diff options
Diffstat (limited to 'lib/libcrypto')
121 files changed, 958 insertions, 443 deletions
diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 05e3bb701e1..6759b2e4d0d 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o +LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) @@ -90,7 +90,8 @@ links: lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib libs: @@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h +uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h +uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h +uid.o: ../include/openssl/symhacks.h diff --git a/lib/libcrypto/Makefile.ssl b/lib/libcrypto/Makefile.ssl index 05e3bb701e1..6759b2e4d0d 100644 --- a/lib/libcrypto/Makefile.ssl +++ b/lib/libcrypto/Makefile.ssl @@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o +LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) @@ -90,7 +90,8 @@ links: lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib libs: @@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h +uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h +uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h +uid.o: ../include/openssl/symhacks.h diff --git a/lib/libcrypto/asn1/Makefile.ssl b/lib/libcrypto/asn1/Makefile.ssl index b8059ddffe7..dace5be2bc3 100644 --- a/lib/libcrypto/asn1/Makefile.ssl +++ b/lib/libcrypto/asn1/Makefile.ssl @@ -75,7 +75,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c index 6b10cff9944..732e68fe462 100644 --- a/lib/libcrypto/asn1/a_strnid.c +++ b/lib/libcrypto/asn1/a_strnid.c @@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, if(tbl) { mask = tbl->mask; if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); if(ret <= 0) return NULL; diff --git a/lib/libcrypto/asn1/asn1_lib.c b/lib/libcrypto/asn1/asn1_lib.c index 77447a52409..a8b651e54e7 100644 --- a/lib/libcrypto/asn1/asn1_lib.c +++ b/lib/libcrypto/asn1/asn1_lib.c @@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length) return(0); } if (c->inf == (1|V_ASN1_CONSTRUCTED)) - c->slen= *length+ *(c->pp)-c->p; + c->slen= *length; c->eos=0; return(1); } diff --git a/lib/libcrypto/asn1/asn1_mac.h b/lib/libcrypto/asn1/asn1_mac.h index 4512ba6cc60..af0e664b2de 100644 --- a/lib/libcrypto/asn1/asn1_mac.h +++ b/lib/libcrypto/asn1/asn1_mac.h @@ -196,6 +196,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f); + #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ if ((c.slen != 0) && \ (M_ASN1_next == \ @@ -389,6 +392,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f); + #define M_ASN1_I2D_len_IMP_SET(a,f,x) \ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); @@ -452,6 +458,15 @@ err:\ ret+=ASN1_object_size(1,v,mtag); \ } +#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a)\ + { \ + v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ + V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + /* Put Macros */ #define M_ASN1_I2D_put(a,f) f(a,&p) @@ -536,6 +551,14 @@ err:\ IS_SEQUENCE); \ } +#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + } + #define M_ASN1_I2D_seq_total() \ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ if (pp == NULL) return(r); \ diff --git a/lib/libcrypto/asn1/p7_lib.c b/lib/libcrypto/asn1/p7_lib.c index b1196ef581c..8a340b01190 100644 --- a/lib/libcrypto/asn1/p7_lib.c +++ b/lib/libcrypto/asn1/p7_lib.c @@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length) } if (Tinf == (1|V_ASN1_CONSTRUCTED)) { + c.q=c.p; if (!ASN1_check_infinite_end(&c.p,c.slen)) { c.error=ERR_R_MISSING_ASN1_EOS; c.line=__LINE__; goto err; } + c.slen-=(c.p-c.q); } } else diff --git a/lib/libcrypto/asn1/x_crl.c b/lib/libcrypto/asn1/x_crl.c index 1f302d0e01e..51518cdf350 100644 --- a/lib/libcrypto/asn1/x_crl.c +++ b/lib/libcrypto/asn1/x_crl.c @@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_seq_total(); M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_finish(); @@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void) M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new); ret->nextUpdate=NULL; M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null); - M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null); + ret->extensions = NULL; sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp); return(ret); M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); diff --git a/lib/libcrypto/asn1/x_name.c b/lib/libcrypto/asn1/x_name.c index b832deb928b..1885d699efd 100644 --- a/lib/libcrypto/asn1/x_name.c +++ b/lib/libcrypto/asn1/x_name.c @@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a) } size+=i2d_X509_NAME_ENTRY(ne,NULL); } - - ret+=ASN1_object_size(1,size,V_ASN1_SET); if (fe != NULL) + { + /* SET OF needed only if entries is non empty */ + ret+=ASN1_object_size(1,size,V_ASN1_SET); fe->size=size; + } r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); diff --git a/lib/libcrypto/bf/Makefile.ssl b/lib/libcrypto/bf/Makefile.ssl index f4eb90f13f4..9205ee7901d 100644 --- a/lib/libcrypto/bf/Makefile.ssl +++ b/lib/libcrypto/bf/Makefile.ssl @@ -44,7 +44,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/bio/Makefile.ssl b/lib/libcrypto/bio/Makefile.ssl index 916d651d470..567d3fb870c 100644 --- a/lib/libcrypto/bio/Makefile.ssl +++ b/lib/libcrypto/bio/Makefile.ssl @@ -49,7 +49,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: @@ -95,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h b_dump.o: ../cryptlib.h -b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h -b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_print.o: ../cryptlib.h +b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c index a62f5516354..b4f7a85f2e4 100644 --- a/lib/libcrypto/bio/b_print.c +++ b/lib/libcrypto/bio/b_print.c @@ -69,6 +69,7 @@ #ifndef NO_SYS_TYPES_H #include <sys/types.h> #endif +#include <openssl/bn.h> /* To get BN_LLONG properly defined */ #include <openssl/bio.h> #ifdef BN_LLONG diff --git a/lib/libcrypto/bio/b_sock.c b/lib/libcrypto/bio/b_sock.c index 64310058b45..62cc3f1a0c8 100644 --- a/lib/libcrypto/bio/b_sock.c +++ b/lib/libcrypto/bio/b_sock.c @@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) /* At this point, we have something that is most probably correct in some way, so let's init the socket. */ - if (!BIO_sock_init()) - return(0); /* don't generate another error code here */ + if (BIO_sock_init() != 1) + return 0; /* don't generate another error code here */ /* If the string actually contained an IP address, we need not do anything more */ @@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode) { int ret=0; struct sockaddr_in server,client; - int s= -1,cs; + int s=INVALID_SOCKET,cs; unsigned char ip[4]; unsigned short port; - char *str,*e; + char *str=NULL,*e; const char *h,*p; unsigned long l; int err_num; - if (!BIO_sock_init()) return(INVALID_SOCKET); + if (BIO_sock_init() != 1) return(INVALID_SOCKET); if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); @@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) h="*"; } - if (!BIO_get_port(p,&port)) return(INVALID_SOCKET); + if (!BIO_get_port(p,&port)) goto err; memset((char *)&server,0,sizeof(server)); server.sin_family=AF_INET; @@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) server.sin_addr.s_addr=INADDR_ANY; else { - if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET); + if (!BIO_get_host_ip(h,&(ip[0]))) goto err; l=(unsigned long) ((unsigned long)ip[0]<<24L)| ((unsigned long)ip[1]<<16L)| diff --git a/lib/libcrypto/bn/Makefile.ssl b/lib/libcrypto/bn/Makefile.ssl index 17b72d577f3..526d7adb5c1 100644 --- a/lib/libcrypto/bn/Makefile.ssl +++ b/lib/libcrypto/bn/Makefile.ssl @@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/bn/asm/mips3.s b/lib/libcrypto/bn/asm/mips3.s index 2df4dcd4b0b..45786c00a5f 100644 --- a/lib/libcrypto/bn/asm/mips3.s +++ b/lib/libcrypto/bn/asm/mips3.s @@ -586,13 +586,13 @@ LEAF(bn_div_3_words) ld a0,(a3) move ta2,a1 ld a1,-8(a3) - move ta3,ra - move v1,zero + bne a0,a2,.L_bn_div_3_words_proceed li v0,-1 - beq a0,a2,.L_bn_div_3_words_skip_div + jr ra +.L_bn_div_3_words_proceed: + move ta3,ra bal bn_div_words move ra,ta3 -.L_bn_div_3_words_skip_div: dmultu ta2,v0 ld t2,-16(a3) move ta0,zero diff --git a/lib/libcrypto/bn/asm/pa-risc2.s b/lib/libcrypto/bn/asm/pa-risc2.s index 7239aa2c762..af9730d0621 100644 --- a/lib/libcrypto/bn/asm/pa-risc2.s +++ b/lib/libcrypto/bn/asm/pa-risc2.s @@ -1611,7 +1611,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$7 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" diff --git a/lib/libcrypto/bn/asm/pa-risc2W.s b/lib/libcrypto/bn/asm/pa-risc2W.s index 54b6606252e..a99545754d1 100644 --- a/lib/libcrypto/bn/asm/pa-risc2W.s +++ b/lib/libcrypto/bn/asm/pa-risc2W.s @@ -1598,7 +1598,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$4 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index 1eb8395b25c..b232c2ceae3 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -239,7 +239,7 @@ typedef struct bignum_st } BIGNUM; /* Used for temp variables */ -#define BN_CTX_NUM 12 +#define BN_CTX_NUM 16 #define BN_CTX_NUM_POS 12 typedef struct bignum_ctx { @@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); # define bn_dump(a,b) #endif +int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); #define BN_F_BN_MPI2BN 112 #define BN_F_BN_NEW 113 #define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 #define BN_F_BN_USUB 115 /* Reason codes. */ #define BN_R_ARG2_LT_ARG3 100 #define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 #define BN_R_CALLED_WITH_EVEN_MODULUS 102 #define BN_R_DIV_BY_ZERO 103 #define BN_R_ENCODING_ERROR 104 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 #define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/lib/libcrypto/bn/bn_div.c b/lib/libcrypto/bn/bn_div.c index c3772c243be..c328b5b4110 100644 --- a/lib/libcrypto/bn/bn_div.c +++ b/lib/libcrypto/bn/bn_div.c @@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX_start(ctx); tmp=BN_CTX_get(ctx); - tmp->neg=0; snum=BN_CTX_get(ctx); sdiv=BN_CTX_get(ctx); if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; - if (res == NULL) goto err; + if (sdiv==NULL || res == NULL) goto err; + tmp->neg=0; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); @@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, for (i=0; i<loop-1; i++) { BN_ULONG q,l0; -#ifdef BN_DIV3W +#if defined(BN_DIV3W) && !defined(NO_ASM) + BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); q=bn_div_3_words(wnump,d1,d0); #else BN_ULONG n0,n1,rem=0; diff --git a/lib/libcrypto/bn/bn_err.c b/lib/libcrypto/bn/bn_err.c index 86550c4c21d..adc6a214fc6 100644 --- a/lib/libcrypto/bn/bn_err.c +++ b/lib/libcrypto/bn/bn_err.c @@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, +{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, {ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, {0,NULL} }; @@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]= { {BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, {BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, +{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, {BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, {BN_R_DIV_BY_ZERO ,"div by zero"}, {BN_R_ENCODING_ERROR ,"encoding error"}, {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, {BN_R_INVALID_LENGTH ,"invalid length"}, +{BN_R_INVALID_RANGE ,"invalid range"}, {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index b6b0ce4b3c9..7767d651702 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -62,6 +62,7 @@ #endif #include <assert.h> +#include <limits.h> #include <stdio.h> #include "cryptlib.h" #include "bn_lcl.h" @@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) if (words > b->dmax) { + if (words > (INT_MAX/(4*BN_BITS2))) + { + BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG); + return NULL; + } + bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index 21ecbc04ed0..acd06199218 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) bytes=(bits+7)/8; bit=(bits-1)%8; - mask=0xff<<bit; + mask=0xff<<(bit+1); buf=(unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) @@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; } - if (top) +#if 1 + if (pseudorand == 2) { - if (bit == 0) + /* generate patterns that are more likely to trigger BN + library bugs */ + int i; + unsigned char c; + + for (i = 0; i < bytes; i++) + { + RAND_pseudo_bytes(&c, 1); + if (c >= 128 && i > 0) + buf[i] = buf[i-1]; + else if (c < 42) + buf[i] = 0; + else if (c < 84) + buf[i] = 255; + } + } +#endif + + if (top != -1) + { + if (top) { - buf[0]=1; - buf[1]|=0x80; + if (bit == 0) + { + buf[0]=1; + buf[1]|=0x80; + } + else + { + buf[0]|=(3<<(bit-1)); + } } else { - buf[0]|=(3<<(bit-1)); - buf[0]&= ~(mask<<1); + buf[0]|=(1<<bit); } } - else - { - buf[0]|=(1<<bit); - buf[0]&= ~(mask<<1); - } - if (bottom) /* set bottom bits to whatever odd is */ + buf[0] &= ~mask; + if (bottom) /* set bottom bit if requested */ buf[bytes-1]|=1; if (!BN_bin2bn(buf,bytes,rnd)) goto err; ret=1; @@ -140,3 +163,61 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(1, rnd, bits, top, bottom); } + +#if 1 +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) + { + return bnrand(2, rnd, bits, top, bottom); + } +#endif + +/* random number r: 0 <= r < range */ +int BN_rand_range(BIGNUM *r, BIGNUM *range) + { + int n; + + if (range->neg || BN_is_zero(range)) + { + BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); + return 0; + } + + n = BN_num_bits(range); /* n > 0 */ + + if (n == 1) + { + if (!BN_zero(r)) return 0; + } + else if (BN_is_bit_set(range, n - 2)) + { + do + { + /* range = 11..._2, so each iteration succeeds with probability >= .75 */ + if (!BN_rand(r, n, -1, 0)) return 0; + } + while (BN_cmp(r, range) >= 0); + } + else + { + /* range = 10..._2, + * so 3*range (= 11..._2) is exactly one bit longer than range */ + do + { + if (!BN_rand(r, n + 1, -1, 0)) return 0; + /* If r < 3*range, use r := r MOD range + * (which is either r, r - range, or r - 2*range). + * Otherwise, iterate once more. + * Since 3*range = 11..._2, each iteration succeeds with + * probability >= .75. */ + if (BN_cmp(r ,range) >= 0) + { + if (!BN_sub(r, r, range)) return 0; + if (BN_cmp(r, range) >= 0) + if (!BN_sub(r, r, range)) return 0; + } + } + while (BN_cmp(r, range) >= 0); + } + + return 1; + } diff --git a/lib/libcrypto/bn/bn_shift.c b/lib/libcrypto/bn/bn_shift.c index 0883247384e..c2608f9f4a9 100644 --- a/lib/libcrypto/bn/bn_shift.c +++ b/lib/libcrypto/bn/bn_shift.c @@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n) r->neg=a->neg; if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); } + else + { + if (n == 0) + return 1; /* or the copying loop will go berserk */ + } f= &(a->d[nw]); t=r->d; diff --git a/lib/libcrypto/bn/bntest.c b/lib/libcrypto/bn/bntest.c index 0a97af69c58..af0c2629e87 100644 --- a/lib/libcrypto/bn/bntest.c +++ b/lib/libcrypto/bn/bntest.c @@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think static void message(BIO *out, char *m) { fprintf(stderr, "test %s\n", m); -#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */ BIO_puts(out, "print \"test "); BIO_puts(out, m); BIO_puts(out, "\\n\"\n"); -#endif } int main(int argc, char *argv[]) @@ -122,9 +120,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ argc--; argv++; @@ -253,10 +249,10 @@ int test_add(BIO *bp) BN_init(&b); BN_init(&c); - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); for (i=0; i<num0; i++) { - BN_rand(&b,450+i,0,0); + BN_bntest_rand(&b,450+i,0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -305,14 +301,14 @@ int test_sub(BIO *bp) { if (i < num1) { - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); BN_copy(&b,&a); if (BN_set_bit(&a,i)==0) return(0); BN_add_word(&b,i); } else { - BN_rand(&b,400+i-num1,0,0); + BN_bntest_rand(&b,400+i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); } @@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); BN_RECP_CTX_set(&recp,&b,ctx); @@ -509,11 +505,11 @@ int test_mul(BIO *bp) { if (i <= num1) { - BN_rand(&a,100,0,0); - BN_rand(&b,100,0,0); + BN_bntest_rand(&a,100,0,0); + BN_bntest_rand(&b,100,0,0); } else - BN_rand(&b,i-num1,0,0); + BN_bntest_rand(&b,i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx) for (i=0; i<num0; i++) { - BN_rand(&a,40+i*10,0,0); + BN_bntest_rand(&a,40+i*10,0,0); a.neg=rand_neg(); if (bp == NULL) for (j=0; j<100; j++) @@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx) mont=BN_MONT_CTX_new(); - BN_rand(&a,100,0,0); /**/ - BN_rand(&b,100,0,0); /**/ + BN_bntest_rand(&a,100,0,0); /**/ + BN_bntest_rand(&b,100,0,0); /**/ for (i=0; i<num2; i++) { int bits = (200*(i+1))/num2; if (bits == 0) continue; - BN_rand(&n,bits,0,1); + BN_bntest_rand(&n,bits,0,1); BN_MONT_CTX_set(mont,&n,ctx); BN_to_montgomery(&A,&a,mont,ctx); @@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(a,1024,0,0); /**/ + BN_bntest_rand(a,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(b,450+i*10,0,0); /**/ + BN_bntest_rand(b,450+i*10,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); if (bp == NULL) @@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,1024,0,0); /**/ + BN_bntest_rand(c,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(a,475+i*10,0,0); /**/ - BN_rand(b,425+i*11,0,0); /**/ + BN_bntest_rand(a,475+i*10,0,0); /**/ + BN_bntest_rand(b,425+i*11,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); /* if (bp == NULL) @@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,30,0,1); /* must be odd for montgomery */ + BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */ for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_mod_exp(d,a,b,c,ctx)) return(00); @@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx) for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_exp(d,a,b,ctx)) return(00); @@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) else { a=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); } for (i=0; i<num0; i++) @@ -951,7 +947,7 @@ int test_lshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx) e=BN_new(); BN_one(c); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { diff --git a/lib/libcrypto/buffer/Makefile.ssl b/lib/libcrypto/buffer/Makefile.ssl index f473d1ab4b0..a64681fd226 100644 --- a/lib/libcrypto/buffer/Makefile.ssl +++ b/lib/libcrypto/buffer/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/cast/Makefile.ssl b/lib/libcrypto/cast/Makefile.ssl index 4c70d1e3e8b..1f8b898f7c4 100644 --- a/lib/libcrypto/cast/Makefile.ssl +++ b/lib/libcrypto/cast/Makefile.ssl @@ -47,7 +47,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/comp/Makefile.ssl b/lib/libcrypto/comp/Makefile.ssl index 39e79934165..b696ac75fe1 100644 --- a/lib/libcrypto/comp/Makefile.ssl +++ b/lib/libcrypto/comp/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/conf/Makefile.ssl b/lib/libcrypto/conf/Makefile.ssl index efbb5789812..9df4fca8773 100644 --- a/lib/libcrypto/conf/Makefile.ssl +++ b/lib/libcrypto/conf/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/conf/conf.h b/lib/libcrypto/conf/conf.h index 2f70634455b..cd40a0db215 100644 --- a/lib/libcrypto/conf/conf.h +++ b/lib/libcrypto/conf/conf.h @@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out); #define CONF_R_MISSING_EQUAL_SIGN 101 #define CONF_R_NO_CLOSE_BRACE 102 #define CONF_R_NO_CONF 105 +#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +#define CONF_R_NO_SECTION 107 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 diff --git a/lib/libcrypto/conf/conf_err.c b/lib/libcrypto/conf/conf_err.c index 06d3163573c..8c2bc6f1c4c 100644 --- a/lib/libcrypto/conf/conf_err.c +++ b/lib/libcrypto/conf/conf_err.c @@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]= {CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, {CONF_R_NO_CLOSE_BRACE ,"no close brace"}, {CONF_R_NO_CONF ,"no conf"}, +{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, +{CONF_R_NO_SECTION ,"no section"}, {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, {0,NULL} diff --git a/lib/libcrypto/conf/conf_lib.c b/lib/libcrypto/conf/conf_lib.c index 4c8ca9e9ae4..11ec6397324 100644 --- a/lib/libcrypto/conf/conf_lib.c +++ b/lib/libcrypto/conf/conf_lib.c @@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) { - CONF ctmp; + if (conf == NULL) + { + return NULL; + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_section(&ctmp, section); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_section(&ctmp, section); + } } char *CONF_get_string(LHASH *conf,char *group,char *name) { - CONF ctmp; + if (conf == NULL) + { + return NCONF_get_string(NULL, group, name); + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_string(&ctmp, group, name); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_string(&ctmp, group, name); + } } long CONF_get_number(LHASH *conf,char *group,char *name) { - CONF ctmp; + if (conf == NULL) + { + return NCONF_get_number(NULL, group, name); + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_number(&ctmp, group, name); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_number(&ctmp, group, name); + } } void CONF_free(LHASH *conf) @@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section) return NULL; } + if (section == NULL) + { + CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); + return NULL; + } + return _CONF_get_section_values(conf, section); } char *NCONF_get_string(CONF *conf,char *group,char *name) { + char *s = _CONF_get_string(conf, group, name); + + /* Since we may get a value from an environment variable even + if conf is NULL, let's check the value first */ + if (s) return s; + if (conf == NULL) { - CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF); + CONFerr(CONF_F_NCONF_GET_STRING, + CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return NULL; } - - return _CONF_get_string(conf, group, name); + return NULL; } long NCONF_get_number(CONF *conf,char *group,char *name) { +#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding + an environment variable with a suitable name. Unfortunately, there's + no way with the current API to see if we found one or not... + The meaning of this is that if a number is not found anywhere, it + will always default to 0. */ if (conf == NULL) { - CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF); + CONFerr(CONF_F_NCONF_GET_NUMBER, + CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return 0; } +#endif return _CONF_get_number(conf, group, name); } diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com index 21d56a4b50d..482a1361779 100644 --- a/lib/libcrypto/crypto-lib.com +++ b/lib/libcrypto/crypto-lib.com @@ -174,7 +174,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err" +$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 52ee97b71a2..92576732795 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -278,6 +278,8 @@ int CRYPTO_is_mem_check_on(void); const char *SSLeay_version(int type); unsigned long SSLeay(void); +int OPENSSL_issetugid(void); + int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); diff --git a/lib/libcrypto/des/Makefile.ssl b/lib/libcrypto/des/Makefile.ssl index 34a360b7abe..cc5379feb2b 100644 --- a/lib/libcrypto/des/Makefile.ssl +++ b/lib/libcrypto/des/Makefile.ssl @@ -57,7 +57,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib des: des.o cbc3_enc.o lib diff --git a/lib/libcrypto/des/asm/des-586.pl b/lib/libcrypto/des/asm/des-586.pl index f0540710778..c890766bc9f 100644 --- a/lib/libcrypto/des/asm/des-586.pl +++ b/lib/libcrypto/des/asm/des-586.pl @@ -20,11 +20,11 @@ $L="edi"; $R="esi"; &external_label("des_SPtrans"); -&des_encrypt("des_encrypt",1); +&des_encrypt("des_encrypt1",1); &des_encrypt("des_encrypt2",0); &des_encrypt3("des_encrypt3",1); &des_encrypt3("des_decrypt3",0); -&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); +&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1); &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); &asm_finish(); diff --git a/lib/libcrypto/des/asm/des686.pl b/lib/libcrypto/des/asm/des686.pl index 77dc5b51cdf..84c3e854381 100644 --- a/lib/libcrypto/des/asm/des686.pl +++ b/lib/libcrypto/des/asm/des686.pl @@ -46,7 +46,7 @@ EOF $L="edi"; $R="esi"; -&des_encrypt("des_encrypt",1); +&des_encrypt("des_encrypt1",1); &des_encrypt("des_encrypt2",0); &des_encrypt3("des_encrypt3",1); diff --git a/lib/libcrypto/des/asm/readme b/lib/libcrypto/des/asm/readme index f8529d9307e..1beafe253b1 100644 --- a/lib/libcrypto/des/asm/readme +++ b/lib/libcrypto/des/asm/readme @@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-). The file to implement in assembler is des_enc.c. Replace the following 4 functions -des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); +des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt); des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); diff --git a/lib/libcrypto/des/cbc_cksm.c b/lib/libcrypto/des/cbc_cksm.c index 1e543cb2a19..b857df09852 100644 --- a/lib/libcrypto/des/cbc_cksm.c +++ b/lib/libcrypto/des/cbc_cksm.c @@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output, tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); /* fix 15/10/91 eay - thanks to keithr@sco.COM */ tout0=tin[0]; tout1=tin[1]; diff --git a/lib/libcrypto/des/cfb64enc.c b/lib/libcrypto/des/cfb64enc.c index 389a232cb36..105530dfa3b 100644 --- a/lib/libcrypto/des/cfb64enc.c +++ b/lib/libcrypto/des/cfb64enc.c @@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; - des_encrypt(ti,schedule,DES_ENCRYPT); + des_encrypt1(ti,schedule,DES_ENCRYPT); iv = &(*ivec)[0]; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); @@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; - des_encrypt(ti,schedule,DES_ENCRYPT); + des_encrypt1(ti,schedule,DES_ENCRYPT); iv = &(*ivec)[0]; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); diff --git a/lib/libcrypto/des/cfb_enc.c b/lib/libcrypto/des/cfb_enc.c index cca34dd7c5e..ec4fd4ea67b 100644 --- a/lib/libcrypto/des/cfb_enc.c +++ b/lib/libcrypto/des/cfb_enc.c @@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, l-=n; ti[0]=v0; ti[1]=v1; - des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; d0=(d0^ti[0])&mask0; @@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, l-=n; ti[0]=v0; ti[1]=v1; - des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; /* 30-08-94 - eay - changed because l>>32 and diff --git a/lib/libcrypto/des/des.h b/lib/libcrypto/des/des.h index 2db9748cb41..6b8a7ee11b1 100644 --- a/lib/libcrypto/des/des.h +++ b/lib/libcrypto/des/des.h @@ -147,14 +147,14 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output, Data is a pointer to 2 unsigned long's and ks is the des_key_schedule to use. enc, is non zero specifies encryption, zero if decryption. */ -void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); +void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc); -/* This functions is the same as des_encrypt() except that the DES +/* This functions is the same as des_encrypt1() except that the DES initial permutation (IP) and final permutation (FP) have been left - out. As for des_encrypt(), you should not use this function. + out. As for des_encrypt1(), you should not use this function. It is used by the routines in the library that implement triple DES. IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same - as des_encrypt() des_encrypt() des_encrypt() except faster :-). */ + as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */ void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); void des_encrypt3(DES_LONG *data, des_key_schedule ks1, diff --git a/lib/libcrypto/des/des_enc.c b/lib/libcrypto/des/des_enc.c index 8311e106281..0bd9fa39bcd 100644 --- a/lib/libcrypto/des/des_enc.c +++ b/lib/libcrypto/des/des_enc.c @@ -58,7 +58,7 @@ #include "des_locl.h" -void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) +void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc) { register DES_LONG l,r,t,u; #ifdef DES_PTR diff --git a/lib/libcrypto/des/des_opts.c b/lib/libcrypto/des/des_opts.c index b2ca7ac31d6..138ee1c6b47 100644 --- a/lib/libcrypto/des/des_opts.c +++ b/lib/libcrypto/des/des_opts.c @@ -118,7 +118,7 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#define des_encrypt des_encrypt_u4_cisc_idx +#define des_encrypt1 des_encrypt_u4_cisc_idx #define des_encrypt2 des_encrypt2_u4_cisc_idx #define des_encrypt3 des_encrypt3_u4_cisc_idx #define des_decrypt3 des_decrypt3_u4_cisc_idx @@ -130,11 +130,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_idx +#define des_encrypt1 des_encrypt_u16_cisc_idx #define des_encrypt2 des_encrypt2_u16_cisc_idx #define des_encrypt3 des_encrypt3_u16_cisc_idx #define des_decrypt3 des_decrypt3_u16_cisc_idx @@ -146,11 +146,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_idx +#define des_encrypt1 des_encrypt_u4_risc1_idx #define des_encrypt2 des_encrypt2_u4_risc1_idx #define des_encrypt3 des_encrypt3_u4_risc1_idx #define des_decrypt3 des_decrypt3_u4_risc1_idx @@ -166,11 +166,11 @@ extern void exit(); #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_idx +#define des_encrypt1 des_encrypt_u4_risc2_idx #define des_encrypt2 des_encrypt2_u4_risc2_idx #define des_encrypt3 des_encrypt3_u4_risc2_idx #define des_decrypt3 des_decrypt3_u4_risc2_idx @@ -182,11 +182,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_idx +#define des_encrypt1 des_encrypt_u16_risc1_idx #define des_encrypt2 des_encrypt2_u16_risc1_idx #define des_encrypt3 des_encrypt3_u16_risc1_idx #define des_decrypt3 des_decrypt3_u16_risc1_idx @@ -198,11 +198,11 @@ extern void exit(); #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_idx +#define des_encrypt1 des_encrypt_u16_risc2_idx #define des_encrypt2 des_encrypt2_u16_risc2_idx #define des_encrypt3 des_encrypt3_u16_risc2_idx #define des_decrypt3 des_decrypt3_u16_risc2_idx @@ -218,11 +218,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_cisc_ptr +#define des_encrypt1 des_encrypt_u4_cisc_ptr #define des_encrypt2 des_encrypt2_u4_cisc_ptr #define des_encrypt3 des_encrypt3_u4_cisc_ptr #define des_decrypt3 des_decrypt3_u4_cisc_ptr @@ -234,11 +234,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_ptr +#define des_encrypt1 des_encrypt_u16_cisc_ptr #define des_encrypt2 des_encrypt2_u16_cisc_ptr #define des_encrypt3 des_encrypt3_u16_cisc_ptr #define des_decrypt3 des_decrypt3_u16_cisc_ptr @@ -250,11 +250,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_ptr +#define des_encrypt1 des_encrypt_u4_risc1_ptr #define des_encrypt2 des_encrypt2_u4_risc1_ptr #define des_encrypt3 des_encrypt3_u4_risc1_ptr #define des_decrypt3 des_decrypt3_u4_risc1_ptr @@ -270,11 +270,11 @@ extern void exit(); #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_ptr +#define des_encrypt1 des_encrypt_u4_risc2_ptr #define des_encrypt2 des_encrypt2_u4_risc2_ptr #define des_encrypt3 des_encrypt3_u4_risc2_ptr #define des_decrypt3 des_decrypt3_u4_risc2_ptr @@ -286,11 +286,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_ptr +#define des_encrypt1 des_encrypt_u16_risc1_ptr #define des_encrypt2 des_encrypt2_u16_risc1_ptr #define des_encrypt3 des_encrypt3_u16_risc1_ptr #define des_decrypt3 des_decrypt3_u16_risc1_ptr @@ -302,11 +302,11 @@ extern void exit(); #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_ptr +#define des_encrypt1 des_encrypt_u16_risc2_ptr #define des_encrypt2 des_encrypt2_u16_risc2_ptr #define des_encrypt3 des_encrypt3_u16_risc2_ptr #define des_decrypt3 des_decrypt3_u16_risc2_ptr @@ -453,7 +453,7 @@ int main(int argc, char **argv) count*=2; Time_F(START); for (i=count; i; i--) - des_encrypt(data,&(sch[0]),DES_ENCRYPT); + des_encrypt1(data,&(sch[0]),DES_ENCRYPT); d=Time_F(STOP); } while (d < 3.0); ca=count; diff --git a/lib/libcrypto/des/dess.cpp b/lib/libcrypto/des/dess.cpp index 753e67ad9be..5549bab90af 100644 --- a/lib/libcrypto/des/dess.cpp +++ b/lib/libcrypto/des/dess.cpp @@ -45,19 +45,19 @@ void main(int argc,char *argv[]) { for (i=0; i<1000; i++) /**/ { - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(s1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(e1); GetTSC(s2); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(e2); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); } printf("des %d %d (%d)\n", diff --git a/lib/libcrypto/des/ecb_enc.c b/lib/libcrypto/des/ecb_enc.c index b261a8aad94..d481327ef3b 100644 --- a/lib/libcrypto/des/ecb_enc.c +++ b/lib/libcrypto/des/ecb_enc.c @@ -114,7 +114,7 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, c2l(in,l); ll[0]=l; c2l(in,l); ll[1]=l; - des_encrypt(ll,ks,enc); + des_encrypt1(ll,ks,enc); l=ll[0]; l2c(l,out); l=ll[1]; l2c(l,out); l=ll[0]=ll[1]=0; diff --git a/lib/libcrypto/des/ede_cbcm_enc.c b/lib/libcrypto/des/ede_cbcm_enc.c index c53062481dd..b98f7e17af1 100644 --- a/lib/libcrypto/des/ede_cbcm_enc.c +++ b/lib/libcrypto/des/ede_cbcm_enc.c @@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, { tin[0]=m0; tin[1]=m1; - des_encrypt(tin,ks3,1); + des_encrypt1(tin,ks3,1); m0=tin[0]; m1=tin[1]; @@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, tin[0]=tin0; tin[1]=tin1; - des_encrypt(tin,ks1,1); + des_encrypt1(tin,ks1,1); tin[0]^=m0; tin[1]^=m1; - des_encrypt(tin,ks2,0); + des_encrypt1(tin,ks2,0); tin[0]^=m0; tin[1]^=m1; - des_encrypt(tin,ks1,1); + des_encrypt1(tin,ks1,1); tout0=tin[0]; tout1=tin[1]; @@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, { tin[0]=m0; tin[1]=m1; - des_encrypt(tin,ks3,1); + des_encrypt1(tin,ks3,1); m0=tin[0]; m1=tin[1]; @@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, tin[0]=tin0; tin[1]=tin1; - des_encrypt(tin,ks1,0); + des_encrypt1(tin,ks1,0); tin[0]^=m0; tin[1]^=m1; - des_encrypt(tin,ks2,1); + des_encrypt1(tin,ks2,1); tin[0]^=m0; tin[1]^=m1; - des_encrypt(tin,ks1,0); + des_encrypt1(tin,ks1,0); tout0=tin[0]; tout1=tin[1]; diff --git a/lib/libcrypto/des/ncbc_enc.c b/lib/libcrypto/des/ncbc_enc.c index 3b681691a9b..b8db07b199d 100644 --- a/lib/libcrypto/des/ncbc_enc.c +++ b/lib/libcrypto/des/ncbc_enc.c @@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, c2l(in,tin1); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } @@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, c2ln(in,tin0,tin1,l+8); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } @@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2c(tout0,out); @@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2cn(tout0,tout1,out,l+8); diff --git a/lib/libcrypto/des/ofb64enc.c b/lib/libcrypto/des/ofb64enc.c index 64953959cab..1a1d1f1ac47 100644 --- a/lib/libcrypto/des/ofb64enc.c +++ b/lib/libcrypto/des/ofb64enc.c @@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in, { if (n == 0) { - des_encrypt(ti,schedule,DES_ENCRYPT); + des_encrypt1(ti,schedule,DES_ENCRYPT); dp=d; t=ti[0]; l2c(t,dp); t=ti[1]; l2c(t,dp); diff --git a/lib/libcrypto/des/ofb_enc.c b/lib/libcrypto/des/ofb_enc.c index a8f425a575a..70493e632cc 100644 --- a/lib/libcrypto/des/ofb_enc.c +++ b/lib/libcrypto/des/ofb_enc.c @@ -101,7 +101,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, { ti[0]=v0; ti[1]=v1; - des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); vv0=ti[0]; vv1=ti[1]; c2ln(in,d0,d1,n); diff --git a/lib/libcrypto/des/pcbc_enc.c b/lib/libcrypto/des/pcbc_enc.c index dd69a26d4aa..5b987f074d3 100644 --- a/lib/libcrypto/des/pcbc_enc.c +++ b/lib/libcrypto/des/pcbc_enc.c @@ -85,7 +85,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, c2ln(in,sin0,sin1,length); tin[0]=sin0^xor0; tin[1]=sin1^xor1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; tout1=tin[1]; xor0=sin0^tout0; @@ -103,7 +103,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, c2l(in,sin1); tin[0]=sin0; tin[1]=sin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); + des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; if (length >= 8) diff --git a/lib/libcrypto/des/speed.c b/lib/libcrypto/des/speed.c index 814b86f4aee..1223edf2907 100644 --- a/lib/libcrypto/des/speed.c +++ b/lib/libcrypto/des/speed.c @@ -204,7 +204,7 @@ int main(int argc, char **argv) count*=2; Time_F(START); for (i=count; i; i--) - des_encrypt(data,&(sch[0]),DES_ENCRYPT); + des_encrypt1(data,&(sch[0]),DES_ENCRYPT); d=Time_F(STOP); } while (d < 3.0); ca=count; @@ -241,7 +241,7 @@ int main(int argc, char **argv) { DES_LONG data[2]; - des_encrypt(data,&(sch[0]),DES_ENCRYPT); + des_encrypt1(data,&(sch[0]),DES_ENCRYPT); } d=Time_F(STOP); printf("%ld des_encrypt's in %.2f second\n",count,d); diff --git a/lib/libcrypto/des/xcbc_enc.c b/lib/libcrypto/des/xcbc_enc.c index 51e17e6b8a6..ccfede13aca 100644 --- a/lib/libcrypto/des/xcbc_enc.c +++ b/lib/libcrypto/des/xcbc_enc.c @@ -138,7 +138,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out, c2l(in,tin1); tin0^=tout0^inW0; tin[0]=tin0; tin1^=tout1^inW1; tin[1]=tin1; - des_encrypt(tin,schedule,DES_ENCRYPT); + des_encrypt1(tin,schedule,DES_ENCRYPT); tout0=tin[0]^outW0; l2c(tout0,out); tout1=tin[1]^outW1; l2c(tout1,out); } @@ -147,7 +147,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out, c2ln(in,tin0,tin1,l+8); tin0^=tout0^inW0; tin[0]=tin0; tin1^=tout1^inW1; tin[1]=tin1; - des_encrypt(tin,schedule,DES_ENCRYPT); + des_encrypt1(tin,schedule,DES_ENCRYPT); tout0=tin[0]^outW0; l2c(tout0,out); tout1=tin[1]^outW1; l2c(tout1,out); } @@ -163,7 +163,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out, { c2l(in,tin0); tin[0]=tin0^outW0; c2l(in,tin1); tin[1]=tin1^outW1; - des_encrypt(tin,schedule,DES_DECRYPT); + des_encrypt1(tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0^inW0; tout1=tin[1]^xor1^inW1; l2c(tout0,out); @@ -175,7 +175,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out, { c2l(in,tin0); tin[0]=tin0^outW0; c2l(in,tin1); tin[1]=tin1^outW1; - des_encrypt(tin,schedule,DES_DECRYPT); + des_encrypt1(tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0^inW0; tout1=tin[1]^xor1^inW1; l2cn(tout0,tout1,out,l+8); diff --git a/lib/libcrypto/dh/Makefile.ssl b/lib/libcrypto/dh/Makefile.ssl index 88d0d1748b2..bf4b47ca9ac 100644 --- a/lib/libcrypto/dh/Makefile.ssl +++ b/lib/libcrypto/dh/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c index 6915d79dcc2..22b087b778f 100644 --- a/lib/libcrypto/dh/dh_key.c +++ b/lib/libcrypto/dh/dh_key.c @@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void) static int generate_key(DH *dh) { int ok=0; - unsigned int i; BN_CTX ctx; BN_MONT_CTX *mont; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -109,15 +108,11 @@ static int generate_key(DH *dh) if (dh->priv_key == NULL) { - i=dh->length; - if (i == 0) - { - /* Make the number p-1 bits long */ - i=BN_num_bits(dh->p)-1; - } priv_key=BN_new(); if (priv_key == NULL) goto err; - if (!BN_rand(priv_key,i,0,0)) goto err; + do + if (!BN_rand_range(priv_key, dh->p)) goto err; + while (BN_is_zero(priv_key)); } else priv_key=dh->priv_key; diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c index 66803b55656..96f118c1538 100644 --- a/lib/libcrypto/dh/dh_lib.c +++ b/lib/libcrypto/dh/dh_lib.c @@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references = 1; ret->flags=meth->flags; + CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); return(ret); } @@ -196,12 +196,12 @@ void DH_free(DH *r) } #endif - CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); - meth = ENGINE_get_DH(r->engine); if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); if (r->q != NULL) BN_clear_free(r->q); diff --git a/lib/libcrypto/doc/RAND_load_file.pod b/lib/libcrypto/doc/RAND_load_file.pod index 8dd700ca3d4..d8c134e621d 100644 --- a/lib/libcrypto/doc/RAND_load_file.pod +++ b/lib/libcrypto/doc/RAND_load_file.pod @@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file #include <openssl/rand.h> - const char *RAND_file_name(char *buf, int num); + const char *RAND_file_name(char *buf, size_t num); int RAND_load_file(const char *filename, long max_bytes); diff --git a/lib/libcrypto/doc/bn.pod b/lib/libcrypto/doc/bn.pod index 1504a1c92df..d183028d612 100644 --- a/lib/libcrypto/doc/bn.pod +++ b/lib/libcrypto/doc/bn.pod @@ -60,6 +60,7 @@ bn - multiprecision integer arithmetics int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_rand_range(BIGNUM *rnd, BIGNUM *range); BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); diff --git a/lib/libcrypto/doc/evp.pod b/lib/libcrypto/doc/evp.pod index f089dd49a21..edf47dbde66 100644 --- a/lib/libcrypto/doc/evp.pod +++ b/lib/libcrypto/doc/evp.pod @@ -10,7 +10,7 @@ evp - high-level cryptographic functions =head1 DESCRIPTION -The EVP library provided a high-level interface to cryptographic +The EVP library provides a high-level interface to cryptographic functions. B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption diff --git a/lib/libcrypto/dsa/Makefile.ssl b/lib/libcrypto/dsa/Makefile.ssl index dac582be00d..d88f5963647 100644 --- a/lib/libcrypto/dsa/Makefile.ssl +++ b/lib/libcrypto/dsa/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/dso/Makefile.ssl b/lib/libcrypto/dso/Makefile.ssl index a37f547482c..48b36c83306 100644 --- a/lib/libcrypto/dso/Makefile.ssl +++ b/lib/libcrypto/dso/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/dso/dso_dl.c b/lib/libcrypto/dso/dso_dl.c index 69810fc3bb9..455bd66ecfc 100644 --- a/lib/libcrypto/dso/dso_dl.c +++ b/lib/libcrypto/dso/dso_dl.c @@ -82,7 +82,7 @@ static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); static int dl_init(DSO *dso); static int dl_finish(DSO *dso); #endif -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); +static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -111,6 +111,11 @@ DSO_METHOD *DSO_METHOD_dl(void) * type so the cast is safe. */ +#if defined(__hpux) +static const char extension[] = ".sl"; +#else +static const char extension[] = ".so"; +#endif static int dl_load(DSO *dso, const char *filename) { shl_t ptr; @@ -118,12 +123,12 @@ static int dl_load(DSO *dso, const char *filename) int len; /* The same comment as in dlfcn_load applies here. bleurgh. */ - len = strlen(filename); + len = strlen(filename) + strlen(extension); if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && - (len + 6 < DSO_MAX_TRANSLATED_SIZE) && + (len + 3 < DSO_MAX_TRANSLATED_SIZE) && (strstr(filename, "/") == NULL)) { - sprintf(translated, "lib%s.so", filename); + sprintf(translated, "lib%s%s", filename, extension); ptr = shl_load(translated, BIND_IMMEDIATE, NULL); } else @@ -187,7 +192,7 @@ static void *dl_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); return(NULL); @@ -216,7 +221,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); return(NULL); @@ -224,7 +229,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) return((DSO_FUNC_TYPE)sym); } -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) +static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg) { if(dso == NULL) { @@ -236,10 +241,10 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) case DSO_CTRL_GET_FLAGS: return dso->flags; case DSO_CTRL_SET_FLAGS: - dso->flags = (int)larg; + dso->flags = larg; return(0); case DSO_CTRL_OR_FLAGS: - dso->flags |= (int)larg; + dso->flags |= larg; return(0); default: break; diff --git a/lib/libcrypto/dso/dso_vms.c b/lib/libcrypto/dso/dso_vms.c index 8ff7090129c..ab48b63eb76 100644 --- a/lib/libcrypto/dso/dso_vms.c +++ b/lib/libcrypto/dso/dso_vms.c @@ -62,7 +62,6 @@ #ifdef VMS #pragma message disable DOLLARID #include <lib$routines.h> -#include <libfisdef.h> #include <stsdef.h> #include <descrip.h> #include <starlet.h> @@ -260,7 +259,8 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) { DSO_VMS_INTERNAL *ptr; int status; - int flags = LIB$M_FIS_MIXEDCASE; + int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't + defined in VMS older than 7.0 or so */ struct dsc$descriptor_s symname_dsc; *sym = NULL; diff --git a/lib/libcrypto/ebcdic.c b/lib/libcrypto/ebcdic.c index 31397b2add7..91a7a8bcb43 100644 --- a/lib/libcrypto/ebcdic.c +++ b/lib/libcrypto/ebcdic.c @@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) } #else /*CHARSET_EBCDIC*/ -#ifdef PEDANTIC +#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) static void *dummy=&dummy; #endif #endif diff --git a/lib/libcrypto/engine/engine_lib.c b/lib/libcrypto/engine/engine_lib.c index 1df07af03a6..d6e9109f6ea 100644 --- a/lib/libcrypto/engine/engine_lib.c +++ b/lib/libcrypto/engine/engine_lib.c @@ -230,17 +230,18 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(e->funct_ref == 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED); return 0; } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if (!e->load_privkey) { ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NO_LOAD_FUNCTION); return 0; } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); pkey = e->load_privkey(key_id, passphrase); if (!pkey) { @@ -265,17 +266,18 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(e->funct_ref == 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED); return 0; } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if (!e->load_pubkey) { ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION); return 0; } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); pkey = e->load_pubkey(key_id, passphrase); if (!pkey) { @@ -286,8 +288,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, return pkey; } -/* Initialise a engine type for use (or up its functional reference count - * if it's already in use). */ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { if(e == NULL) @@ -298,15 +298,16 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(e->struct_ref == 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); return 0; } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if (!e->ctrl) { ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); return 0; } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return e->ctrl(cmd, i, p, f); } diff --git a/lib/libcrypto/err/Makefile.ssl b/lib/libcrypto/err/Makefile.ssl index cf94f406e40..58218d1cead 100644 --- a/lib/libcrypto/err/Makefile.ssl +++ b/lib/libcrypto/err/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index 99272e437c7..839f4ab81ac 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -389,20 +389,18 @@ void ERR_put_error(int lib, int func, int reason, const char *file, void ERR_clear_error(void) { + int i; ERR_STATE *es; es=ERR_get_state(); -#if 0 - /* hmm... is this needed */ for (i=0; i<ERR_NUM_ERRORS; i++) { es->err_buffer[i]=0; + err_clear_data(es,i); es->err_file[i]=NULL; es->err_line[i]= -1; - err_clear_data(es,i); } -#endif es->top=es->bottom=0; } @@ -464,7 +462,14 @@ static unsigned long get_error_values(int inc, const char **file, int *line, } } - if (data != NULL) + if (data == NULL) + { + if (inc) + { + err_clear_data(es, i); + } + } + else { if (es->err_data[i] == NULL) { @@ -749,8 +754,9 @@ void ERR_set_error_data(char *data, int flags) if (i == 0) i=ERR_NUM_ERRORS-1; + err_clear_data(es,i); es->err_data[i]=data; - es->err_data_flags[es->top]=flags; + es->err_data_flags[i]=flags; } void ERR_add_error_data(int num, ...) @@ -759,7 +765,7 @@ void ERR_add_error_data(int num, ...) int i,n,s; char *str,*p,*a; - s=64; + s=80; str=OPENSSL_malloc(s+1); if (str == NULL) return; str[0]='\0'; diff --git a/lib/libcrypto/evp/Makefile.ssl b/lib/libcrypto/evp/Makefile.ssl index ad39fcc9e74..624168031d0 100644 --- a/lib/libcrypto/evp/Makefile.ssl +++ b/lib/libcrypto/evp/Makefile.ssl @@ -58,7 +58,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 62350dfd69e..76d417b44a3 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -462,12 +462,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de); +#ifndef NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) +#endif + +#ifndef NO_DSA #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ (char *)(dsa)) +#endif + +#ifndef NO_DH #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ (char *)(dh)) +#endif /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -611,17 +619,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, #endif EVP_MD *EVP_md_null(void); +#ifndef NO_MD2 EVP_MD *EVP_md2(void); +#endif +#ifndef NO_MD4 EVP_MD *EVP_md4(void); +#endif +#ifndef NO_MD5 EVP_MD *EVP_md5(void); +#endif +#ifndef NO_SHA EVP_MD *EVP_sha(void); EVP_MD *EVP_sha1(void); EVP_MD *EVP_dss(void); EVP_MD *EVP_dss1(void); +#endif +#ifndef NO_MDC2 EVP_MD *EVP_mdc2(void); +#endif +#ifndef NO_RIPEMD EVP_MD *EVP_ripemd160(void); - +#endif EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef NO_DES EVP_CIPHER *EVP_des_ecb(void); EVP_CIPHER *EVP_des_ede(void); EVP_CIPHER *EVP_des_ede3(void); @@ -635,31 +655,43 @@ EVP_CIPHER *EVP_des_cbc(void); EVP_CIPHER *EVP_des_ede_cbc(void); EVP_CIPHER *EVP_des_ede3_cbc(void); EVP_CIPHER *EVP_desx_cbc(void); +#endif +#ifndef NO_RC4 EVP_CIPHER *EVP_rc4(void); EVP_CIPHER *EVP_rc4_40(void); +#endif +#ifndef NO_IDEA EVP_CIPHER *EVP_idea_ecb(void); EVP_CIPHER *EVP_idea_cfb(void); EVP_CIPHER *EVP_idea_ofb(void); EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef NO_RC2 EVP_CIPHER *EVP_rc2_ecb(void); EVP_CIPHER *EVP_rc2_cbc(void); EVP_CIPHER *EVP_rc2_40_cbc(void); EVP_CIPHER *EVP_rc2_64_cbc(void); EVP_CIPHER *EVP_rc2_cfb(void); EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef NO_BF EVP_CIPHER *EVP_bf_ecb(void); EVP_CIPHER *EVP_bf_cbc(void); EVP_CIPHER *EVP_bf_cfb(void); EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef NO_CAST EVP_CIPHER *EVP_cast5_ecb(void); EVP_CIPHER *EVP_cast5_cbc(void); EVP_CIPHER *EVP_cast5_cfb(void); EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef NO_RC5 EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); - +#endif void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); diff --git a/lib/libcrypto/ex_data.c b/lib/libcrypto/ex_data.c index 1ee88da2a83..739e543d782 100644 --- a/lib/libcrypto/ex_data.c +++ b/lib/libcrypto/ex_data.c @@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long ret=idx; err: MemCheck_on(); - return(idx); + return(ret); } int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) diff --git a/lib/libcrypto/hmac/Makefile.ssl b/lib/libcrypto/hmac/Makefile.ssl index cf573119733..326339a90d5 100644 --- a/lib/libcrypto/hmac/Makefile.ssl +++ b/lib/libcrypto/hmac/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/idea/Makefile.ssl b/lib/libcrypto/idea/Makefile.ssl index 5b334ce9211..30302e0b9f0 100644 --- a/lib/libcrypto/idea/Makefile.ssl +++ b/lib/libcrypto/idea/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/lhash/Makefile.ssl b/lib/libcrypto/lhash/Makefile.ssl index 6c3d442e22a..79849d7d6ed 100644 --- a/lib/libcrypto/lhash/Makefile.ssl +++ b/lib/libcrypto/lhash/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/md2/Makefile.ssl b/lib/libcrypto/md2/Makefile.ssl index d46c73a9b9f..269628d7393 100644 --- a/lib/libcrypto/md2/Makefile.ssl +++ b/lib/libcrypto/md2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/md4/Makefile.ssl b/lib/libcrypto/md4/Makefile.ssl index 6ee3ca88edf..646607274ee 100644 --- a/lib/libcrypto/md4/Makefile.ssl +++ b/lib/libcrypto/md4/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/md5/Makefile.ssl b/lib/libcrypto/md5/Makefile.ssl index e8d0cced7fe..784215579b4 100644 --- a/lib/libcrypto/md5/Makefile.ssl +++ b/lib/libcrypto/md5/Makefile.ssl @@ -50,7 +50,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/mdc2/Makefile.ssl b/lib/libcrypto/mdc2/Makefile.ssl index da11c4edeac..a9b06b02bd4 100644 --- a/lib/libcrypto/mdc2/Makefile.ssl +++ b/lib/libcrypto/mdc2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/mem_dbg.c b/lib/libcrypto/mem_dbg.c index 866c53e73a9..ef19d8f8448 100644 --- a/lib/libcrypto/mem_dbg.c +++ b/lib/libcrypto/mem_dbg.c @@ -81,7 +81,8 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF; */ static unsigned long order = 0; /* number of memory requests */ -static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key); + * access requires MALLOC2 lock */ typedef struct app_mem_info_st @@ -103,7 +104,8 @@ typedef struct app_mem_info_st static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's * that are at the top of their thread's stack - * (with `thread' as key) */ + * (with `thread' as key); + * access requires MALLOC2 lock */ typedef struct mem_st /* memory-block description */ @@ -128,7 +130,15 @@ static long options = /* extra information to be recorded */ 0; -static unsigned long disabling_thread = 0; +static unsigned int num_disable = 0; /* num_disable > 0 + * iff + * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) + */ +static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. + * CRYPTO_LOCK_MALLOC2 is locked + * exactly in this case (by the + * thread named in disabling_thread). + */ int CRYPTO_mem_ctrl(int mode) { @@ -137,22 +147,23 @@ int CRYPTO_mem_ctrl(int mode) CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); switch (mode) { - /* for applications: */ + /* for applications (not to be called while multiple threads + * use the library): */ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; - disabling_thread = 0; + num_disable = 0; break; case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ mh_mode = 0; - disabling_thread = 0; + num_disable = 0; /* should be true *before* MemCheck_stop is used, + or there'll be a lot of confusion */ break; /* switch off temporarily (for library-internal use): */ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ if (mh_mode & CRYPTO_MEM_CHECK_ON) { - mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; - if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */ + if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ { /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if @@ -169,18 +180,23 @@ int CRYPTO_mem_ctrl(int mode) * OpenSSL threads. */ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; disabling_thread=CRYPTO_thread_id(); } + num_disable++; } break; case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ if (mh_mode & CRYPTO_MEM_CHECK_ON) { - mh_mode|=CRYPTO_MEM_CHECK_ENABLE; - if (disabling_thread != 0) + if (num_disable) /* always true, or something is going wrong */ { - disabling_thread=0; - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + num_disable--; + if (num_disable == 0) + { + mh_mode|=CRYPTO_MEM_CHECK_ENABLE; + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } } } break; @@ -198,12 +214,12 @@ int CRYPTO_is_mem_check_on(void) if (mh_mode & CRYPTO_MEM_CHECK_ON) { - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) - && disabling_thread != CRYPTO_thread_id(); + || (disabling_thread != CRYPTO_thread_id()); - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); } return(ret); } @@ -293,7 +309,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { @@ -330,7 +346,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) ami->next=amim; } err: - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); @@ -342,11 +358,11 @@ int CRYPTO_pop_info(void) if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ ret=(pop_info() != NULL); - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); } @@ -357,12 +373,12 @@ int CRYPTO_remove_all_info(void) if (is_MemCheck_on()) /* _must_ be true */ { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ while(pop_info() != NULL) ret++; - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); } @@ -385,11 +401,12 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* make sure we hold MALLOC2 lock */ if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { OPENSSL_free(addr); - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ return; } if (mh == NULL) @@ -448,7 +465,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, OPENSSL_free(mm); } err: - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; } @@ -467,7 +485,7 @@ void CRYPTO_dbg_free(void *addr, int before_p) if (is_MemCheck_on() && (mh != NULL)) { - MemCheck_off(); + MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr; mp=(MEM *)lh_delete(mh,(char *)&m); @@ -484,7 +502,8 @@ void CRYPTO_dbg_free(void *addr, int before_p) OPENSSL_free(mp); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; case 1: @@ -518,7 +537,7 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr1; mp=(MEM *)lh_delete(mh,(char *)&m); @@ -535,7 +554,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, lh_insert(mh,(char *)mp); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; } @@ -642,10 +662,12 @@ void CRYPTO_mem_leaks(BIO *b) if (mh == NULL && amih == NULL) return; + + MemCheck_off(); /* obtain MALLOC2 lock */ + ml.bio=b; ml.bytes=0; ml.chunks=0; - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ if (mh != NULL) lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); if (ml.chunks != 0) @@ -671,7 +693,15 @@ void CRYPTO_mem_leaks(BIO *b) * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. * Otherwise the code police will come and get us.) */ + int old_mh_mode; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + + /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), + * which uses CRYPTO_is_mem_check_on */ + old_mh_mode = mh_mode; + mh_mode = CRYPTO_MEM_CHECK_OFF; + if (mh != NULL) { lh_free(mh); @@ -685,15 +715,11 @@ void CRYPTO_mem_leaks(BIO *b) amih = NULL; } } + + mh_mode = old_mh_mode; CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ - -#if 0 - lh_stats_bio(mh,b); - lh_node_stats_bio(mh,b); - lh_node_usage_stats_bio(mh,b); -#endif + MemCheck_on(); /* release MALLOC2 lock */ } #ifndef NO_FP_API diff --git a/lib/libcrypto/objects/Makefile.ssl b/lib/libcrypto/objects/Makefile.ssl index bdb7aa94dc0..6746ad21e72 100644 --- a/lib/libcrypto/objects/Makefile.ssl +++ b/lib/libcrypto/objects/Makefile.ssl @@ -39,7 +39,8 @@ all: obj_dat.h lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 6b5aedeea6e..dc50f6d7da6 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090600fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000" +#define OPENSSL_VERSION_NUMBER 0x0090601fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/pem/Makefile.ssl b/lib/libcrypto/pem/Makefile.ssl index 97af8255a3c..31db6b65a11 100644 --- a/lib/libcrypto/pem/Makefile.ssl +++ b/lib/libcrypto/pem/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/pem/pem_info.c b/lib/libcrypto/pem/pem_info.c index 1c5c6dea000..f1694f11253 100644 --- a/lib/libcrypto/pem/pem_info.c +++ b/lib/libcrypto/pem/pem_info.c @@ -305,7 +305,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, { if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) { - /* copy from wierdo names into more normal things */ + /* copy from weirdo names into more normal things */ iv=xi->enc_cipher.iv; data=(unsigned char *)xi->enc_data; i=xi->enc_len; diff --git a/lib/libcrypto/pkcs12/Makefile.ssl b/lib/libcrypto/pkcs12/Makefile.ssl index 67869f204fb..d745c536216 100644 --- a/lib/libcrypto/pkcs12/Makefile.ssl +++ b/lib/libcrypto/pkcs12/Makefile.ssl @@ -45,7 +45,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c index f1a210b5d27..a16a97d03df 100644 --- a/lib/libcrypto/pkcs12/p12_attr.c +++ b/lib/libcrypto/pkcs12/p12_attr.c @@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name, { unsigned char *uniname; int ret, unilen; - if (!asc2uni(name, &uniname, &unilen)) { + if (!asc2uni(name, namelen, &uniname, &unilen)) { PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, ERR_R_MALLOC_FAILURE); return 0; diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index b042dcf05c9..a4fd5b98ec9 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, if(!pass) { unipass = NULL; uniplen = 0; - } else if (!asc2uni(pass, &unipass, &uniplen)) { + } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); return 0; } @@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, const EVP_MD *md_type) { unsigned char *B, *D, *I, *p, *Ai; - int Slen, Plen, Ilen; + int Slen, Plen, Ilen, Ijlen; int i, j, u, v; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; @@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, BN_bin2bn (I + j, v, Ij); BN_add (Ij, Ij, Bpl1); BN_bn2bin (Ij, B); + Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ - if (BN_num_bytes (Ij) > v) { + if (Ijlen > v) { BN_bn2bin (Ij, B); memcpy (I + j, B + 1, v); +#ifndef PKCS12_BROKEN_KEYGEN + /* If less than v bytes pad with zeroes */ + } else if (Ijlen < v) { + memset(I + j, 0, v - Ijlen); + BN_bn2bin(Ij, I + j + v - Ijlen); +#endif } else BN_bn2bin (Ij, I + j); } } diff --git a/lib/libcrypto/pkcs12/p12_kiss.c b/lib/libcrypto/pkcs12/p12_kiss.c index 1fbbd6c99f9..5d67f19b455 100644 --- a/lib/libcrypto/pkcs12/p12_kiss.c +++ b/lib/libcrypto/pkcs12/p12_kiss.c @@ -264,6 +264,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, if (lkey) { *keymatch |= MATCH_CERT; if (cert) *cert = x509; + else X509_free(x509); } else { if(ca) sk_X509_push (*ca, x509); else X509_free(x509); diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c index 17f41b45496..2f1d1e534fc 100644 --- a/lib/libcrypto/pkcs12/p12_utl.c +++ b/lib/libcrypto/pkcs12/p12_utl.c @@ -62,30 +62,34 @@ /* Cheap and nasty Unicode stuff */ -unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) +unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) { int ulen, i; unsigned char *unitmp; - ulen = strlen(asc)*2 + 2; - if (!(unitmp = OPENSSL_malloc (ulen))) return NULL; - for (i = 0; i < ulen; i+=2) { + if (asclen == -1) asclen = strlen(asc); + ulen = asclen*2 + 2; + if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; + for (i = 0; i < ulen - 2; i+=2) { unitmp[i] = 0; unitmp[i + 1] = asc[i>>1]; } + /* Make result double null terminated */ + unitmp[ulen - 2] = 0; + unitmp[ulen - 1] = 0; if (unilen) *unilen = ulen; if (uni) *uni = unitmp; return unitmp; } -char *uni2asc (unsigned char *uni, int unilen) +char *uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; asclen = unilen / 2; /* If no terminating zero allow for one */ - if (uni[unilen - 1]) asclen++; + if (!unilen || uni[unilen - 1]) asclen++; uni++; - if (!(asctmp = OPENSSL_malloc (asclen))) return NULL; + if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; asctmp[asclen - 1] = 0; return asctmp; diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h index 502fceff954..e529154f263 100644 --- a/lib/libcrypto/pkcs12/pkcs12.h +++ b/lib/libcrypto/pkcs12/pkcs12.h @@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, EVP_MD *md_type); -unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); +unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *uni2asc(unsigned char *uni, int unilen); int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); PKCS12_BAGS *PKCS12_BAGS_new(void); diff --git a/lib/libcrypto/pkcs7/Makefile.ssl b/lib/libcrypto/pkcs7/Makefile.ssl index 6cd18b671e7..37b72f08902 100644 --- a/lib/libcrypto/pkcs7/Makefile.ssl +++ b/lib/libcrypto/pkcs7/Makefile.ssl @@ -58,7 +58,8 @@ verify: verify.o example.o lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 099e9651c1c..bf43d030ade 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -370,7 +370,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (ri == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - return(NULL); + goto err; } jj=EVP_PKEY_size(pkey); @@ -393,7 +393,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_get_cipher_ctx(etmp,&evp_ctx); EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) - return(NULL); + goto err; if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { /* Some S/MIME clients don't use the same key @@ -588,8 +588,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) pp=NULL; } +#ifndef NO_DSA if (si->pkey->type == EVP_PKEY_DSA) ctx_tmp.digest=EVP_dss1(); +#endif if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, (unsigned int *)&buf->length,si->pkey)) @@ -783,7 +785,14 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); os=si->enc_digest; pkey = X509_get_pubkey(x509); + if (!pkey) + { + ret = -1; + goto err; + } +#ifndef NO_DSA if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); +#endif i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); EVP_PKEY_free(pkey); diff --git a/lib/libcrypto/pkcs7/pk7_mime.c b/lib/libcrypto/pkcs7/pk7_mime.c index 994473c0bd3..086d3942701 100644 --- a/lib/libcrypto/pkcs7/pk7_mime.c +++ b/lib/libcrypto/pkcs7/pk7_mime.c @@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) } bound[32] = 0; BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Type: multipart/signed ; "); - BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); - BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); + BIO_printf(bio, "Content-Type: multipart/signed;"); + BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); BIO_printf(bio, "This is an S/MIME signed message\n\n"); /* Now write out the first part */ BIO_printf(bio, "------%s\n", bound); diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c index d716f9faeba..3d3214f5eee 100644 --- a/lib/libcrypto/pkcs7/pk7_smime.c +++ b/lib/libcrypto/pkcs7/pk7_smime.c @@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; - int i, j=0, k; + int i, j=0, k, ret = 0; BIO *p7bio; BIO *tmpout; @@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } } - sk_X509_free(signers); - if(indata) BIO_pop(p7bio); - BIO_free_all(p7bio); - - return 1; + ret = 1; err: + if(indata) BIO_pop(p7bio); + BIO_free_all(p7bio); sk_X509_free(signers); - BIO_free(p7bio); - return 0; + return ret; } STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) diff --git a/lib/libcrypto/rand/Makefile.ssl b/lib/libcrypto/rand/Makefile.ssl index 5f6199a35fd..707eaac6786 100644 --- a/lib/libcrypto/rand/Makefile.ssl +++ b/lib/libcrypto/rand/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index d167dea77db..567838f6c33 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -482,12 +482,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) unpredictable */ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { - int ret, err; + int ret; ret = RAND_bytes(buf, num); if (ret == 0) { - err = ERR_peek_error(); + long err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) (void)ERR_get_error(); diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h index eb9c8c034de..9c6052733e1 100644 --- a/lib/libcrypto/rand/rand.h +++ b/lib/libcrypto/rand/rand.h @@ -59,6 +59,8 @@ #ifndef HEADER_RAND_H #define HEADER_RAND_H +#include <stdlib.h> + #ifdef __cplusplus extern "C" { #endif @@ -89,7 +91,7 @@ void RAND_seed(const void *buf,int num); void RAND_add(const void *buf,int num,double entropy); int RAND_load_file(const char *file,long max_bytes); int RAND_write_file(const char *file); -const char *RAND_file_name(char *file,int num); +const char *RAND_file_name(char *file,size_t num); int RAND_status(void); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); diff --git a/lib/libcrypto/rand/rand_egd.c b/lib/libcrypto/rand/rand_egd.c index 02a0d86fa33..79b5e6fa57f 100644 --- a/lib/libcrypto/rand/rand_egd.c +++ b/lib/libcrypto/rand/rand_egd.c @@ -74,7 +74,14 @@ int RAND_egd_bytes(const char *path,int bytes) #include OPENSSL_UNISTD #include <sys/types.h> #include <sys/socket.h> +#ifndef NO_SYS_UN_H #include <sys/un.h> +#else +struct sockaddr_un { + short sun_family; /* AF_UNIX */ + char sun_path[108]; /* path name (gag) */ +}; +#endif /* NO_SYS_UN_H */ #include <string.h> #ifndef offsetof diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c index 9f2dcff9a92..3d137badd0e 100644 --- a/lib/libcrypto/rand/rand_win.c +++ b/lib/libcrypto/rand/rand_win.c @@ -570,14 +570,15 @@ static void readtimer(void) DWORD w; LARGE_INTEGER l; static int have_perfc = 1; -#ifndef __GNUC__ +#ifdef _MSC_VER static int have_tsc = 1; DWORD cyclecount; if (have_tsc) { __try { __asm { - rdtsc + _emit 0x0f + _emit 0x31 mov cyclecount, eax } RAND_add(&cyclecount, sizeof(cyclecount), 1); @@ -725,8 +726,9 @@ int RAND_poll(void) #ifdef DEVRANDOM return 1; -#endif +#else return 0; +#endif } #endif diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 663a36cb701..f4376cf8cc5 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -73,7 +73,7 @@ # include <sys/stat.h> #endif -#include <openssl/e_os.h> +#include "openssl/e_os.h" #include <openssl/crypto.h> #include <openssl/rand.h> @@ -83,6 +83,9 @@ /* #define RFILE ".rnd" - defined in ../../e_os.h */ +/* Note that these functions are intended for seed files only. + * Entropy devices and EGD sockets are handled in rand_unix.c */ + int RAND_load_file(const char *file, long bytes) { /* If bytes >= 0, read up to 'bytes' bytes. @@ -213,7 +216,7 @@ err: return (rand_err ? -1 : ret); } -const char *RAND_file_name(char *buf, int size) +const char *RAND_file_name(char *buf, size_t size) { char *s = NULL; char *ret=NULL; @@ -239,6 +242,8 @@ const char *RAND_file_name(char *buf, int size) strlcat(buf,RFILE,size); ret=buf; } + else + buf[0] = '\0'; /* no file name */ } #ifdef DEVRANDOM @@ -257,3 +262,4 @@ const char *RAND_file_name(char *buf, int size) #endif return(ret); } + diff --git a/lib/libcrypto/rc2/Makefile.ssl b/lib/libcrypto/rc2/Makefile.ssl index 9e94051cd7b..39813d68be0 100644 --- a/lib/libcrypto/rc2/Makefile.ssl +++ b/lib/libcrypto/rc2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/rc4/Makefile.ssl b/lib/libcrypto/rc4/Makefile.ssl index 8d2a795c22a..e75858d3b92 100644 --- a/lib/libcrypto/rc4/Makefile.ssl +++ b/lib/libcrypto/rc4/Makefile.ssl @@ -47,7 +47,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/rc5/Makefile.ssl b/lib/libcrypto/rc5/Makefile.ssl index 5a54a162bae..c8ee124776b 100644 --- a/lib/libcrypto/rc5/Makefile.ssl +++ b/lib/libcrypto/rc5/Makefile.ssl @@ -44,7 +44,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/ripemd/Makefile.ssl b/lib/libcrypto/ripemd/Makefile.ssl index de01a953ec6..1550c32ca1b 100644 --- a/lib/libcrypto/ripemd/Makefile.ssl +++ b/lib/libcrypto/ripemd/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/rsa/Makefile.ssl b/lib/libcrypto/rsa/Makefile.ssl index c159eedafed..2bee181d4e8 100644 --- a/lib/libcrypto/rsa/Makefile.ssl +++ b/lib/libcrypto/rsa/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index ccaa62b2392..cde5ca27d50 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -141,9 +141,26 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + goto err; + } + if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_n == NULL) + { + rsa->_method_mod_n = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); } if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, @@ -378,9 +395,26 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, /* do the decrypt */ if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + goto err; + } + if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_n == NULL) + { + rsa->_method_mod_n = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); } if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, @@ -433,20 +467,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) { if (rsa->_method_mod_p == NULL) { - if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, - ctx)) - goto err; + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + goto err; + } + if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_p == NULL) + { + rsa->_method_mod_p = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); } + if (rsa->_method_mod_q == NULL) { - if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, - ctx)) - goto err; + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + goto err; + } + if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_q == NULL) + { + rsa->_method_mod_q = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); } } - + if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c index 5e1e8fcdf33..94395cc22c8 100644 --- a/lib/libcrypto/rsa/rsa_lib.c +++ b/lib/libcrypto/rsa/rsa_lib.c @@ -191,13 +191,13 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding=NULL; ret->bignum_data=NULL; ret->flags=meth->flags; + CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); return(ret); } @@ -221,13 +221,13 @@ void RSA_free(RSA *r) } #endif - CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); - meth = ENGINE_get_RSA(r->engine); if (meth->finish != NULL) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); + if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); @@ -325,7 +325,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) BN_CTX_start(ctx); A = BN_CTX_get(ctx); - if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; + if (!BN_rand_range(A,rsa->n)) goto err; if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A, diff --git a/lib/libcrypto/sha/Makefile.ssl b/lib/libcrypto/sha/Makefile.ssl index 72acd8f0462..790e572fa29 100644 --- a/lib/libcrypto/sha/Makefile.ssl +++ b/lib/libcrypto/sha/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/lib/libcrypto/sha/asm/sha1-586.pl b/lib/libcrypto/sha/asm/sha1-586.pl index 09df993ecd4..fe51fd07945 100644 --- a/lib/libcrypto/sha/asm/sha1-586.pl +++ b/lib/libcrypto/sha/asm/sha1-586.pl @@ -317,7 +317,7 @@ sub BODY_60_79 sub sha1_block_host { - local($name)=@_; + local($name, $sclabel)=@_; &function_begin_B($name,""); @@ -352,7 +352,7 @@ sub sha1_block_host &mov(&swtmp($i+0),$A); &mov(&swtmp($i+1),$B); } - &jmp(&label("shortcut")); + &jmp($sclabel); &function_end_B($name); } @@ -529,10 +529,12 @@ sub sha1_block_data &pop("esi"); &ret(); - # it has to reside within sha1_block_asm_host_order body - # because it calls &jmp(&label("shortcut")); - &sha1_block_host("sha1_block_asm_host_order"); + # keep a note of shortcut label so it can be used outside + # block. + my $sclabel = &label("shortcut"); &function_end_B($name); + # Putting this here avoids problems with MASM in debugging mode + &sha1_block_host("sha1_block_asm_host_order", $sclabel); } diff --git a/lib/libcrypto/stack/Makefile.ssl b/lib/libcrypto/stack/Makefile.ssl index 86ed9287503..c916fd54516 100644 --- a/lib/libcrypto/stack/Makefile.ssl +++ b/lib/libcrypto/stack/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/txt_db/Makefile.ssl b/lib/libcrypto/txt_db/Makefile.ssl index cb54d533234..ee054e91f26 100644 --- a/lib/libcrypto/txt_db/Makefile.ssl +++ b/lib/libcrypto/txt_db/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/uid.c b/lib/libcrypto/uid.c new file mode 100644 index 00000000000..b5b61b76d4e --- /dev/null +++ b/lib/libcrypto/uid.c @@ -0,0 +1,88 @@ +/* crypto/uid.c */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/crypto.h> + +#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) + +#include <unistd.h> + +int OPENSSL_issetugid(void) + { + return issetugid(); + } + +#elif defined(WIN32) + +int OPENSSL_issetugid(void) + { + return 0; + } + +#else + +#include <unistd.h> +#include <sys/types.h> + +int OPENSSL_issetugid(void) + { + if (getuid() != geteuid()) return 1; + if (getgid() != getegid()) return 1; + return 0; + } +#endif + + + diff --git a/lib/libcrypto/util/clean-depend.pl b/lib/libcrypto/util/clean-depend.pl index af676af7514..0193e726fee 100644 --- a/lib/libcrypto/util/clean-depend.pl +++ b/lib/libcrypto/util/clean-depend.pl @@ -15,8 +15,8 @@ while(<STDIN>) { my ($file,$deps)=/^(.*): (.*)$/; next if !defined $deps; my @deps=split ' ',$deps; - @deps=grep(!/^\/usr\/include/,@deps); - @deps=grep(!/^\/usr\/lib\/gcc-lib/,@deps); + @deps=grep(!/^\//,@deps); + @deps=grep(!/^\\$/,@deps); push @{$files{$file}},@deps; } diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index e8eebbf50c4..84ae840804a 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES -EVP_dss 312 EXIST::FUNCTION:DSA -EVP_dss1 313 EXIST::FUNCTION:DSA +EVP_dss 312 EXIST::FUNCTION:DSA,SHA +EVP_dss1 313 EXIST::FUNCTION:DSA,SHA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: @@ -779,7 +779,7 @@ des_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES des_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES des_enc_read 788 EXIST::FUNCTION:DES des_enc_write 789 EXIST::FUNCTION:DES -des_encrypt 790 EXIST::FUNCTION:DES +des_encrypt1 790 EXIST::FUNCTION:DES des_encrypt2 791 EXIST::FUNCTION:DES des_encrypt3 792 EXIST::FUNCTION:DES des_fcrypt 793 EXIST::FUNCTION:DES @@ -926,7 +926,7 @@ PKCS7_add_signature 938 EXIST::FUNCTION: PKCS7_cert_from_signer_info 939 EXIST::FUNCTION: PKCS7_get_signer_info 940 EXIST::FUNCTION: EVP_delete_alias 941 NOEXIST::FUNCTION: -EVP_mdc2 942 EXIST::FUNCTION: +EVP_mdc2 942 EXIST::FUNCTION:MDC2 PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA @@ -1870,61 +1870,64 @@ X509_keyid_set1 2460 EXIST::FUNCTION: BIO_next 2461 EXIST::FUNCTION: DSO_METHOD_vms 2462 EXIST::FUNCTION: BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: -ERR_load_ENGINE_strings 2464 EXIST::FUNCTION: -ENGINE_set_DSA 2465 EXIST::FUNCTION: -ENGINE_get_finish_function 2466 EXIST::FUNCTION: -ENGINE_get_default_RSA 2467 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp 2468 EXIST::FUNCTION: -DSA_get_default_openssl_method 2469 EXIST::FUNCTION:DSA -ENGINE_set_DH 2470 EXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp_crt 2471 EXIST:!VMS:FUNCTION: -ENGINE_set_def_BN_mod_exp_crt 2471 EXIST:VMS:FUNCTION: -ENGINE_init 2472 EXIST::FUNCTION: -DH_get_default_openssl_method 2473 EXIST::FUNCTION:DH -RSA_set_default_openssl_method 2474 EXIST::FUNCTION:RSA -ENGINE_finish 2475 EXIST::FUNCTION: -ENGINE_load_public_key 2476 EXIST::FUNCTION: -ENGINE_get_DH 2477 EXIST::FUNCTION: -ENGINE_ctrl 2478 EXIST::FUNCTION: -ENGINE_get_init_function 2479 EXIST::FUNCTION: -ENGINE_set_init_function 2480 EXIST::FUNCTION: -ENGINE_set_default_DSA 2481 EXIST::FUNCTION: -ENGINE_get_name 2482 EXIST::FUNCTION: -ENGINE_get_last 2483 EXIST::FUNCTION: -ENGINE_get_prev 2484 EXIST::FUNCTION: -ENGINE_get_default_DH 2485 EXIST::FUNCTION: -ENGINE_get_RSA 2486 EXIST::FUNCTION: -ENGINE_set_default 2487 EXIST::FUNCTION: -ENGINE_get_RAND 2488 EXIST::FUNCTION: -ENGINE_get_first 2489 EXIST::FUNCTION: -ENGINE_by_id 2490 EXIST::FUNCTION: -ENGINE_set_finish_function 2491 EXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp_crt 2492 EXIST:!VMS:FUNCTION: -ENGINE_get_def_BN_mod_exp_crt 2492 EXIST:VMS:FUNCTION: -RSA_get_default_openssl_method 2493 EXIST::FUNCTION:RSA -ENGINE_set_RSA 2494 EXIST::FUNCTION: -ENGINE_load_private_key 2495 EXIST::FUNCTION: -ENGINE_set_default_RAND 2496 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp 2497 EXIST::FUNCTION: -ENGINE_remove 2498 EXIST::FUNCTION: -ENGINE_free 2499 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp_crt 2500 EXIST::FUNCTION: -ENGINE_get_next 2501 EXIST::FUNCTION: -ENGINE_set_name 2502 EXIST::FUNCTION: -ENGINE_get_default_DSA 2503 EXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp 2504 EXIST::FUNCTION: -ENGINE_set_default_RSA 2505 EXIST::FUNCTION: -ENGINE_get_default_RAND 2506 EXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp 2507 EXIST::FUNCTION: -ENGINE_set_RAND 2508 EXIST::FUNCTION: -ENGINE_set_id 2509 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp_crt 2510 EXIST::FUNCTION: -ENGINE_set_default_DH 2511 EXIST::FUNCTION: -ENGINE_new 2512 EXIST::FUNCTION: -ENGINE_get_id 2513 EXIST::FUNCTION: -DSA_set_default_openssl_method 2514 EXIST::FUNCTION:DSA -ENGINE_add 2515 EXIST::FUNCTION: -DH_set_default_openssl_method 2516 EXIST::FUNCTION:DH -ENGINE_get_DSA 2517 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2518 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2519 EXIST::FUNCTION: +BN_bntest_rand 2464 EXIST::FUNCTION: +OPENSSL_issetugid 2465 EXIST::FUNCTION: +BN_rand_range 2466 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: +ENGINE_set_DSA 2468 EXIST::FUNCTION: +ENGINE_get_finish_function 2469 EXIST::FUNCTION: +ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ENGINE_get_BN_mod_exp 2471 EXIST::FUNCTION: +DSA_get_default_openssl_method 2472 EXIST::FUNCTION:DSA +ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_default_BN_mod_exp_crt 2474 EXIST:!VMS:FUNCTION: +ENGINE_set_def_BN_mod_exp_crt 2474 EXIST:VMS:FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION: +DH_get_default_openssl_method 2476 EXIST::FUNCTION:DH +RSA_set_default_openssl_method 2477 EXIST::FUNCTION:RSA +ENGINE_finish 2478 EXIST::FUNCTION: +ENGINE_load_public_key 2479 EXIST::FUNCTION: +ENGINE_get_DH 2480 EXIST::FUNCTION: +ENGINE_ctrl 2481 EXIST::FUNCTION: +ENGINE_get_init_function 2482 EXIST::FUNCTION: +ENGINE_set_init_function 2483 EXIST::FUNCTION: +ENGINE_set_default_DSA 2484 EXIST::FUNCTION: +ENGINE_get_name 2485 EXIST::FUNCTION: +ENGINE_get_last 2486 EXIST::FUNCTION: +ENGINE_get_prev 2487 EXIST::FUNCTION: +ENGINE_get_default_DH 2488 EXIST::FUNCTION: +ENGINE_get_RSA 2489 EXIST::FUNCTION: +ENGINE_set_default 2490 EXIST::FUNCTION: +ENGINE_get_RAND 2491 EXIST::FUNCTION: +ENGINE_get_first 2492 EXIST::FUNCTION: +ENGINE_by_id 2493 EXIST::FUNCTION: +ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_get_default_BN_mod_exp_crt 2495 EXIST:!VMS:FUNCTION: +ENGINE_get_def_BN_mod_exp_crt 2495 EXIST:VMS:FUNCTION: +RSA_get_default_openssl_method 2496 EXIST::FUNCTION:RSA +ENGINE_set_RSA 2497 EXIST::FUNCTION: +ENGINE_load_private_key 2498 EXIST::FUNCTION: +ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_BN_mod_exp 2500 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION: +ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_get_BN_mod_exp_crt 2503 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION: +ENGINE_set_name 2505 EXIST::FUNCTION: +ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_set_default_BN_mod_exp 2507 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION: +ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_get_default_BN_mod_exp 2510 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION: +ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_BN_mod_exp_crt 2513 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION: +ENGINE_new 2515 EXIST::FUNCTION: +ENGINE_get_id 2516 EXIST::FUNCTION: +DSA_set_default_openssl_method 2517 EXIST::FUNCTION:DSA +ENGINE_add 2518 EXIST::FUNCTION: +DH_set_default_openssl_method 2519 EXIST::FUNCTION:DH +ENGINE_get_DSA 2520 EXIST::FUNCTION: +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl index cc41a1813e5..ba453358cf9 100644 --- a/lib/libcrypto/util/mkdef.pl +++ b/lib/libcrypto/util/mkdef.pl @@ -119,7 +119,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-rc4$/) { $no_rc4=1; } elsif (/^no-rc5$/) { $no_rc5=1; } elsif (/^no-idea$/) { $no_idea=1; } - elsif (/^no-des$/) { $no_des=1; } + elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; } elsif (/^no-bf$/) { $no_bf=1; } elsif (/^no-cast$/) { $no_cast=1; } elsif (/^no-md2$/) { $no_md2=1; } @@ -705,7 +705,8 @@ EOF } else { (my $n, my $i) = split /\\/, $nums{$s}; my %pf = (); - my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); + my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1)); + my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1)); # @p_purged must contain hardware platforms only my @p_purged = (); foreach $ptmp (@p) { @@ -727,7 +728,26 @@ EOF || (!$negatives && ($rsaref || !grep(/^RSAREF$/,@p))) || ($negatives - && (!$rsaref || !grep(/^!RSAREF$/,@p))))) { + && (!$rsaref || !grep(/^!RSAREF$/,@p)))) + && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a))) + && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a))) + && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a))) + && (!@a || (!$no_idea || !grep(/^IDEA$/,@a))) + && (!@a || (!$no_des || !grep(/^DES$/,@a))) + && (!@a || (!$no_bf || !grep(/^BF$/,@a))) + && (!@a || (!$no_cast || !grep(/^CAST$/,@a))) + && (!@a || (!$no_md2 || !grep(/^MD2$/,@a))) + && (!@a || (!$no_md4 || !grep(/^MD4$/,@a))) + && (!@a || (!$no_md5 || !grep(/^MD5$/,@a))) + && (!@a || (!$no_sha || !grep(/^SHA$/,@a))) + && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a))) + && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a))) + && (!@a || (!$no_rsa || !grep(/^RSA$/,@a))) + && (!@a || (!$no_dsa || !grep(/^DSA$/,@a))) + && (!@a || (!$no_dh || !grep(/^DH$/,@a))) + && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a))) + && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a))) + ) { printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; # } else { # print STDERR "DEBUG: \"$sym\" (@p):", diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl index d7b997ada72..9e9c9a51467 100644 --- a/lib/libcrypto/util/mklink.pl +++ b/lib/libcrypto/util/mklink.pl @@ -48,8 +48,13 @@ foreach $dirname (@from_path) { my $to = join('/', @to_path); my $file; +$symlink_exists=eval {symlink("",""); 1}; foreach $file (@files) { my $err = ""; - symlink("$to/$file", "$from/$file") or $err = " [$!]"; + if ($symlink_exists) { + symlink("$to/$file", "$from/$file") or $err = " [$!]"; + } else { + system ("cp", "$file", "$from/$file") and $err = " [$!]"; + } print $file . " => $from/$file$err\n"; } diff --git a/lib/libcrypto/util/pod2man.pl b/lib/libcrypto/util/pod2man.pl index f5ec0767ed4..c6b64add602 100644 --- a/lib/libcrypto/util/pod2man.pl +++ b/lib/libcrypto/util/pod2man.pl @@ -416,6 +416,8 @@ if ($name ne 'something') { warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n" } else { + $n[0] =~ s/\n/ /; + $n[1] =~ s/\n/ /; %namedesc = @n; } } diff --git a/lib/libcrypto/x509/Makefile.ssl b/lib/libcrypto/x509/Makefile.ssl index 46196937334..79f09d4f713 100644 --- a/lib/libcrypto/x509/Makefile.ssl +++ b/lib/libcrypto/x509/Makefile.ssl @@ -49,7 +49,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index cac64a6f404..448bd7e69cc 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * it out again */ CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); - if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); + if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); else tmp = NULL; CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index b147d573d2f..3f9f9b3d472 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; - unsigned char str[256],*p,*pp; - int i; - - i=i2d_X509_NAME(x,NULL); - if (i > sizeof(str)) - p=OPENSSL_malloc(i); - else - p=str; - pp=p; - i2d_X509_NAME(x,&pp); - MD5((unsigned char *)p,i,&(md[0])); - if (p != str) OPENSSL_free(p); + /* Ensure cached version is up to date */ + i2d_X509_NAME(x,NULL); + /* Use cached encoding directly rather than copying: this should + * keep libsafe happy. + */ + MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0])); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/lib/libcrypto/x509v3/Makefile.ssl b/lib/libcrypto/x509v3/Makefile.ssl index f7c3a6ca138..236e13af4e6 100644 --- a/lib/libcrypto/x509v3/Makefile.ssl +++ b/lib/libcrypto/x509v3/Makefile.ssl @@ -43,7 +43,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/lib/libcrypto/x509v3/v3_alt.c b/lib/libcrypto/x509v3/v3_alt.c index 733919f2507..94bebcd4480 100644 --- a/lib/libcrypto/x509v3/v3_alt.c +++ b/lib/libcrypto/x509v3/v3_alt.c @@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) /* Now add any email address(es) to STACK */ i = -1; while((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) > 0) { + NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); if(!email || !(gen = GENERAL_NAME_new())) { diff --git a/lib/libcrypto/x509v3/v3_prn.c b/lib/libcrypto/x509v3/v3_prn.c index dbc4fb1f160..14b804c4ad3 100644 --- a/lib/libcrypto/x509v3/v3_prn.c +++ b/lib/libcrypto/x509v3/v3_prn.c @@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) else BIO_printf(out, "%s:%s", nval->name, nval->value); #else else { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); - BIO_printf(out, "%s:%s", nval->name, tmp); + int len; + char *tmp; + len = strlen(nval->value)+1; + tmp = OPENSSL_malloc(len); + if (tmp) + { + ascii2ebcdic(tmp, nval->value, len); + BIO_printf(out, "%s:%s", nval->name, tmp); + OPENSSL_free(tmp); + } } #endif if(ml) BIO_puts(out, "\n"); @@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) BIO_printf(out, "%*s%s", indent, "", value); #else { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, value, strlen(value)+1); - BIO_printf(out, "%*s%s", indent, "", tmp); + int len; + char *tmp; + len = strlen(value)+1; + tmp = OPENSSL_malloc(len); + if (tmp) + { + ascii2ebcdic(tmp, value, len); + BIO_printf(out, "%*s%s", indent, "", tmp); + OPENSSL_free(tmp); + } } #endif } else if(method->i2v) { diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c index 867699b26f3..8aecd00e632 100644 --- a/lib/libcrypto/x509v3/v3_purp.c +++ b/lib/libcrypto/x509v3/v3_purp.c @@ -362,6 +362,8 @@ static int ca_check(const X509 *x) else return 0; } else { if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; + /* If key usage present it must have certSign so tolerate it */ + else if (x->ex_flags & EXFLAG_KUSAGE) return 3; else return 2; } } @@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x) if(ca_ret != 2) return ca_ret; else return 0; } - + static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) { @@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c int ret; ret = purpose_smime(x, ca); if(!ret || ca) return ret; - if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; + if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; return ret; } |