASN1_NULL, NULL);
}
/* Setup keyfunc */
/* Now setup the PBE2PARAM keyfunc structure */
pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
/* Encode PBKDF2PARAM into parameter of pbe2 */
if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
&pbe2->keyfunc->parameter->value.sequence)) goto merr;
pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
PBKDF2PARAM_free(kdf);
kdf = NULL;
if (!pbe2->keyfunc)
goto merr;
/* Now set up top level AlgorithmIdentifier */
@ -219,8 +182,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
err:
PBE2PARAM_free(pbe2);
/* Note 'scheme' is freed as part of pbe2 */
M_ASN1_OCTET_STRING_free(osalt);
PBKDF2PARAM_free(kdf);
X509_ALGOR_free(kalg);
X509_ALGOR_free(ret);
@ -233,3 +194,85 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
{
return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
}
X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen)
{
X509_ALGOR *keyfunc = NULL;
PBKDF2PARAM *kdf = NULL;
ASN1_OCTET_STRING *osalt = NULL;
if(!(kdf = PBKDF2PARAM_new()))
goto merr;
if(!(osalt = M_ASN1_OCTET_STRING_new()))
goto merr;
kdf->salt->value.octet_string = osalt;
kdf->salt->type = V_ASN1_OCTET_STRING;
if (!saltlen)
saltlen = PKCS5_SALT_LEN;
if (!(osalt->data = OPENSSL_malloc (saltlen)))
goto merr;
osalt->length = saltlen;
if (salt)
memcpy (osalt->data, salt, saltlen);
else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
goto merr;
if(iter <= 0)
iter = PKCS5_DEFAULT_ITER;
if(!ASN1_INTEGER_set(kdf->iter, iter))
goto merr;
/* If have a key len set it up */
if(keylen > 0)
{
if(!(kdf->keylength = M_ASN1_INTEGER_new()))
goto merr;
if(!ASN1_INTEGER_set (kdf->keylength, keylen))
goto merr;
}
/* prf can stay NULL if we are using hmacWithSHA1 */
if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
{
kdf->prf = X509_ALGOR_new();
if (!kdf->prf)
goto merr;
X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
V_ASN1_NULL, NULL);
}
/* Finally setup the keyfunc structure */
keyfunc = X509_ALGOR_new();
if (!keyfunc)
goto merr;
keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
/* Encode PBKDF2PARAM into parameter of pbe2 */
if(!(keyfunc->parameter = ASN1_TYPE_new()))
goto merr;
if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
&keyfunc->parameter->value.sequence))
goto merr;
keyfunc->parameter->type = V_ASN1_SEQUENCE;
PBKDF2PARAM_free(kdf);
return keyfunc;
merr:
ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
PBKDF2PARAM_free(kdf);
X509_ALGOR_free(keyfunc);
return NULL;
}

11
crypto/external/bsd/openssl/dist/crypto/asn1/t_x509.c vendored
View File

@ -255,7 +255,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
goto err;
i2d_X509_NAME(x->cert_info->subject, &dertmp);
EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
goto err;
for (i=0; i < SHA_DIGEST_LENGTH; i++)
{
if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@ -268,8 +269,10 @@ int X509_ocspid_print (BIO *bp, X509 *x)
if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
goto err;
EVP_Digest(x->cert_info->key->public_key->data,
x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
if (!EVP_Digest(x->cert_info->key->public_key->data,
x->cert_info->key->public_key->length,
SHA1md, NULL, EVP_sha1(), NULL))
goto err;
for (i=0; i < SHA_DIGEST_LENGTH; i++)
{
if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
@ -376,7 +379,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
{
s= (v[12]-'0')*10+(v[13]-'0');
/* Check for fractions of seconds. */
if (i >= 15 && v[14] == '.')
if (tm->length >= 15 && v[14] == '.')
{
int l = tm->length;
f = &v[14]; /* The decimal point. */

6
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_new.c vendored
View File

@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
ASN1_TYPE *typ;
ASN1_STRING *str;
int utype;
if (it && it->funcs)
@ -362,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
break;
default:
*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
str = ASN1_STRING_type_new(utype);
if (it->itype == ASN1_ITYPE_MSTRING && str)
str->flags |= ASN1_STRING_FLAG_MSTRING;
*pval = (ASN1_VALUE *)str;
break;
}
if (*pval)

3
crypto/external/bsd/openssl/dist/crypto/bio/bio.h vendored
View File

@ -157,6 +157,7 @@ extern "C" {
* previous write
* operation */
#define BIO_CTRL_DGRAM_GET_PEER 46
#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
@ -538,6 +539,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
#define BIO_dgram_send_timedout(b) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
#define BIO_dgram_get_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)

146
crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c vendored
View File

@ -108,7 +108,13 @@ static BIO_METHOD methods_dgramp=
typedef struct bio_dgram_data_st
{
struct sockaddr peer;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} peer;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
@ -274,27 +280,41 @@ static int dgram_read(BIO *b, char *out, int outl)
int ret=0;
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
struct sockaddr peer;
int peerlen = sizeof(peer);
struct {
/*
* See commentary in b_sock.c. <appro>
*/
union { size_t s; int i; } len;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} peer;
} sa;
sa.len.s=0;
sa.len.i=sizeof(sa.peer);
if (out != NULL)
{
clear_socket_error();
memset(&peer, 0x00, peerlen);
/* Last arg in recvfrom is signed on some platforms and
* unsigned on others. It is of type socklen_t on some
* but this is not universal. Cast to (void *) to avoid
* compiler warnings.
*/
memset(&sa.peer, 0x00, sizeof(sa.peer));
dgram_adjust_rcv_timeout(b);
ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
{
OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
sa.len.i = (int)sa.len.s;
}
dgram_reset_rcv_timeout(b);
if ( ! data->connected && ret > 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
if ( ! data->connected && ret >= 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
BIO_clear_retry_flags(b);
if (ret <= 0)
if (ret < 0)
{
if (BIO_dgram_should_retry(ret))
{
@ -312,19 +332,19 @@ static int dgram_write(BIO *b, const char *in, int inl)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
clear_socket_error();
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
#else
ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
#endif
BIO_clear_retry_flags(b);
if (ret <= 0)
{
if (BIO_sock_should_retry(ret))
if (BIO_dgram_should_retry(ret))
{
BIO_set_retry_write(b);
data->_errno = get_last_socket_error();
@ -405,7 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
else
{
#endif
memcpy(&(data->peer),to, sizeof(struct sockaddr));
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
#if 0
}
#endif
@ -429,12 +462,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
sockopt_val = IPV6_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
#endif
default:
ret = -1;
break;
@ -470,6 +505,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = data->mtu;
}
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
@ -485,6 +521,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = data->mtu;
}
break;
#endif
default:
ret = 0;
break;
@ -506,21 +543,65 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
if ( to != NULL)
{
data->connected = 1;
memcpy(&(data->peer),to, sizeof(struct sockaddr));
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
}
else
{
data->connected = 0;
memset(&(data->peer), 0x00, sizeof(struct sockaddr));
memset(&(data->peer), 0x00, sizeof(data->peer));
}
break;
case BIO_CTRL_DGRAM_GET_PEER:
switch (data->peer.sa.sa_family)
{
case AF_INET:
ret=sizeof(data->peer.sa_in);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
ret=sizeof(data->peer.sa_in6);
break;
#endif
default:
ret=sizeof(data->peer.sa);
break;
}
if (num==0 || num>ret)
num=ret;
memcpy(ptr,&data->peer,(ret=num));
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
memcpy(&(data->peer), to, sizeof(struct sockaddr));
break;
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
break;
#if defined(SO_RCVTIMEO)
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
@ -684,10 +765,6 @@ int BIO_dgram_non_fatal_error(int err)
# endif
#endif
#if defined(ENOTCONN)
case ENOTCONN:
#endif
#ifdef EINTR
case EINTR:
#endif
@ -710,11 +787,6 @@ int BIO_dgram_non_fatal_error(int err)
case EALREADY:
#endif
/* DF bit set, and packet larger than MTU */
#ifdef EMSGSIZE
case EMSGSIZE:
#endif
return(1);
/* break; */
default:

8
crypto/external/bsd/openssl/dist/crypto/bn/bn_mul.c vendored
View File

@ -1032,15 +1032,15 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
goto err;
if (al > j || bl > j)
{
bn_wexpand(t,k*4);
bn_wexpand(rr,k*4);
if (bn_wexpand(t,k*4) == NULL) goto err;
if (bn_wexpand(rr,k*4) == NULL) goto err;
bn_mul_part_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}
else /* al <= j || bl <= j */
{
bn_wexpand(t,k*2);
bn_wexpand(rr,k*2);
if (bn_wexpand(t,k*2) == NULL) goto err;
if (bn_wexpand(rr,k*2) == NULL) goto err;
bn_mul_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}

2
crypto/external/bsd/openssl/dist/crypto/bn/bntest.c vendored
View File

@ -1029,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
BN_bntest_rand(a,20+i*5,0,0); /**/
BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_exp(d,a,b,ctx))
if (BN_exp(d,a,b,ctx) <= 0)
return(0);
if (bp != NULL)

2
crypto/external/bsd/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl vendored
View File

@ -656,7 +656,7 @@ Camellia_cbc_encrypt:
mov %rsi,$out # out argument
mov %r8,%rbx # ivp argument
mov %rcx,$key # key argument
mov 272(%rcx),$keyend # grandRounds
mov 272(%rcx),${keyend}d # grandRounds
mov %r8,$_ivp
mov %rbp,$_rsp

3
crypto/external/bsd/openssl/dist/crypto/cast/c_cfb64.c vendored
View File

@ -65,7 +65,7 @@
*/
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc)
{
register CAST_LONG v0,v1,t;
@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
v0=v1=ti[0]=ti[1]=t=c=cc=0;
*num=n;
}

3
crypto/external/bsd/openssl/dist/crypto/cast/c_ecb.c vendored
View File

@ -63,7 +63,7 @@
const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
CAST_KEY *ks, int enc)
const CAST_KEY *ks, int enc)
{
CAST_LONG l,d[2];
@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
l=d[1]; l2n(l,out);
l=d[0]=d[1]=0;
}

13
crypto/external/bsd/openssl/dist/crypto/cast/c_enc.c vendored
View File

@ -59,9 +59,10 @@
#include <openssl/cast.h>
#include "cast_lcl.h"
void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
data[0]=r&0xffffffffL;
}
void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
}
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
CAST_KEY *ks, unsigned char *iv, int enc)
const CAST_KEY *ks, unsigned char *iv, int enc)
{
register CAST_LONG tin0,tin1;
register CAST_LONG tout0,tout1,xor0,xor1;
@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
tin0=tin1=tout0=tout1=xor0=xor1=0;
tin[0]=tin[1]=0;
}

3
crypto/external/bsd/openssl/dist/crypto/cast/c_ofb64.c vendored
View File

@ -64,7 +64,7 @@
* 64bit block we have used is contained in *num;
*/
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num)
{
register CAST_LONG v0,v1,t;
@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
t=v0=v1=ti[0]=ti[1]=0;
*num=n;
}

6
crypto/external/bsd/openssl/dist/crypto/cms/Makefile vendored
View File

@ -18,9 +18,11 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
cms_pwri.c
LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
cms_pwri.o
SRC= $(LIBSRC)

19
crypto/external/bsd/openssl/dist/crypto/cms/cms.h vendored
View File

@ -184,6 +184,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen);
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
unsigned char *pass, ssize_t passlen);
STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
@ -219,6 +221,14 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
const unsigned char *id, size_t idlen);
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ssize_t passlen);
CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
int iter, int wrap_nid, int pbe_nid,
unsigned char *pass, ssize_t passlen,
const EVP_CIPHER *kekciph);
int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
@ -330,6 +340,7 @@ void ERR_load_CMS_strings(void);
#define CMS_F_CHECK_CONTENT 99
#define CMS_F_CMS_ADD0_CERT 164
#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
#define CMS_F_CMS_ADD1_SIGNER 102
@ -344,6 +355,7 @@ void ERR_load_CMS_strings(void);
#define CMS_F_CMS_DATAINIT 111
#define CMS_F_CMS_DECRYPT 112
#define CMS_F_CMS_DECRYPT_SET1_KEY 113
#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
@ -378,7 +390,9 @@ void ERR_load_CMS_strings(void);
#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
#define CMS_F_CMS_SET_DETACHED 147
@ -419,6 +433,7 @@ void ERR_load_CMS_strings(void);
#define CMS_R_ERROR_SETTING_KEY 115
#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
#define CMS_R_INVALID_KEY_LENGTH 118
#define CMS_R_MD_BIO_INIT_ERROR 119
#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
@ -431,6 +446,7 @@ void ERR_load_CMS_strings(void);
#define CMS_R_NOT_ENCRYPTED_DATA 122
#define CMS_R_NOT_KEK 123
#define CMS_R_NOT_KEY_TRANSPORT 124
#define CMS_R_NOT_PWRI 177
#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
#define CMS_R_NO_CIPHER 126
#define CMS_R_NO_CONTENT 127
@ -443,6 +459,7 @@ void ERR_load_CMS_strings(void);
#define CMS_R_NO_MATCHING_RECIPIENT 132
#define CMS_R_NO_MATCHING_SIGNATURE 166
#define CMS_R_NO_MSGSIGDIGEST 167
#define CMS_R_NO_PASSWORD 178
#define CMS_R_NO_PRIVATE_KEY 133
#define CMS_R_NO_PUBLIC_KEY 134
#define CMS_R_NO_RECEIPT_REQUEST 168
@ -466,10 +483,12 @@ void ERR_load_CMS_strings(void);
#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
#define CMS_R_UNSUPPORTED_TYPE 156
#define CMS_R_UNWRAP_ERROR 157
#define CMS_R_UNWRAP_FAILURE 180
#define CMS_R_VERIFICATION_FAILURE 158
#define CMS_R_WRAP_ERROR 159

9
crypto/external/bsd/openssl/dist/crypto/cms/cms_asn1.c vendored
View File

@ -237,6 +237,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
OPENSSL_free(kekri->key);
}
}
else if (ri->type == CMS_RECIPINFO_PASS)
{
CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
if (pwri->pass)
{
OPENSSL_cleanse(pwri->pass, pwri->passlen);
OPENSSL_free(pwri->pass);
}
}
}
return 1;
}

10
crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c vendored
View File

@ -65,14 +65,13 @@
/* CMS EnvelopedData Utilities */
DECLARE_ASN1_ITEM(CMS_EnvelopedData)
DECLARE_ASN1_ITEM(CMS_RecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
DECLARE_STACK_OF(CMS_RecipientInfo)
static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
{
@ -786,6 +785,9 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
case CMS_RECIPINFO_KEK:
return cms_RecipientInfo_kekri_decrypt(cms, ri);
case CMS_RECIPINFO_PASS:
return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
default:
CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
@ -829,6 +831,10 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
r = cms_RecipientInfo_kekri_encrypt(cms, ri);
break;
case CMS_RECIPINFO_PASS:
r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
break;
default:
CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
CMS_R_UNSUPPORTED_RECIPIENT_TYPE);

13
crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c vendored
View File

@ -1,6 +1,6 @@
/* crypto/cms/cms_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -73,6 +73,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
@ -87,6 +88,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
@ -105,7 +107,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
@ -121,7 +123,9 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
@ -165,6 +169,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"},
{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
@ -177,6 +182,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
{ERR_REASON(CMS_R_NOT_PWRI) ,"not pwri"},
{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
@ -189,6 +195,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
{ERR_REASON(CMS_R_NO_PASSWORD) ,"no password"},
{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
@ -212,10 +219,12 @@ static ERR_STRING_DATA CMS_str_reasons[]=
{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
{ERR_REASON(CMS_R_UNWRAP_FAILURE) ,"unwrap failure"},
{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
{0,NULL}

4
crypto/external/bsd/openssl/dist/crypto/cms/cms_ess.c vendored
View File

@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
/* Get original receipt request details */
if (!CMS_get1_ReceiptRequest(osi, &rr))
if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
{
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
goto err;
@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
/* Get original receipt request details */
if (!CMS_get1_ReceiptRequest(si, &rr))
if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
{
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
goto err;

10
crypto/external/bsd/openssl/dist/crypto/cms/cms_lcl.h vendored
View File

@ -273,6 +273,9 @@ struct CMS_PasswordRecipientInfo_st
X509_ALGOR *keyDerivationAlgorithm;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
/* Extra info: password to use */
unsigned char *pass;
size_t passlen;
};
struct CMS_OtherRecipientInfo_st
@ -411,6 +414,8 @@ DECLARE_ASN1_ITEM(CMS_SignerInfo)
DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
DECLARE_ASN1_ITEM(CMS_RecipientInfo)
DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
#define CMS_SIGNERINFO_ISSUER_SERIAL 0
@ -454,6 +459,11 @@ int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
/* PWRI routines */
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de);
#ifdef __cplusplus
}

5
crypto/external/bsd/openssl/dist/crypto/cms/cms_lib.c vendored
View File

@ -407,10 +407,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
}
BIO_get_md_ctx(chain, &mtmp);
if (EVP_MD_CTX_type(mtmp) == nid)
{
EVP_MD_CTX_copy_ex(mctx, mtmp);
return 1;
}
return EVP_MD_CTX_copy_ex(mctx, mtmp);
chain = BIO_next(chain);
}
}

453
crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c vendored Normal file
View File

@ -0,0 +1,453 @@
/* crypto/cms/cms_pwri.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ssize_t passlen)
{
CMS_PasswordRecipientInfo *pwri;
if (ri->type != CMS_RECIPINFO_PASS)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
return 0;
}
pwri = ri->d.pwri;
pwri->pass = pass;
if (pass && passlen < 0)
passlen = strlen((char *)pass);
pwri->passlen = passlen;
return 1;
}
CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
int iter, int wrap_nid, int pbe_nid,
unsigned char *pass, ssize_t passlen,
const EVP_CIPHER *kekciph)
{
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_PasswordRecipientInfo *pwri;
EVP_CIPHER_CTX ctx;
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
env = cms_get0_enveloped(cms);
if (!env)
goto err;
if (wrap_nid <= 0)
wrap_nid = NID_id_alg_PWRI_KEK;
if (pbe_nid <= 0)
pbe_nid = NID_id_pbkdf2;
/* Get from enveloped data */
if (kekciph == NULL)
kekciph = env->encryptedContentInfo->cipher;
if (kekciph == NULL)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
return NULL;
}
if (wrap_nid != NID_id_alg_PWRI_KEK)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
return NULL;
}
/* Setup algorithm identifier for cipher */
encalg = X509_ALGOR_new();
EVP_CIPHER_CTX_init(&ctx);
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
if (ivlen > 0)
{
if (RAND_pseudo_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
ERR_R_EVP_LIB);
goto err;
}
encalg->parameter = ASN1_TYPE_new();
if (!encalg->parameter)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0)
{
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
}
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
EVP_CIPHER_CTX_cleanup(&ctx);
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
if (!ri)
goto merr;
ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
if (!ri->d.pwri)
goto merr;
ri->type = CMS_RECIPINFO_PASS;
pwri = ri->d.pwri;
/* Since this is overwritten, free up empty structure already there */
X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
if (!pwri->keyEncryptionAlgorithm)
goto merr;
pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
if (!pwri->keyEncryptionAlgorithm->parameter)
goto merr;
if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
&pwri->keyEncryptionAlgorithm->parameter->value.sequence))
goto merr;
pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
X509_ALGOR_free(encalg);
encalg = NULL;
/* Setup PBE algorithm */
pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
if (!pwri->keyDerivationAlgorithm)
goto err;
CMS_RecipientInfo_set0_password(ri, pass, passlen);
pwri->version = 0;
if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
goto merr;
return ri;
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
err:
EVP_CIPHER_CTX_cleanup(&ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
if (encalg)
X509_ALGOR_free(encalg);
return NULL;
}
/* This is an implementation of the key wrapping mechanism in RFC3211,
* at some point this should go into EVP.
*/
static int kek_unwrap_key(unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
{
size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
unsigned char *tmp;
int outl, rv = 0;
if (inlen < 2 * blocklen)
{
/* too small */
return 0;
}
if (inlen % blocklen)
{
/* Invalid size */
return 0;
}
tmp = OPENSSL_malloc(inlen);
/* setup IV by decrypting last two blocks */
EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
in + inlen - 2 * blocklen, blocklen * 2);
/* Do a decrypt of last decrypted block to set IV to correct value
* output it to start of buffer so we don't corrupt decrypted block
* this works because buffer is at least two block lengths long.
*/
EVP_DecryptUpdate(ctx, tmp, &outl,
tmp + inlen - blocklen, blocklen);
/* Can now decrypt first n - 1 blocks */
EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
/* Reset IV to original value */
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
/* Decrypt again */
EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
/* Check check bytes */
if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
{
/* Check byte failure */
goto err;
}
if (inlen < (size_t)(tmp[0] - 4 ))
{
/* Invalid length value */
goto err;
}
*outlen = (size_t)tmp[0];
memcpy(out, tmp + 4, *outlen);
rv = 1;
err:
OPENSSL_cleanse(tmp, inlen);
OPENSSL_free(tmp);
return rv;
}
static int kek_wrap_key(unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
{
size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
size_t olen;
int dummy;
/* First decide length of output buffer: need header and round up to
* multiple of block length.
*/
olen = (inlen + 4 + blocklen - 1)/blocklen;
olen *= blocklen;
if (olen < 2 * blocklen)
{
/* Key too small */
return 0;
}
if (inlen > 0xFF)
{
/* Key too large */
return 0;
}
if (out)
{
/* Set header */
out[0] = (unsigned char)inlen;
out[1] = in[0] ^ 0xFF;
out[2] = in[1] ^ 0xFF;
out[3] = in[2] ^ 0xFF;
memcpy(out + 4, in, inlen);
/* Add random padding to end */
if (olen > inlen + 4)
RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
/* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
}
*outlen = olen;
return 1;
}
/* Encrypt/Decrypt content key in PWRI recipient info */
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de)
{
CMS_EncryptedContentInfo *ec;
CMS_PasswordRecipientInfo *pwri;
const unsigned char *p = NULL;
int plen;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
EVP_CIPHER_CTX kekctx;
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
EVP_CIPHER_CTX_init(&kekctx);
if (!pwri->pass)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
return 0;
}
algtmp = pwri->keyEncryptionAlgorithm;
if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
return 0;
}
if (algtmp->parameter->type == V_ASN1_SEQUENCE)
{
p = algtmp->parameter->value.sequence->data;
plen = algtmp->parameter->value.sequence->length;
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
}
if (kekalg == NULL)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
return 0;
}
kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
if(!kekcipher)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_UNKNOWN_CIPHER);
goto err;
}
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
EVP_CIPHER_CTX_set_padding(&kekctx, 0);
if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
algtmp = pwri->keyDerivationAlgorithm;
/* Finish password based key derivation to setup key in "ctx" */
if (EVP_PBE_CipherInit(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
algtmp->parameter, &kekctx, en_de) < 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
goto err;
}
/* Finally wrap/unwrap the key */
if (en_de)
{
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
goto err;
key = OPENSSL_malloc(keylen);
if (!key)
goto err;
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
goto err;
pwri->encryptedKey->data = key;
pwri->encryptedKey->length = keylen;
}
else
{
key = OPENSSL_malloc(pwri->encryptedKey->length);
if (!key)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (!kek_unwrap_key(key, &keylen,
pwri->encryptedKey->data,
pwri->encryptedKey->length, &kekctx))
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_UNWRAP_FAILURE);
goto err;
}
ec->key = key;
ec->keylen = keylen;
}
r = 1;
err:
EVP_CIPHER_CTX_cleanup(&kekctx);
if (!r && key)
OPENSSL_free(key);
X509_ALGOR_free(kekalg);
return r;
}

5
crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c vendored
View File

@ -641,7 +641,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
EVP_DigestFinal_ex(&mctx, md, &mdlen);
if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,
md, mdlen))
@ -799,7 +800,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
}
r = EVP_DigestVerifyFinal(&mctx,
si->signature->data, si->signature->length);
if (!r)
if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
EVP_MD_CTX_cleanup(&mctx);

24
crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c vendored
View File

@ -680,6 +680,30 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
return 0;
}
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
unsigned char *pass, ssize_t passlen)
{
STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri;
int i, r;
ris = CMS_get0_RecipientInfos(cms);
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
{
ri = sk_CMS_RecipientInfo_value(ris, i);
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
continue;
CMS_RecipientInfo_set0_password(ri, pass, passlen);
r = CMS_RecipientInfo_decrypt(cms, ri);
CMS_RecipientInfo_set0_password(ri, NULL, 0);
if (r > 0)
return 1;
}
CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
return 0;
}
int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
BIO *dcont, BIO *out,

2
crypto/external/bsd/openssl/dist/crypto/cryptlib.c vendored
View File

@ -860,7 +860,7 @@ void OPENSSL_showfatal (const char *fmta,...)
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (GetVersion() < 0x80000000 && OPENSSL_isservice())
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);

2
crypto/external/bsd/openssl/dist/crypto/crypto-lib.com vendored
View File

@ -192,7 +192,7 @@ $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.NES."VAX" THEN LIB_BN_ASM = "bn_asm"
$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -

3
crypto/external/bsd/openssl/dist/crypto/dh/dh.h vendored
View File

@ -157,7 +157,6 @@ struct dh_st
this for backward compatibility: */
#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
@ -165,6 +164,8 @@ struct dh_st
#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
DH *DHparams_dup(DH *);
const DH_METHOD *DH_OpenSSL(void);
void DH_set_default_method(const DH_METHOD *meth);

5
crypto/external/bsd/openssl/dist/crypto/dh/dh_asn1.c vendored
View File

@ -86,3 +86,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
} ASN1_SEQUENCE_END_cb(DH, DHparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
DH *DHparams_dup(DH *dh)
{
return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
}

5
crypto/external/bsd/openssl/dist/crypto/dsa/Makefile vendored
View File

@ -195,8 +195,9 @@ dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_sign.o: ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_sign.c
dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_sign.o: ../cryptlib.h dsa_sign.c
dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

2
crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h vendored
View File

@ -165,7 +165,6 @@ struct dsa_st
ENGINE *engine;
};
#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@ -174,6 +173,7 @@ struct dsa_st
#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
DSA *DSAparams_dup(DSA *x);
DSA_SIG * DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);

5
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_asn1.c vendored
View File

@ -143,3 +143,8 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
DSA *DSAparams_dup(DSA *dsa)
{
return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
}

10
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_gen.c vendored
View File

@ -201,8 +201,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
}
/* step 2 */
EVP_Digest(seed, qsize, md, NULL, evpmd, NULL);
EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL);
if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
goto err;
if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
goto err;
for (i = 0; i < qsize; i++)
md[i]^=buf2[i];
@ -252,7 +254,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
break;
}
EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
NULL))
goto err;
/* step 8 */
if (!BN_bin2bn(md, qsize, r0))

3
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_pmeth.c vendored
View File

@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
if (ret < 0)
if (ret <= 0)
return ret;
*siglen = sltmp;
return 1;
@ -186,6 +186,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
{

2
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_sign.c vendored
View File

@ -60,6 +60,7 @@
#include "cryptlib.h"
#include <openssl/dsa.h>
#include <openssl/rand.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
@ -70,6 +71,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
RAND_seed(dgst, dlen);
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{

2
crypto/external/bsd/openssl/dist/crypto/ec/ec_pmeth.c vendored
View File

@ -143,7 +143,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
if (ret < 0)
if (ret <= 0)
return ret;
*siglen = (size_t)sltmp;
return 1;

9
crypto/external/bsd/openssl/dist/crypto/ecdsa/Makefile vendored
View File

@ -121,10 +121,11 @@ ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c
ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ecs_sign.o: ecs_locl.h ecs_sign.c
ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

54
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c vendored
View File

@ -212,7 +212,7 @@ err:
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
{
int ok = 0;
int ok = 0, i;
BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
const BIGNUM *ckinv;
BN_CTX *ctx = NULL;
@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
if (8 * dgst_len > BN_num_bits(order))
i = BN_num_bits(order);
/* Need to truncate digest if it is too long: first truncate whole
* bytes.
*/
if (8 * dgst_len > i)
dgst_len = (i + 7)/8;
if (!BN_bin2bn(dgst, dgst_len, m))
{
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
*/
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_bin2bn(dgst, dgst_len, m))
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
{
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
@ -346,7 +343,7 @@ err:
static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey)
{
int ret = -1;
int ret = -1, i;
BN_CTX *ctx;
BIGNUM *order, *u1, *u2, *m, *X;
EC_POINT *point = NULL;
@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if (8 * dgst_len > BN_num_bits(order))
{
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
*/
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
ret = 0;
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
goto err;
}
/* digest -> m */
i = BN_num_bits(order);
/* Need to truncate digest if it is too long: first truncate whole
* bytes.
*/
if (8 * dgst_len > i)
dgst_len = (i + 7)/8;
if (!BN_bin2bn(dgst, dgst_len, m))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* u1 = m * tmp mod order */
if (!BN_mod_mul(u1, m, u2, order, ctx))
{

2
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_sign.c vendored
View File

@ -57,6 +57,7 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/rand.h>
ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
EC_KEY *eckey)
{
ECDSA_SIG *s;
RAND_seed(dgst, dlen);
s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
if (s == NULL)
{

4
crypto/external/bsd/openssl/dist/crypto/engine/eng_aesni.c vendored
View File

@ -245,7 +245,7 @@ typedef struct
} AESNI_KEY;
static int
aesni_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
const unsigned char *iv, int enc)
{
int ret;
@ -259,7 +259,7 @@ aesni_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
if(ret < 0) {
EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
return 0;
}

8
crypto/external/bsd/openssl/dist/crypto/engine/eng_ctrl.c vendored
View File

@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
if (ENGINE_ctrl(e, num, i, p, f))
if (ENGINE_ctrl(e, num, i, p, f) > 0)
return 1;
return 0;
}
@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
* usage of these commands is consistent across applications and
* that certain applications don't understand it one way, and
* others another. */
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
if(flags & ENGINE_CMD_FLAG_STRING)
{
/* Same explanation as above */
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
if(ENGINE_ctrl(e, num, l, NULL, NULL))
if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
return 1;
return 0;
}

2
crypto/external/bsd/openssl/dist/crypto/err/err_all.c vendored
View File

@ -102,6 +102,7 @@
#ifndef OPENSSL_NO_JPAKE
#include <openssl/jpake.h>
#endif
#include <openssl/comp.h>
void ERR_load_crypto_strings(void)
{
@ -154,5 +155,6 @@ void ERR_load_crypto_strings(void)
#ifndef OPENSSL_NO_JPAKE
ERR_load_JPAKE_strings();
#endif
ERR_load_COMP_strings();
#endif
}

20
crypto/external/bsd/openssl/dist/crypto/evp/Makefile vendored
View File

@ -470,13 +470,21 @@ m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c
m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

33
crypto/external/bsd/openssl/dist/crypto/evp/bio_enc.c vendored
View File

@ -198,9 +198,13 @@ static int enc_read(BIO *b, char *out, int outl)
}
else
{
EVP_CipherUpdate(&(ctx->cipher),
if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
(unsigned char *)&(ctx->buf[BUF_OFFSET]),i))
{
BIO_clear_retry_flags(b);
return 0;
}
ctx->cont=1;
/* Note: it is possible for EVP_CipherUpdate to
* decrypt zero bytes because this is or looks like
@ -257,9 +261,13 @@ static int enc_write(BIO *b, const char *in, int inl)
while (inl > 0)
{
n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
EVP_CipherUpdate(&(ctx->cipher),
if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)in,n);
(unsigned char *)in,n))
{
BIO_clear_retry_flags(b);
return 0;
}
inl-=n;
in+=n;
@ -298,8 +306,9 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.encrypt);
if (!EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.encrypt))
return 0;
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_EOF: /* More to read */
@ -405,22 +414,24 @@ EVP_CIPHER_ctx *c;
}
*/
void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
const unsigned char *i, int e)
{
BIO_ENC_CTX *ctx;
if (b == NULL) return;
if (b == NULL) return 0;
if ((b->callback != NULL) &&
(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
return;
return 0;
b->init=1;
ctx=(BIO_ENC_CTX *)b->ptr;
EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
if (!EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e))
return 0;
if (b->callback != NULL)
b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
return b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
return 1;
}

11
crypto/external/bsd/openssl/dist/crypto/evp/bio_md.c vendored
View File

@ -153,8 +153,12 @@ static int md_write(BIO *b, const char *in, int inl)
{
if (ret > 0)
{
EVP_DigestUpdate(ctx,(const unsigned char *)in,
(unsigned int)ret);
if (!EVP_DigestUpdate(ctx,(const unsigned char *)in,
(unsigned int)ret))
{
BIO_clear_retry_flags(b);
return 0;
}
}
}
if(b->next_bio != NULL)
@ -220,7 +224,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_DUP:
dbio=ptr;
dctx=dbio->ptr;
EVP_MD_CTX_copy_ex(dctx,ctx);
if (!EVP_MD_CTX_copy_ex(dctx,ctx))
return 0;
b->init=1;
break;
default:

103
crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c vendored
View File

@ -133,10 +133,10 @@ static int ok_new(BIO *h);
static int ok_free(BIO *data);
static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static void sig_out(BIO* b);
static void sig_in(BIO* b);
static void block_out(BIO* b);
static void block_in(BIO* b);
static __owur int sig_out(BIO* b);
static __owur int sig_in(BIO* b);
static __owur int block_out(BIO* b);
static __owur int block_in(BIO* b);
#define OK_BLOCK_SIZE (1024*4)
#define OK_BLOCK_BLOCK 4
#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
@ -266,10 +266,24 @@ static int ok_read(BIO *b, char *out, int outl)
ctx->buf_len+= i;
/* no signature yet -- check if we got one */
if (ctx->sigio == 1) sig_in(b);
if (ctx->sigio == 1)
{
if (!sig_in(b))
{
BIO_clear_retry_flags(b);
return 0;
}
}
/* signature ok -- check if we got block */
if (ctx->sigio == 0) block_in(b);
if (ctx->sigio == 0)
{
if (!block_in(b))
{
BIO_clear_retry_flags(b);
return 0;
}
}
/* invalid block -- cancel */
if (ctx->cont <= 0) break;
@ -293,7 +307,8 @@ static int ok_write(BIO *b, const char *in, int inl)
if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
if(ctx->sigio) sig_out(b);
if(ctx->sigio && !sig_out(b))
return 0;
do{
BIO_clear_retry_flags(b);
@ -332,7 +347,11 @@ static int ok_write(BIO *b, const char *in, int inl)
if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
{
block_out(b);
if (!block_out(b))
{
BIO_clear_retry_flags(b);
return 0;
}
}
}while(inl > 0);
@ -379,7 +398,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_FLUSH:
/* do a final write */
if(ctx->blockout == 0)
block_out(b);
if (!block_out(b))
return 0;
while (ctx->blockout)
{
@ -408,7 +428,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_SET_MD:
md=ptr;
EVP_DigestInit_ex(&ctx->md, md, NULL);
if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
return 0;
b->init=1;
break;
case BIO_C_GET_MD:
@ -455,7 +476,7 @@ static void longswap(void *_ptr, size_t len)
}
}
static void sig_out(BIO* b)
static int sig_out(BIO* b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
@ -463,9 +484,10 @@ static void sig_out(BIO* b)
ctx=b->ptr;
md=&ctx->md;
if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return 1;
EVP_DigestInit_ex(md, md->digest, NULL);
if (!EVP_DigestInit_ex(md, md->digest, NULL))
goto berr;
/* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
@ -474,14 +496,20 @@ static void sig_out(BIO* b)
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len+= md->digest->md_size;
EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
goto berr;
ctx->buf_len+= md->digest->md_size;
ctx->blockout= 1;
ctx->sigio= 0;
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}
static void sig_in(BIO* b)
static int sig_in(BIO* b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
@ -491,15 +519,18 @@ static void sig_in(BIO* b)
ctx=b->ptr;
md=&ctx->md;
if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;
if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return 1;
EVP_DigestInit_ex(md, md->digest, NULL);
if (!EVP_DigestInit_ex(md, md->digest, NULL))
goto berr;
memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
longswap(md->md_data, md->digest->md_size);
ctx->buf_off+= md->digest->md_size;
EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
EVP_DigestFinal_ex(md, tmp, NULL);
if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
ctx->buf_off+= md->digest->md_size;
if(ret == 1)
@ -516,9 +547,13 @@ static void sig_in(BIO* b)
{
ctx->cont= 0;
}
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}
static void block_out(BIO* b)
static int block_out(BIO* b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
@ -532,13 +567,20 @@ static void block_out(BIO* b)
ctx->buf[1]=(unsigned char)(tl>>16);
ctx->buf[2]=(unsigned char)(tl>>8);
ctx->buf[3]=(unsigned char)(tl);
EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
if (!EVP_DigestUpdate(md,
(unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
goto berr;
if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
goto berr;
ctx->buf_len+= md->digest->md_size;
ctx->blockout= 1;
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}
static void block_in(BIO* b)
static int block_in(BIO* b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
@ -554,10 +596,13 @@ static void block_in(BIO* b)
tl|=ctx->buf[2]; tl<<=8;
tl|=ctx->buf[3];
if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return 1;
EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
EVP_DigestFinal_ex(md, tmp, NULL);
if (!EVP_DigestUpdate(md,
(unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
{
/* there might be parts from next block lurking around ! */
@ -571,5 +616,9 @@ static void block_in(BIO* b)
{
ctx->cont= 0;
}
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}

2
crypto/external/bsd/openssl/dist/crypto/evp/c_allc.c vendored
View File

@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());

22
crypto/external/bsd/openssl/dist/crypto/evp/digest.c vendored
View File

@ -126,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
EVP_MD_CTX_init(ctx);
if (ctx)
EVP_MD_CTX_init(ctx);
return ctx;
}
@ -202,6 +203,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
if (ctx->md_data == NULL)
{
EVPerr(EVP_F_EVP_DIGESTINIT_EX,
ERR_R_MALLOC_FAILURE);
return 0;
}
}
}
#ifndef OPENSSL_NO_ENGINE
@ -286,8 +293,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (in->md_data && out->digest->ctx_size)
{
if (tmp_buf) out->md_data = tmp_buf;
else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
if (tmp_buf)
out->md_data = tmp_buf;
else
{
out->md_data=OPENSSL_malloc(out->digest->ctx_size);
if (!out->md_data)
{
EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
return 0;
}
}
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}

3
crypto/external/bsd/openssl/dist/crypto/evp/e_rc2.c vendored
View File

@ -183,7 +183,8 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
key_bits =rc2_magic_to_meth((int)num);
if (!key_bits)
return(-1);
if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
return -1;
EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
}

76
crypto/external/bsd/openssl/dist/crypto/evp/evp.h vendored
View File

@ -480,7 +480,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
int EVP_Cipher(EVP_CIPHER_CTX *c,
__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
unsigned char *out,
const unsigned char *in,
unsigned int inl);
@ -498,83 +498,83 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
EVP_MD_CTX *EVP_MD_CTX_create(void);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
size_t cnt);
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_Digest(const void *data, size_t count,
__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
__owur int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
__owur int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(const char *prompt);
char * EVP_get_pw_prompt(void);
int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
__owur int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
const unsigned char *salt, const unsigned char *data,
int datal, int count, unsigned char *key,unsigned char *iv);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key,const unsigned char *iv,
int enc);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key,const unsigned char *iv,
int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
__owur int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
EVP_PKEY *pkey);
int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
unsigned int siglen,EVP_PKEY *pkey);
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
unsigned char *sigret, size_t *siglen);
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
unsigned char *sig, size_t siglen);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
const unsigned char *ek, int ekl, const unsigned char *iv,
EVP_PKEY *priv);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char **ek, int *ekl, unsigned char *iv,
EVP_PKEY **pubk, int npubk);
int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
@ -603,7 +603,7 @@ BIO_METHOD *BIO_f_md(void);
BIO_METHOD *BIO_f_base64(void);
BIO_METHOD *BIO_f_cipher(void);
BIO_METHOD *BIO_f_reliable(void);
void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
__owur int BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
const unsigned char *i, int enc);
#endif
@ -1177,6 +1177,7 @@ void ERR_load_EVP_strings(void);
/* Error codes for the EVP functions. */
/* Function codes. */
#define EVP_F_AESNI_INIT_KEY 163
#define EVP_F_AES_INIT_KEY 133
#define EVP_F_CAMELLIA_INIT_KEY 159
#define EVP_F_D2I_PKEY 100
@ -1235,6 +1236,7 @@ void ERR_load_EVP_strings(void);
#define EVP_F_INT_CTX_NEW 157
#define EVP_F_PKCS5_PBE_KEYIVGEN 117
#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
#define EVP_F_PKCS8_SET_BROKEN 112
#define EVP_F_PKEY_SET_TYPE 158
#define EVP_F_RC2_MAGIC_TO_METH 109
@ -1289,6 +1291,8 @@ void ERR_load_EVP_strings(void);
#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
#define EVP_R_PUBLIC_KEY_NOT_RSA 106
#define EVP_R_UNKNOWN_CIPHER 160
#define EVP_R_UNKNOWN_DIGEST 161
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
#define EVP_R_UNSUPPORTED_ALGORITHM 156

8
crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c vendored
View File

@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -70,6 +70,7 @@
static ERR_STRING_DATA EVP_str_functs[]=
{
{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
@ -128,6 +129,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
@ -185,6 +187,8 @@ static ERR_STRING_DATA EVP_str_reasons[]=
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},

27
crypto/external/bsd/openssl/dist/crypto/evp/evp_key.c vendored
View File

@ -115,7 +115,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
unsigned char md_buf[EVP_MAX_MD_SIZE];
int niv,nkey,addmd=0;
unsigned int mds=0,i;
int rv = 0;
nkey=type->key_len;
niv=type->iv_len;
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
@ -129,17 +129,24 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
if (!EVP_DigestInit_ex(&c,md, NULL))
return 0;
if (addmd++)
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestUpdate(&c,data,datal);
if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
goto err;
if (!EVP_DigestUpdate(&c,data,datal))
goto err;
if (salt != NULL)
EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
goto err;
if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
goto err;
for (i=1; i<(unsigned int)count; i++)
{
EVP_DigestInit_ex(&c,md, NULL);
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
if (!EVP_DigestInit_ex(&c,md, NULL))
goto err;
if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
goto err;
if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
goto err;
}
i=0;
if (nkey)
@ -168,8 +175,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
}
if ((nkey == 0) && (niv == 0)) break;
}
rv = type->key_len;
err:
EVP_MD_CTX_cleanup(&c);
OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len);
return rv;
}

6
crypto/external/bsd/openssl/dist/crypto/evp/evp_lib.c vendored
View File

@ -159,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
return NID_des_cfb64;
case NID_des_ede3_cfb64:
case NID_des_ede3_cfb8:
case NID_des_ede3_cfb1:
return NID_des_cfb64;
default:
/* Check it has an OID and it is valid */
otmp = OBJ_nid2obj(nid);

4
crypto/external/bsd/openssl/dist/crypto/evp/evp_locl.h vendored
View File

@ -343,3 +343,7 @@ struct evp_pkey_method_st
} /* EVP_PKEY_METHOD */;
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md, int en_de);

19
crypto/external/bsd/openssl/dist/crypto/evp/evp_pbe.c vendored
View File

@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include "evp_locl.h"
/* Password based encryption (PBE) functions */
@ -87,6 +88,10 @@ static const EVP_PBE_CTL builtin_pbe[] =
{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
#ifndef OPENSSL_NO_HMAC
{EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
#endif
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
@ -174,12 +179,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
if (cipher_nid == -1)
cipher = NULL;
else
{
cipher = EVP_get_cipherbynid(cipher_nid);
if (!cipher)
{
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
return 0;
}
}
if (md_nid == -1)
md = NULL;
else
{
md = EVP_get_digestbynid(md_nid);
if (!md)
{
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
return 0;
}
}
if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
{

3
crypto/external/bsd/openssl/dist/crypto/evp/m_sigver.c vendored
View File

@ -179,8 +179,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
unsigned int mdlen;
int vctx;
/* FIXME: surely this should test verifyctx? (Ben 29/12/08) */
if (ctx->pctx->pmeth->signctx)
if (ctx->pctx->pmeth->verifyctx)
vctx = 1;
else
vctx = 0;

32
crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt.c vendored
View File

@ -82,6 +82,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
unsigned char *salt;
const unsigned char *pbuf;
int mdsize;
int rv = 0;
EVP_MD_CTX_init(&ctx);
/* Extract useful info from parameter */
if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@ -104,29 +106,37 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if(!pass) passlen = 0;
else if(passlen == -1) passlen = strlen(pass);
EVP_MD_CTX_init(&ctx);
EVP_DigestInit_ex(&ctx, md, NULL);
EVP_DigestUpdate(&ctx, pass, passlen);
EVP_DigestUpdate(&ctx, salt, saltlen);
if (!EVP_DigestInit_ex(&ctx, md, NULL))
goto err;
if (!EVP_DigestUpdate(&ctx, pass, passlen))
goto err;
if (!EVP_DigestUpdate(&ctx, salt, saltlen))
goto err;
PBEPARAM_free(pbe);
EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
goto err;
mdsize = EVP_MD_size(md);
if (mdsize < 0)
return 0;
for (i = 1; i < iter; i++) {
EVP_DigestInit_ex(&ctx, md, NULL);
EVP_DigestUpdate(&ctx, md_tmp, mdsize);
EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
if (!EVP_DigestInit_ex(&ctx, md, NULL))
goto err;
if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
goto err;
if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
goto err;
}
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
goto err;
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
rv = 1;
err:
return rv;
}

Some files were not shown because too many files have changed in this diff Show More