From 2e6ca3d0dda8d36114823221c99e4f6d602fb058 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sat, 6 Sep 2008 20:36:16 +0000 Subject: [PATCH] Import OpenSSL 0.9.8h. --- crypto/openssl-0.9/CHANGES | 140 + crypto/openssl-0.9/FAQ | 27 +- crypto/openssl-0.9/LICENSE | 2 +- crypto/openssl-0.9/README | 6 +- crypto/openssl-0.9/apps/apps.c | 2 +- crypto/openssl-0.9/apps/apps.h | 15 + crypto/openssl-0.9/apps/ca.c | 9 + crypto/openssl-0.9/apps/cms.c | 1347 +++++++++ crypto/openssl-0.9/apps/dgst.c | 3 + crypto/openssl-0.9/apps/ec.c | 2 +- crypto/openssl-0.9/apps/ocsp.c | 212 +- crypto/openssl-0.9/apps/progs.h | 4 + crypto/openssl-0.9/apps/req.c | 3 +- crypto/openssl-0.9/apps/rsautl.c | 36 +- crypto/openssl-0.9/apps/s_client.c | 53 + crypto/openssl-0.9/apps/s_server.c | 189 +- crypto/openssl-0.9/apps/speed.c | 2 +- crypto/openssl-0.9/apps/x509.c | 11 +- crypto/openssl-0.9/crypto/aes/aes.h | 6 + crypto/openssl-0.9/crypto/aes/aes_wrap.c | 259 ++ crypto/openssl-0.9/crypto/asn1/a_object.c | 1 + crypto/openssl-0.9/crypto/asn1/a_type.c | 26 + crypto/openssl-0.9/crypto/asn1/asn1.h | 54 +- crypto/openssl-0.9/crypto/asn1/asn1_err.c | 19 +- crypto/openssl-0.9/crypto/asn1/asn1_lib.c | 8 + crypto/openssl-0.9/crypto/asn1/asn1t.h | 7 + .../{pkcs7/pk7_mime.c => asn1/asn_mime.c} | 305 +- crypto/openssl-0.9/crypto/asn1/t_x509.c | 9 +- crypto/openssl-0.9/crypto/asn1/tasn_dec.c | 2 +- crypto/openssl-0.9/crypto/asn1/tasn_enc.c | 2 +- crypto/openssl-0.9/crypto/asn1/tasn_fre.c | 4 +- crypto/openssl-0.9/crypto/asn1/x_algor.c | 57 + crypto/openssl-0.9/crypto/asn1/x_exten.c | 5 + crypto/openssl-0.9/crypto/bio/b_sock.c | 22 +- crypto/openssl-0.9/crypto/bio/bio.h | 1 + crypto/openssl-0.9/crypto/bio/bss_dgram.c | 6 +- crypto/openssl-0.9/crypto/bio/bss_file.c | 8 +- crypto/openssl-0.9/crypto/bn/bn.h | 5 + crypto/openssl-0.9/crypto/bn/bn_lcl.h | 1 + crypto/openssl-0.9/crypto/bn/bn_mont.c | 241 ++ crypto/openssl-0.9/crypto/bn/bn_mul.c | 19 +- crypto/openssl-0.9/crypto/bn/bn_nist.c | 493 ++-- crypto/openssl-0.9/crypto/cms/Makefile | 183 ++ crypto/openssl-0.9/crypto/cms/cms.h | 473 +++ crypto/openssl-0.9/crypto/cms/cms_asn1.c | 346 +++ crypto/openssl-0.9/crypto/cms/cms_att.c | 195 ++ .../crypto/{comp/comp_err.c => cms/cms_cd.c} | 107 +- .../crypto/{asn1/x_algor.c => cms/cms_dd.c} | 115 +- crypto/openssl-0.9/crypto/cms/cms_enc.c | 262 ++ crypto/openssl-0.9/crypto/cms/cms_env.c | 825 ++++++ crypto/openssl-0.9/crypto/cms/cms_err.c | 236 ++ crypto/openssl-0.9/crypto/cms/cms_ess.c | 420 +++ .../crypto/{asn1/x_algor.c => cms/cms_io.c} | 107 +- crypto/openssl-0.9/crypto/cms/cms_lcl.h | 460 +++ crypto/openssl-0.9/crypto/cms/cms_lib.c | 623 ++++ crypto/openssl-0.9/crypto/cms/cms_sd.c | 1014 +++++++ crypto/openssl-0.9/crypto/cms/cms_smime.c | 806 +++++ crypto/openssl-0.9/crypto/comp/c_zlib.c | 391 ++- crypto/openssl-0.9/crypto/comp/comp.h | 14 + crypto/openssl-0.9/crypto/comp/comp_err.c | 9 +- crypto/openssl-0.9/crypto/des/des.h | 3 +- crypto/openssl-0.9/crypto/des/des_old.c | 2 + crypto/openssl-0.9/crypto/des/des_old.h | 3 +- crypto/openssl-0.9/crypto/des/xcbc_enc.c | 4 +- crypto/openssl-0.9/crypto/ecdsa/ecs_ossl.c | 25 +- .../openssl-0.9/crypto/engine/eng_padlock.c | 3 + crypto/openssl-0.9/crypto/engine/eng_table.c | 8 +- crypto/openssl-0.9/crypto/err/err.c | 1 + crypto/openssl-0.9/crypto/err/err.h | 2 + crypto/openssl-0.9/crypto/err/err_all.c | 6 + crypto/openssl-0.9/crypto/md32_common.h | 373 +-- crypto/openssl-0.9/crypto/md4/md4_dgst.c | 89 - crypto/openssl-0.9/crypto/md4/md4_locl.h | 44 - crypto/openssl-0.9/crypto/md5/md5_dgst.c | 106 - crypto/openssl-0.9/crypto/md5/md5_locl.h | 54 +- crypto/openssl-0.9/crypto/objects/obj_dat.c | 1 + crypto/openssl-0.9/crypto/objects/obj_dat.h | 2599 +++++++++-------- crypto/openssl-0.9/crypto/objects/obj_mac.h | 51 +- crypto/openssl-0.9/crypto/ocsp/ocsp.h | 17 +- crypto/openssl-0.9/crypto/ocsp/ocsp_err.c | 3 +- crypto/openssl-0.9/crypto/ocsp/ocsp_ht.c | 468 ++- crypto/openssl-0.9/crypto/opensslv.h | 6 +- crypto/openssl-0.9/crypto/ossl_typ.h | 5 + crypto/openssl-0.9/crypto/pem/pem.h | 1 + crypto/openssl-0.9/crypto/pem/pem_info.c | 2 +- crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c | 51 - crypto/openssl-0.9/crypto/rand/rand_nw.c | 11 +- crypto/openssl-0.9/crypto/rand/randfile.c | 4 + crypto/openssl-0.9/crypto/rc4/rc4_skey.c | 9 +- crypto/openssl-0.9/crypto/ripemd/rmd_dgst.c | 201 -- crypto/openssl-0.9/crypto/ripemd/rmd_locl.h | 16 +- crypto/openssl-0.9/crypto/rsa/rsa_eay.c | 72 +- crypto/openssl-0.9/crypto/rsa/rsa_oaep.c | 23 +- crypto/openssl-0.9/crypto/sha/sha256.c | 81 +- crypto/openssl-0.9/crypto/sha/sha512.c | 103 +- crypto/openssl-0.9/crypto/sha/sha_locl.h | 278 +- crypto/openssl-0.9/crypto/stack/safestack.h | 134 +- crypto/openssl-0.9/crypto/symhacks.h | 17 + crypto/openssl-0.9/crypto/x509/x509.h | 13 +- crypto/openssl-0.9/crypto/x509/x509_att.c | 33 +- crypto/openssl-0.9/crypto/x509v3/v3_utl.c | 24 + crypto/openssl-0.9/crypto/x509v3/x509v3.h | 1 + crypto/openssl-0.9/e_os.h | 42 +- crypto/openssl-0.9/engines/e_4758cca_err.h | 4 + crypto/openssl-0.9/engines/e_aep.c | 5 + crypto/openssl-0.9/engines/e_aep_err.h | 4 + crypto/openssl-0.9/engines/e_atalla_err.h | 4 + crypto/openssl-0.9/engines/e_chil_err.h | 4 + crypto/openssl-0.9/engines/e_cswift_err.h | 4 + crypto/openssl-0.9/engines/e_gmp.c | 76 +- crypto/openssl-0.9/engines/e_gmp_err.h | 4 + crypto/openssl-0.9/engines/e_nuron_err.h | 4 + crypto/openssl-0.9/engines/e_sureware_err.h | 4 + crypto/openssl-0.9/engines/e_ubsec_err.h | 4 + crypto/openssl-0.9/ssl/kssl.c | 2 +- crypto/openssl-0.9/ssl/s23_clnt.c | 2 + crypto/openssl-0.9/ssl/s3_clnt.c | 113 +- crypto/openssl-0.9/ssl/s3_lib.c | 56 + crypto/openssl-0.9/ssl/s3_srvr.c | 120 +- crypto/openssl-0.9/ssl/ssl.h | 39 + crypto/openssl-0.9/ssl/ssl3.h | 5 + crypto/openssl-0.9/ssl/ssl_asn1.c | 15 +- crypto/openssl-0.9/ssl/ssl_err.c | 3 + crypto/openssl-0.9/ssl/ssl_lib.c | 17 + crypto/openssl-0.9/ssl/ssl_locl.h | 2 + crypto/openssl-0.9/ssl/ssl_rsa.c | 2 + crypto/openssl-0.9/ssl/ssl_stat.c | 4 + crypto/openssl-0.9/ssl/t1_lib.c | 285 +- crypto/openssl-0.9/ssl/tls1.h | 39 +- 129 files changed, 12774 insertions(+), 3245 deletions(-) create mode 100644 crypto/openssl-0.9/apps/cms.c create mode 100644 crypto/openssl-0.9/crypto/aes/aes_wrap.c copy crypto/openssl-0.9/crypto/{pkcs7/pk7_mime.c => asn1/asn_mime.c} (75%) create mode 100644 crypto/openssl-0.9/crypto/cms/Makefile create mode 100644 crypto/openssl-0.9/crypto/cms/cms.h create mode 100644 crypto/openssl-0.9/crypto/cms/cms_asn1.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_att.c copy crypto/openssl-0.9/crypto/{comp/comp_err.c => cms/cms_cd.c} (56%) copy crypto/openssl-0.9/crypto/{asn1/x_algor.c => cms/cms_dd.c} (55%) create mode 100644 crypto/openssl-0.9/crypto/cms/cms_enc.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_env.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_err.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_ess.c copy crypto/openssl-0.9/crypto/{asn1/x_algor.c => cms/cms_io.c} (54%) create mode 100644 crypto/openssl-0.9/crypto/cms/cms_lcl.h create mode 100644 crypto/openssl-0.9/crypto/cms/cms_lib.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_sd.c create mode 100644 crypto/openssl-0.9/crypto/cms/cms_smime.c diff --git a/crypto/openssl-0.9/CHANGES b/crypto/openssl-0.9/CHANGES index 512b11537d..217aa70dcb 100644 --- a/crypto/openssl-0.9/CHANGES +++ b/crypto/openssl-0.9/CHANGES @@ -2,6 +2,142 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8g and 0.9.8h [28 May 2008] + + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + + *) Fix double free in TLS server name extensions which could lead to + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + [Joe Orton] + + *) Clear error queue in SSL_CTX_use_certificate_chain_file() + + Clear the error queue to ensure that error entries left from + older function calls do not interfere with the correct operation. + [Lutz Jaenicke, Erik de Castro Lopo] + + *) Remove root CA certificates of commercial CAs: + + The OpenSSL project does not recommend any specific CA and does not + have any policy with respect to including or excluding any CA. + Therefore it does not make any sense to ship an arbitrary selection + of root CA certificates with the OpenSSL software. + [Lutz Jaenicke] + + *) RSA OAEP patches to fix two separate invalid memory reads. + The first one involves inputs when 'lzero' is greater than + 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes + before the beginning of from). The second one involves inputs where + the 'db' section contains nothing but zeroes (there is a one-byte + invalid read after the end of 'db'). + [Ivan Nestlerode ] + + *) Partial backport from 0.9.9-dev: + + Introduce bn_mul_mont (dedicated Montgomery multiplication + procedure) as a candidate for BIGNUM assembler implementation. + While 0.9.9-dev uses assembler for various architectures, only + x86_64 is available by default here in the 0.9.8 branch, and + 32-bit x86 is available through a compile-time setting. + + To try the 32-bit x86 assembler implementation, use Configure + option "enable-montasm" (which exists only for this backport). + + As "enable-montasm" for 32-bit x86 disclaims code stability + anyway, in this constellation we activate additional code + backported from 0.9.9-dev for further performance improvements, + namely BN_from_montgomery_word. (To enable this otherwise, + e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".) + + [Andy Polyakov (backport partially by Bodo Moeller)] + + *) Add TLS session ticket callback. This allows an application to set + TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed + values. This is useful for key rollover for example where several key + sets may exist with different names. + [Steve Henson] + + *) Reverse ENGINE-internal logic for caching default ENGINE handles. + This was broken until now in 0.9.8 releases, such that the only way + a registered ENGINE could be used (assuming it initialises + successfully on the host) was to explicitly set it as the default + for the relevant algorithms. This is in contradiction with 0.9.7 + behaviour and the documentation. With this fix, when an ENGINE is + registered into a given algorithm's table of implementations, the + 'uptodate' flag is reset so that auto-discovery will be used next + time a new context for that algorithm attempts to select an + implementation. + [Ian Lister (tweaked by Geoff Thorpe)] + + *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 + implemention in the following ways: + + Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be + hard coded. + + Lack of BER streaming support means one pass streaming processing is + only supported if data is detached: setting the streaming flag is + ignored for embedded content. + + CMS support is disabled by default and must be explicitly enabled + with the enable-cms configuration option. + [Steve Henson] + + *) Update the GMP engine glue to do direct copies between BIGNUM and + mpz_t when openssl and GMP use the same limb size. Otherwise the + existing "conversion via a text string export" trick is still used. + [Paul Sheer ] + + *) Zlib compression BIO. This is a filter BIO which compressed and + uncompresses any data passed through it. + [Steve Henson] + + *) Add AES_wrap_key() and AES_unwrap_key() functions to implement + RFC3394 compatible AES key wrapping. + [Steve Henson] + + *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): + sets string data without copying. X509_ALGOR_set0() and + X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) + data. Attribute function X509at_get0_data_by_OBJ(): retrieves data + from an X509_ATTRIBUTE structure optionally checking it occurs only + once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied + data. + [Steve Henson] + + *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() + to get the expected BN_FLG_CONSTTIME behavior. + [Bodo Moeller (Google)] + + *) Netware support: + + - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets + - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) + - added some more tests to do_tests.pl + - fixed RunningProcess usage so that it works with newer LIBC NDKs too + - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency + - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, + netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc + - various changes to netware.pl to enable gcc-cross builds on Win32 + platform + - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) + - various changes to fix missing prototype warnings + - fixed x86nasm.pl to create correct asm files for NASM COFF output + - added AES, WHIRLPOOL and CPUID assembler code to build files + - added missing AES assembler make rules to mk1mf.pl + - fixed order of includes in apps/ocsp.c so that e_os.h settings apply + [Guenter Knauf ] + + *) Implement certificate status request TLS extension defined in RFC3546. + A client can set the appropriate parameters and receive the encoded + OCSP response via a callback. A server can query the supplied parameters + and set the encoded OCSP response in the callback. Add simplified examples + to s_client and s_server. + [Steve Henson] + Changes between 0.9.8f and 0.9.8g [19 Oct 2007] *) Fix various bugs: @@ -167,6 +303,10 @@ authentication-only ciphersuites. [Bodo Moeller] + *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was + not complete and could lead to a possible single byte overflow + (CVE-2007-5135) [Ben Laurie] + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] *) Since AES128 and AES256 (and similarly Camellia128 and diff --git a/crypto/openssl-0.9/FAQ b/crypto/openssl-0.9/FAQ index 96d39f5cc7..09f700cc3a 100644 --- a/crypto/openssl-0.9/FAQ +++ b/crypto/openssl-0.9/FAQ @@ -32,6 +32,7 @@ OpenSSL - Frequently Asked Questions * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? * What is a "128 bit certificate"? Can I create one with OpenSSL? +* How can I set up a bundle of commercial root CA certificates? [BUILD] Questions about building and testing OpenSSL @@ -75,7 +76,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8g was released on October 19th, 2007. +OpenSSL 0.9.8h was released on May 28th, 2008. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at #endif +#ifndef OPENSSL_NO_OCSP +#include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -228,6 +231,12 @@ extern BIO *bio_err; # endif #endif +#ifdef OPENSSL_SYSNAME_WIN32 +# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) +#else +# define openssl_fdset(a,b) FD_SET(a, b) +#endif + typedef struct args_st { char **data; @@ -275,6 +284,12 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); #endif +#ifndef OPENSSL_NO_OCSP +OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, + char *host, char *path, char *port, int use_ssl, + int req_timeout); +#endif + int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/crypto/openssl-0.9/apps/ca.c b/crypto/openssl-0.9/apps/ca.c index e9d79def61..87f0405f5d 100644 --- a/crypto/openssl-0.9/apps/ca.c +++ b/crypto/openssl-0.9/apps/ca.c @@ -2882,13 +2882,22 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) p=(char *)str->data; for (j=str->length; j>0; j--) { +#ifdef CHARSET_EBCDIC + if ((*p >= 0x20) && (*p <= 0x7e)) + BIO_printf(bp,"%c",os_toebcdic[*p]); +#else if ((*p >= ' ') && (*p <= '~')) BIO_printf(bp,"%c",*p); +#endif else if (*p & 0x80) BIO_printf(bp,"\\0x%02X",*p); else if ((unsigned char)*p == 0xf7) BIO_printf(bp,"^?"); +#ifdef CHARSET_EBCDIC + else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); +#else else BIO_printf(bp,"^%c",*p+'@'); +#endif p++; } BIO_printf(bp,"'\n"); diff --git a/crypto/openssl-0.9/apps/cms.c b/crypto/openssl-0.9/apps/cms.c new file mode 100644 index 0000000000..6d227acabe --- /dev/null +++ b/crypto/openssl-0.9/apps/cms.c @@ -0,0 +1,1347 @@ +/* apps/cms.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* CMS utility function */ + +#include +#include +#include "apps.h" + +#ifndef OPENSSL_NO_CMS + +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG cms_main +static int save_certs(char *signerfile, STACK_OF(X509) *signers); +static int cms_cb(int ok, X509_STORE_CTX *ctx); +static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); +static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, + STACK *rr_from); + +#define SMIME_OP 0x10 +#define SMIME_IP 0x20 +#define SMIME_SIGNERS 0x40 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT (2 | SMIME_IP) +#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) +#define SMIME_VERIFY (4 | SMIME_IP) +#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP) +#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) +#define SMIME_DATAOUT (7 | SMIME_IP) +#define SMIME_DATA_CREATE (8 | SMIME_OP) +#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) +#define SMIME_DIGEST_CREATE (10 | SMIME_OP) +#define SMIME_UNCOMPRESS (11 | SMIME_IP) +#define SMIME_COMPRESS (12 | SMIME_OP) +#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) +#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) +#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) +#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + ENGINE *e = NULL; + int operation = 0; + int ret = 0; + char **args; + const char *inmode = "r", *outmode = "w"; + char *infile = NULL, *outfile = NULL, *rctfile = NULL; + char *signerfile = NULL, *recipfile = NULL; + STACK *sksigners = NULL, *skkeys = NULL; + char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certsoutfile = NULL; + const EVP_CIPHER *cipher = NULL; + CMS_ContentInfo *cms = NULL, *rcms = NULL; + X509_STORE *store = NULL; + X509 *cert = NULL, *recip = NULL, *signer = NULL; + EVP_PKEY *key = NULL; + STACK_OF(X509) *encerts = NULL, *other = NULL; + BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; + int badarg = 0; + int flags = CMS_DETACHED; + int rr_print = 0, rr_allorfirst = -1; + STACK *rr_to = NULL, *rr_from = NULL; + CMS_ReceiptRequest *rr = NULL; + char *to = NULL, *from = NULL, *subject = NULL; + char *CAfile = NULL, *CApath = NULL; + char *passargin = NULL, *passin = NULL; + char *inrand = NULL; + int need_rand = 0; + const EVP_MD *sign_md = NULL; + int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; + int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif + unsigned char *secret_key = NULL, *secret_keyid = NULL; + size_t secret_keylen = 0, secret_keyidlen = 0; + + ASN1_OBJECT *econtent_type = NULL; + + X509_VERIFY_PARAM *vpm = NULL; + + args = argv + 1; + ret = 1; + + apps_startup(); + + if (bio_err == NULL) + { + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + } + + if (!load_config(bio_err, NULL)) + goto end; + + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp (*args, "-encrypt")) + operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) + operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) + operation = SMIME_SIGN; + else if (!strcmp (*args, "-sign_receipt")) + operation = SMIME_SIGN_RECEIPT; + else if (!strcmp (*args, "-resign")) + operation = SMIME_RESIGN; + else if (!strcmp (*args, "-verify")) + operation = SMIME_VERIFY; + else if (!strcmp(*args,"-verify_receipt")) + { + operation = SMIME_VERIFY_RECEIPT; + if (!args[1]) + goto argerr; + args++; + rctfile = *args; + } + else if (!strcmp (*args, "-cmsout")) + operation = SMIME_CMSOUT; + else if (!strcmp (*args, "-data_out")) + operation = SMIME_DATAOUT; + else if (!strcmp (*args, "-data_create")) + operation = SMIME_DATA_CREATE; + else if (!strcmp (*args, "-digest_verify")) + operation = SMIME_DIGEST_VERIFY; + else if (!strcmp (*args, "-digest_create")) + operation = SMIME_DIGEST_CREATE; + else if (!strcmp (*args, "-compress")) + operation = SMIME_COMPRESS; + else if (!strcmp (*args, "-uncompress")) + operation = SMIME_UNCOMPRESS; + else if (!strcmp (*args, "-EncryptedData_decrypt")) + operation = SMIME_ENCRYPTED_DECRYPT; + else if (!strcmp (*args, "-EncryptedData_encrypt")) + operation = SMIME_ENCRYPTED_ENCRYPT; +#ifndef OPENSSL_NO_DES + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); +#endif +#ifndef OPENSSL_NO_SEED + else if (!strcmp (*args, "-seed")) + cipher = EVP_seed_cbc(); +#endif +#ifndef OPENSSL_NO_RC2 + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (!strcmp(*args,"-aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*args,"-aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*args,"-aes256")) + cipher = EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); +#endif + else if (!strcmp (*args, "-text")) + flags |= CMS_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= CMS_NOINTERN; + else if (!strcmp (*args, "-noverify") + || !strcmp (*args, "-no_signer_cert_verify")) + flags |= CMS_NO_SIGNER_CERT_VERIFY; + else if (!strcmp (*args, "-nocerts")) + flags |= CMS_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= CMS_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~CMS_DETACHED; + else if (!strcmp (*args, "-nosmimecap")) + flags |= CMS_NOSMIMECAP; + else if (!strcmp (*args, "-binary")) + flags |= CMS_BINARY; + else if (!strcmp (*args, "-keyid")) + flags |= CMS_USE_KEYID; + else if (!strcmp (*args, "-nosigs")) + flags |= CMS_NOSIGS; + else if (!strcmp (*args, "-no_content_verify")) + flags |= CMS_NO_CONTENT_VERIFY; + else if (!strcmp (*args, "-no_attr_verify")) + flags |= CMS_NO_ATTR_VERIFY; + else if (!strcmp (*args, "-stream")) + { + args++; + continue; + } + else if (!strcmp (*args, "-indef")) + { + args++; + continue; + } + else if (!strcmp (*args, "-noindef")) + flags &= ~CMS_STREAM; + else if (!strcmp (*args, "-nooldmime")) + flags |= CMS_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= CMS_CRLFEOL; + else if (!strcmp (*args, "-receipt_request_print")) + rr_print = 1; + else if (!strcmp (*args, "-receipt_request_all")) + rr_allorfirst = 0; + else if (!strcmp (*args, "-receipt_request_first")) + rr_allorfirst = 1; + else if (!strcmp(*args,"-receipt_request_from")) + { + if (!args[1]) + goto argerr; + args++; + if (!rr_from) + rr_from = sk_new_null(); + sk_push(rr_from, *args); + } + else if (!strcmp(*args,"-receipt_request_to")) + { + if (!args[1]) + goto argerr; + args++; + if (!rr_to) + rr_to = sk_new_null(); + sk_push(rr_to, *args); + } + else if (!strcmp(*args,"-secretkey")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_key = string_to_hex(*args, <mp); + if (!secret_key) + { + BIO_printf(bio_err, "Invalid key %s\n", *args); + goto argerr; + } + secret_keylen = (size_t)ltmp; + } + else if (!strcmp(*args,"-secretkeyid")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_keyid = string_to_hex(*args, <mp); + if (!secret_keyid) + { + BIO_printf(bio_err, "Invalid id %s\n", *args); + goto argerr; + } + secret_keyidlen = (size_t)ltmp; + } + else if (!strcmp(*args,"-econtent_type")) + { + if (!args[1]) + goto argerr; + args++; + econtent_type = OBJ_txt2obj(*args, 0); + if (!econtent_type) + { + BIO_printf(bio_err, "Invalid OID %s\n", *args); + goto argerr; + } + } + else if (!strcmp(*args,"-rand")) + { + if (!args[1]) + goto argerr; + args++; + inrand = *args; + need_rand = 1; + } +#ifndef OPENSSL_NO_ENGINE + else if (!strcmp(*args,"-engine")) + { + if (!args[1]) + goto argerr; + engine = *++args; + } +#endif + else if (!strcmp(*args,"-passin")) + { + if (!args[1]) + goto argerr; + passargin = *++args; + } + else if (!strcmp (*args, "-to")) + { + if (!args[1]) + goto argerr; + to = *++args; + } + else if (!strcmp (*args, "-from")) + { + if (!args[1]) + goto argerr; + from = *++args; + } + else if (!strcmp (*args, "-subject")) + { + if (!args[1]) + goto argerr; + subject = *++args; + } + else if (!strcmp (*args, "-signer")) + { + if (!args[1]) + goto argerr; + /* If previous -signer argument add signer to list */ + + if (signerfile) + { + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + if (!keyfile) + keyfile = signerfile; + if (!skkeys) + skkeys = sk_new_null(); + sk_push(skkeys, keyfile); + keyfile = NULL; + } + signerfile = *++args; + } + else if (!strcmp (*args, "-recip")) + { + if (!args[1]) + goto argerr; + recipfile = *++args; + } + else if (!strcmp (*args, "-certsout")) + { + if (!args[1]) + goto argerr; + certsoutfile = *++args; + } + else if (!strcmp (*args, "-md")) + { + if (!args[1]) + goto argerr; + sign_md = EVP_get_digestbyname(*++args); + if (sign_md == NULL) + { + BIO_printf(bio_err, "Unknown digest %s\n", + *args); + goto argerr; + } + } + else if (!strcmp (*args, "-inkey")) + { + if (!args[1]) + goto argerr; + /* If previous -inkey arument add signer to list */ + if (keyfile) + { + if (!signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + signerfile = NULL; + if (!skkeys) + skkeys = sk_new_null(); + sk_push(skkeys, keyfile); + } + keyfile = *++args; + } + else if (!strcmp (*args, "-keyform")) + { + if (!args[1]) + goto argerr; + keyform = str2fmt(*++args); + } + else if (!strcmp (*args, "-rctform")) + { + if (!args[1]) + goto argerr; + rctformat = str2fmt(*++args); + } + else if (!strcmp (*args, "-certfile")) + { + if (!args[1]) + goto argerr; + certfile = *++args; + } + else if (!strcmp (*args, "-CAfile")) + { + if (!args[1]) + goto argerr; + CAfile = *++args; + } + else if (!strcmp (*args, "-CApath")) + { + if (!args[1]) + goto argerr; + CApath = *++args; + } + else if (!strcmp (*args, "-in")) + { + if (!args[1]) + goto argerr; + infile = *++args; + } + else if (!strcmp (*args, "-inform")) + { + if (!args[1]) + goto argerr; + informat = str2fmt(*++args); + } + else if (!strcmp (*args, "-outform")) + { + if (!args[1]) + goto argerr; + outformat = str2fmt(*++args); + } + else if (!strcmp (*args, "-out")) + { + if (!args[1]) + goto argerr; + outfile = *++args; + } + else if (!strcmp (*args, "-content")) + { + if (!args[1]) + goto argerr; + contfile = *++args; + } + else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + continue; + else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) + badarg = 1; + args++; + } + + if (((rr_allorfirst != -1) || rr_from) && !rr_to) + { + BIO_puts(bio_err, "No Signed Receipts Recipients\n"); + goto argerr; + } + + if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) + { + BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); + goto argerr; + } + if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) + { + BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); + goto argerr; + } + + if (operation & SMIME_SIGNERS) + { + if (keyfile && !signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + /* Check to see if any final signer needs to be appended */ + if (signerfile) + { + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + if (!skkeys) + skkeys = sk_new_null(); + if (!keyfile) + keyfile = signerfile; + sk_push(skkeys, keyfile); + } + if (!sksigners) + { + BIO_printf(bio_err, "No signer certificate specified\n"); + badarg = 1; + } + signerfile = NULL; + keyfile = NULL; + need_rand = 1; + } + + else if (operation == SMIME_DECRYPT) + { + if (!recipfile && !keyfile && !secret_key) + { + BIO_printf(bio_err, "No recipient certificate or key specified\n"); + badarg = 1; + } + } + else if (operation == SMIME_ENCRYPT) + { + if (!*args && !secret_key) + { + BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); + badarg = 1; + } + need_rand = 1; + } + else if (!operation) + badarg = 1; + + if (badarg) + { + argerr: + BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-encrypt encrypt message\n"); + BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); + BIO_printf (bio_err, "-sign sign message\n"); + BIO_printf (bio_err, "-verify verify signed message\n"); + BIO_printf (bio_err, "-cmsout output CMS structure\n"); +#ifndef OPENSSL_NO_DES + BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); + BIO_printf (bio_err, "-des encrypt with DES\n"); +#endif +#ifndef OPENSSL_NO_SEED + BIO_printf (bio_err, "-seed encrypt with SEED\n"); +#endif +#ifndef OPENSSL_NO_RC2 + BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); + BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); + BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); +#endif + BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); + BIO_printf (bio_err, "-nosigs don't verify message signature\n"); + BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); + BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); + BIO_printf (bio_err, "-nodetach use opaque signing\n"); + BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); + BIO_printf (bio_err, "-binary don't translate message to text\n"); + BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-certsout file certificate output file\n"); + BIO_printf (bio_err, "-signer file signer certificate file\n"); + BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); + BIO_printf (bio_err, "-skeyid use subject key identifier\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); + BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); + BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); + BIO_printf (bio_err, "-to addr to address\n"); + BIO_printf (bio_err, "-from ad from address\n"); + BIO_printf (bio_err, "-subject s subject\n"); + BIO_printf (bio_err, "-text include or delete text MIME headers\n"); + BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); + BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif + BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); + BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); + goto end; + } + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if (need_rand) + { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + + ret = 2; + + if (!(operation & SMIME_SIGNERS)) + flags &= ~CMS_DETACHED; + + if (operation & SMIME_OP) + { + if (outformat == FORMAT_ASN1) + outmode = "wb"; + } + else + { + if (flags & CMS_BINARY) + outmode = "wb"; + } + + if (operation & SMIME_IP) + { + if (informat == FORMAT_ASN1) + inmode = "rb"; + } + else + { + if (flags & CMS_BINARY) + inmode = "rb"; + } + + if (operation == SMIME_ENCRYPT) + { + if (!cipher) + { +#ifndef OPENSSL_NO_DES + cipher = EVP_des_ede3_cbc(); +#else + BIO_printf(bio_err, "No cipher selected\n"); + goto end; +#endif + } + + if (secret_key && !secret_keyid) + { + BIO_printf(bio_err, "No sectre key id\n"); + goto end; + } + + if (*args) + encerts = sk_X509_new_null(); + while (*args) + { + if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) + goto end; + sk_X509_push(encerts, cert); + cert = NULL; + args++; + } + } + + if (certfile) + { + if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (recipfile && (operation == SMIME_DECRYPT)) + { + if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (operation == SMIME_SIGN_RECEIPT) + { + if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, + e, "receipt signer certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (operation == SMIME_DECRYPT) + { + if (!keyfile) + keyfile = recipfile; + } + else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) + { + if (!keyfile) + keyfile = signerfile; + } + else keyfile = NULL; + + if (keyfile) + { + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) + goto end; + } + + if (infile) + { + if (!(in = BIO_new_file(infile, inmode))) + { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } + else + in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (operation & SMIME_IP) + { + if (informat == FORMAT_SMIME) + cms = SMIME_read_CMS(in, &indata); + else if (informat == FORMAT_PEM) + cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); + else if (informat == FORMAT_ASN1) + cms = d2i_CMS_bio(in, NULL); + else + { + BIO_printf(bio_err, "Bad input format for CMS file\n"); + goto end; + } + + if (!cms) + { + BIO_printf(bio_err, "Error reading S/MIME message\n"); + goto end; + } + if (contfile) + { + BIO_free(indata); + if (!(indata = BIO_new_file(contfile, "rb"))) + { + BIO_printf(bio_err, "Can't read content file %s\n", contfile); + goto end; + } + } + if (certsoutfile) + { + STACK_OF(X509) *allcerts; + allcerts = CMS_get1_certs(cms); + if (!save_certs(certsoutfile, allcerts)) + { + BIO_printf(bio_err, + "Error writing certs to %s\n", + certsoutfile); + ret = 5; + goto end; + } + sk_X509_pop_free(allcerts, X509_free); + } + } + + if (rctfile) + { + char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; + if (!(rctin = BIO_new_file(rctfile, rctmode))) + { + BIO_printf (bio_err, + "Can't open receipt file %s\n", rctfile); + goto end; + } + + if (rctformat == FORMAT_SMIME) + rcms = SMIME_read_CMS(rctin, NULL); + else if (rctformat == FORMAT_PEM) + rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); + else if (rctformat == FORMAT_ASN1) + rcms = d2i_CMS_bio(rctin, NULL); + else + { + BIO_printf(bio_err, "Bad input format for receipt\n"); + goto end; + } + + if (!rcms) + { + BIO_printf(bio_err, "Error reading receipt\n"); + goto end; + } + } + + if (outfile) + { + if (!(out = BIO_new_file(outfile, outmode))) + { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } + else + { + out = BIO_new_fp(stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + + if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) + { + if (!(store = setup_verify(bio_err, CAfile, CApath))) + goto end; + X509_STORE_set_verify_cb_func(store, cms_cb); + if (vpm) + X509_STORE_set1_param(store, vpm); + } + + + ret = 3; + + if (operation == SMIME_DATA_CREATE) + { + cms = CMS_data_create(in, flags); + } + else if (operation == SMIME_DIGEST_CREATE) + { + cms = CMS_digest_create(in, sign_md, flags); + } + else if (operation == SMIME_COMPRESS) + { + cms = CMS_compress(in, -1, flags); + } + else if (operation == SMIME_ENCRYPT) + { + flags |= CMS_PARTIAL; + cms = CMS_encrypt(encerts, in, cipher, flags); + if (!cms) + goto end; + if (secret_key) + { + if (!CMS_add0_recipient_key(cms, NID_undef, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) + goto end; + /* NULL these because call absorbs them */ + secret_key = NULL; + secret_keyid = NULL; + } + if (!(flags & CMS_STREAM)) + { + if (!CMS_final(cms, in, NULL, flags)) + goto end; + } + } + else if (operation == SMIME_ENCRYPTED_ENCRYPT) + { + cms = CMS_EncryptedData_encrypt(in, cipher, + secret_key, secret_keylen, + flags); + + } + else if (operation == SMIME_SIGN_RECEIPT) + { + CMS_ContentInfo *srcms = NULL; + STACK_OF(CMS_SignerInfo) *sis; + CMS_SignerInfo *si; + sis = CMS_get0_SignerInfos(cms); + if (!sis) + goto end; + si = sk_CMS_SignerInfo_value(sis, 0); + srcms = CMS_sign_receipt(si, signer, key, other, flags); + if (!srcms) + goto end; + CMS_ContentInfo_free(cms); + cms = srcms; + } + else if (operation & SMIME_SIGNERS) + { + int i; + /* If detached data content we enable streaming if + * S/MIME output format. + */ + if (operation == SMIME_SIGN) + { + + if (flags & CMS_DETACHED) + { + if (outformat == FORMAT_SMIME) + flags |= CMS_STREAM; + } + flags |= CMS_PARTIAL; + cms = CMS_sign(NULL, NULL, other, in, flags); + if (!cms) + goto end; + if (econtent_type) + CMS_set1_eContentType(cms, econtent_type); + + if (rr_to) + { + rr = make_receipt_request(rr_to, rr_allorfirst, + rr_from); + if (!rr) + { + BIO_puts(bio_err, + "Signed Receipt Request Creation Error\n"); + goto end; + } + } + } + else + flags |= CMS_REUSE_DIGEST; + for (i = 0; i < sk_num(sksigners); i++) + { + CMS_SignerInfo *si; + signerfile = sk_value(sksigners, i); + keyfile = sk_value(skkeys, i); + signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, + e, "signer certificate"); + if (!signer) + goto end; + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) + goto end; + si = CMS_add1_signer(cms, signer, key, sign_md, flags); + if (!si) + goto end; + if (rr && !CMS_add1_ReceiptRequest(si, rr)) + goto end; + X509_free(signer); + signer = NULL; + EVP_PKEY_free(key); + key = NULL; + } + /* If not streaming or resigning finalize structure */ + if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) + { + if (!CMS_final(cms, in, NULL, flags)) + goto end; + } + } + + if (!cms) + { + BIO_printf(bio_err, "Error creating CMS structure\n"); + goto end; + } + + ret = 4; + if (operation == SMIME_DECRYPT) + { + + if (secret_key) + { + if (!CMS_decrypt_set1_key(cms, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) + { + BIO_puts(bio_err, + "Error decrypting CMS using secret key\n"); + goto end; + } + } + + if (key) + { + if (!CMS_decrypt_set1_pkey(cms, key, recip)) + { + BIO_puts(bio_err, + "Error decrypting CMS using private key\n"); + goto end; + } + } + + if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) + { + BIO_printf(bio_err, "Error decrypting CMS structure\n"); + goto end; + } + } + else if (operation == SMIME_DATAOUT) + { + if (!CMS_data(cms, out, flags)) + goto end; + } + else if (operation == SMIME_UNCOMPRESS) + { + if (!CMS_uncompress(cms, indata, out, flags)) + goto end; + } + else if (operation == SMIME_DIGEST_VERIFY) + { + if (CMS_digest_verify(cms, indata, out, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + } + else if (operation == SMIME_ENCRYPTED_DECRYPT) + { + if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, + indata, out, flags)) + goto end; + } + else if (operation == SMIME_VERIFY) + { + if (CMS_verify(cms, other, store, indata, out, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + if (signerfile) + { + STACK_OF(X509) *signers; + signers = CMS_get0_signers(cms); + if (!save_certs(signerfile, signers)) + { + BIO_printf(bio_err, + "Error writing signers to %s\n", + signerfile); + ret = 5; + goto end; + } + sk_X509_free(signers); + } + if (rr_print) + receipt_request_print(bio_err, cms); + + } + else if (operation == SMIME_VERIFY_RECEIPT) + { + if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + } + else + { + if (outformat == FORMAT_SMIME) + { + if (to) + BIO_printf(out, "To: %s\n", to); + if (from) + BIO_printf(out, "From: %s\n", from); + if (subject) + BIO_printf(out, "Subject: %s\n", subject); + if (operation == SMIME_RESIGN) + ret = SMIME_write_CMS(out, cms, indata, flags); + else + ret = SMIME_write_CMS(out, cms, in, flags); + } + else if (outformat == FORMAT_PEM) + ret = PEM_write_bio_CMS(out, cms); + else if (outformat == FORMAT_ASN1) + ret = i2d_CMS_bio(out,cms); + else + { + BIO_printf(bio_err, "Bad output format for CMS file\n"); + goto end; + } + if (ret <= 0) + { + ret = 6; + goto end; + } + } + ret = 0; +end: + if (ret) + ERR_print_errors(bio_err); + if (need_rand) + app_RAND_write_file(NULL, bio_err); + sk_X509_pop_free(encerts, X509_free); + sk_X509_pop_free(other, X509_free); + if (vpm) + X509_VERIFY_PARAM_free(vpm); + if (sksigners) + sk_free(sksigners); + if (skkeys) + sk_free(skkeys); + if (secret_key) + OPENSSL_free(secret_key); + if (secret_keyid) + OPENSSL_free(secret_keyid); + if (econtent_type) + ASN1_OBJECT_free(econtent_type); + if (rr) + CMS_ReceiptRequest_free(rr); + if (rr_to) + sk_free(rr_to); + if (rr_from) + sk_free(rr_from); + X509_STORE_free(store); + X509_free(cert); + X509_free(recip); + X509_free(signer); + EVP_PKEY_free(key); + CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(rcms); + BIO_free(rctin); + BIO_free(in); + BIO_free(indata); + BIO_free_all(out); + if (passin) OPENSSL_free(passin); + return (ret); +} + +static int save_certs(char *signerfile, STACK_OF(X509) *signers) + { + int i; + BIO *tmp; + if (!signerfile) + return 1; + tmp = BIO_new_file(signerfile, "w"); + if (!tmp) return 0; + for(i = 0; i < sk_X509_num(signers); i++) + PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); + BIO_free(tmp); + return 1; + } + + +/* Minimal callback just to output policy info (if any) */ + +static int cms_cb(int ok, X509_STORE_CTX *ctx) + { + int error; + + error = X509_STORE_CTX_get_error(ctx); + + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) + && ((error != X509_V_OK) || (ok != 2))) + return ok; + + policies_print(NULL, ctx); + + return ok; + + } + +static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) + { + STACK_OF(GENERAL_NAME) *gens; + GENERAL_NAME *gen; + int i, j; + for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) + { + gens = sk_GENERAL_NAMES_value(gns, i); + for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) + { + gen = sk_GENERAL_NAME_value(gens, j); + BIO_puts(out, " "); + GENERAL_NAME_print(out, gen); + BIO_puts(out, "\n"); + } + } + return; + } + +static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) + { + STACK_OF(CMS_SignerInfo) *sis; + CMS_SignerInfo *si; + CMS_ReceiptRequest *rr; + int allorfirst; + STACK_OF(GENERAL_NAMES) *rto, *rlist; + ASN1_STRING *scid; + int i, rv; + sis = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) + { + si = sk_CMS_SignerInfo_value(sis, i); + rv = CMS_get1_ReceiptRequest(si, &rr); + BIO_printf(bio_err, "Signer %d:\n", i + 1); + if (rv == 0) + BIO_puts(bio_err, " No Receipt Request\n"); + else if (rv < 0) + { + BIO_puts(bio_err, " Receipt Request Parse Error\n"); + ERR_print_errors(bio_err); + } + else + { + char *id; + int idlen; + CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, + &rlist, &rto); + BIO_puts(out, " Signed Content ID:\n"); + idlen = ASN1_STRING_length(scid); + id = (char *)ASN1_STRING_data(scid); + BIO_dump_indent(out, id, idlen, 4); + BIO_puts(out, " Receipts From"); + if (rlist) + { + BIO_puts(out, " List:\n"); + gnames_stack_print(out, rlist); + } + else if (allorfirst == 1) + BIO_puts(out, ": First Tier\n"); + else if (allorfirst == 0) + BIO_puts(out, ": All\n"); + else + BIO_printf(out, " Unknown (%d)\n", allorfirst); + BIO_puts(out, " Receipts To:\n"); + gnames_stack_print(out, rto); + } + if (rr) + CMS_ReceiptRequest_free(rr); + } + } + +static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns) + { + int i; + STACK_OF(GENERAL_NAMES) *ret; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gen = NULL; + ret = sk_GENERAL_NAMES_new_null(); + if (!ret) + goto err; + for (i = 0; i < sk_num(ns); i++) + { + CONF_VALUE cnf; + cnf.name = "email"; + cnf.value = sk_value(ns, i); + gen = v2i_GENERAL_NAME(NULL, NULL, &cnf); + if (!gen) + goto err; + gens = GENERAL_NAMES_new(); + if (!gens) + goto err; + if (!sk_GENERAL_NAME_push(gens, gen)) + goto err; + gen = NULL; + if (!sk_GENERAL_NAMES_push(ret, gens)) + goto err; + gens = NULL; + } + + return ret; + + err: + if (ret) + sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); + if (gens) + GENERAL_NAMES_free(gens); + if (gen) + GENERAL_NAME_free(gen); + return NULL; + } + + +static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, + STACK *rr_from) + { + STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; + CMS_ReceiptRequest *rr; + rct_to = make_names_stack(rr_to); + if (!rct_to) + goto err; + if (rr_from) + { + rct_from = make_names_stack(rr_from); + if (!rct_from) + goto err; + } + else + rct_from = NULL; + rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, + rct_to); + return rr; + err: + return NULL; + } + +#endif diff --git a/crypto/openssl-0.9/apps/dgst.c b/crypto/openssl-0.9/apps/dgst.c index 75ddec3e5b..c5ecf93d1b 100644 --- a/crypto/openssl-0.9/apps/dgst.c +++ b/crypto/openssl-0.9/apps/dgst.c @@ -190,6 +190,8 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -227,6 +229,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); #endif diff --git a/crypto/openssl-0.9/apps/ec.c b/crypto/openssl-0.9/apps/ec.c index c63437fe2a..771e15f357 100644 --- a/crypto/openssl-0.9/apps/ec.c +++ b/crypto/openssl-0.9/apps/ec.c @@ -244,7 +244,7 @@ bad: " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " "encoding\n"); - BIO_printf(bio_err, " possilbe values:" + BIO_printf(bio_err, " possible values:" " named_curve (default)\n"); BIO_printf(bio_err," " "explicit\n"); diff --git a/crypto/openssl-0.9/apps/ocsp.c b/crypto/openssl-0.9/apps/ocsp.c index 3dc36c4bdc..1001f3b25d 100644 --- a/crypto/openssl-0.9/apps/ocsp.c +++ b/crypto/openssl-0.9/apps/ocsp.c @@ -56,15 +56,14 @@ * */ #ifndef OPENSSL_NO_OCSP - +#define USE_SOCKETS #include +#include #include -#include "apps.h" -#include -#include -#include +#include "apps.h" /* needs to be included before the openssl headers! */ +#include #include -#include +#include /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -86,6 +85,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); +static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + OCSP_REQUEST *req, int req_timeout); #undef PROG #define PROG ocsp_main @@ -112,11 +113,11 @@ int MAIN(int argc, char **argv) BIO *acbio = NULL, *cbio = NULL; BIO *derbio = NULL; BIO *out = NULL; + int req_timeout = -1; int req_text = 0, resp_text = 0; long nsec = MAX_VALIDITY_PERIOD, maxage = -1; char *CAfile = NULL, *CApath = NULL; X509_STORE *store = NULL; - SSL_CTX *ctx = NULL; STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; @@ -154,6 +155,22 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-timeout")) + { + if (args[1]) + { + args++; + req_timeout = atol(*args); + if (req_timeout < 0) + { + BIO_printf(bio_err, + "Illegal timeout value %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } else if (!strcmp(*args, "-url")) { if (args[1]) @@ -703,52 +720,14 @@ int MAIN(int argc, char **argv) else if (host) { #ifndef OPENSSL_NO_SOCK - cbio = BIO_new_connect(host); + resp = process_responder(bio_err, req, host, path, + port, use_ssl, req_timeout); + if (!resp) + goto end; #else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; #endif - if (!cbio) - { - BIO_printf(bio_err, "Error creating connect BIO\n"); - goto end; - } - if (port) BIO_set_conn_port(cbio, port); - if (use_ssl == 1) - { - BIO *sbio; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv23_client_method()); -#elif !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv3_client_method()); -#elif !defined(OPENSSL_NO_SSL2) - ctx = SSL_CTX_new(SSLv2_client_method()); -#else - BIO_printf(bio_err, "SSL is disabled\n"); - goto end; -#endif - if (ctx == NULL) - { - BIO_printf(bio_err, "Error creating SSL context.\n"); - goto end; - } - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); - sbio = BIO_new_ssl(ctx, 1); - cbio = BIO_push(sbio, cbio); - } - if (BIO_do_connect(cbio) <= 0) - { - BIO_printf(bio_err, "Error connecting BIO\n"); - goto end; - } - resp = OCSP_sendreq_bio(cbio, path, req); - BIO_free_all(cbio); - cbio = NULL; - if (!resp) - { - BIO_printf(bio_err, "Error querying OCSP responsder\n"); - goto end; - } } else if (respin) { @@ -897,7 +876,6 @@ end: OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); - SSL_CTX_free(ctx); } OPENSSL_EXIT(ret); @@ -1121,6 +1099,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) char *itmp, *row[DB_NUMBER],**rrow; for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; bn = ASN1_INTEGER_to_BN(ser,NULL); + OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ if (BN_is_zero(bn)) itmp = BUF_strdup("00"); else @@ -1231,4 +1210,137 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } +static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + OCSP_REQUEST *req, int req_timeout) + { + int fd; + int rv; + OCSP_REQ_CTX *ctx = NULL; + OCSP_RESPONSE *rsp = NULL; + fd_set confds; + struct timeval tv; + + if (req_timeout != -1) + BIO_set_nbio(cbio, 1); + + rv = BIO_do_connect(cbio); + + if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) + { + BIO_puts(err, "Error connecting BIO\n"); + return NULL; + } + + if (req_timeout == -1) + return OCSP_sendreq_bio(cbio, path, req); + + if (BIO_get_fd(cbio, &fd) <= 0) + { + BIO_puts(err, "Can't get connection fd\n"); + goto err; + } + + if (rv <= 0) + { + FD_ZERO(&confds); + openssl_fdset(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = req_timeout; + rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); + if (rv == 0) + { + BIO_puts(err, "Timeout on connect\n"); + return NULL; + } + } + + + ctx = OCSP_sendreq_new(cbio, path, req, -1); + if (!ctx) + return NULL; + + for (;;) + { + rv = OCSP_sendreq_nbio(&rsp, ctx); + if (rv != -1) + break; + FD_ZERO(&confds); + openssl_fdset(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = req_timeout; + if (BIO_should_read(cbio)) + rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); + else if (BIO_should_write(cbio)) + rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); + else + { + BIO_puts(err, "Unexpected retry condition\n"); + goto err; + } + if (rv == 0) + { + BIO_puts(err, "Timeout on request\n"); + break; + } + if (rv == -1) + { + BIO_puts(err, "Select error\n"); + break; + } + + } + err: + if (ctx) + OCSP_REQ_CTX_free(ctx); + + return rsp; + } + +OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, + char *host, char *path, char *port, int use_ssl, + int req_timeout) + { + BIO *cbio = NULL; + SSL_CTX *ctx = NULL; + OCSP_RESPONSE *resp = NULL; + cbio = BIO_new_connect(host); + if (!cbio) + { + BIO_printf(err, "Error creating connect BIO\n"); + goto end; + } + if (port) BIO_set_conn_port(cbio, port); + if (use_ssl == 1) + { + BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(err, "SSL is disabled\n"); + goto end; +#endif + if (ctx == NULL) + { + BIO_printf(err, "Error creating SSL context.\n"); + goto end; + } + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + sbio = BIO_new_ssl(ctx, 1); + cbio = BIO_push(sbio, cbio); + } + resp = query_responder(err, cbio, path, req, req_timeout); + if (!resp) + BIO_printf(bio_err, "Error querying OCSP responsder\n"); + end: + if (ctx) + SSL_CTX_free(ctx); + if (cbio) + BIO_free_all(cbio); + return resp; + } + #endif diff --git a/crypto/openssl-0.9/apps/progs.h b/crypto/openssl-0.9/apps/progs.h index 89e1e059bd..aafd800bdf 100644 --- a/crypto/openssl-0.9/apps/progs.h +++ b/crypto/openssl-0.9/apps/progs.h @@ -28,6 +28,7 @@ extern int speed_main(int argc,char *argv[]); extern int s_time_main(int argc,char *argv[]); extern int version_main(int argc,char *argv[]); extern int pkcs7_main(int argc,char *argv[]); +extern int cms_main(int argc,char *argv[]); extern int crl2pkcs7_main(int argc,char *argv[]); extern int sess_id_main(int argc,char *argv[]); extern int ciphers_main(int argc,char *argv[]); @@ -109,6 +110,9 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"version",version_main}, {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, +#ifndef OPENSSL_NO_CMS + {FUNC_TYPE_GENERAL,"cms",cms_main}, +#endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) diff --git a/crypto/openssl-0.9/apps/req.c b/crypto/openssl-0.9/apps/req.c index f58e65ec85..5ed08960c1 100644 --- a/crypto/openssl-0.9/apps/req.c +++ b/crypto/openssl-0.9/apps/req.c @@ -719,8 +719,7 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || - EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) + else { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) diff --git a/crypto/openssl-0.9/apps/rsautl.c b/crypto/openssl-0.9/apps/rsautl.c index 463890950e..f3c458ed27 100644 --- a/crypto/openssl-0.9/apps/rsautl.c +++ b/crypto/openssl-0.9/apps/rsautl.c @@ -119,24 +119,36 @@ int MAIN(int argc, char **argv) while(argc >= 1) { if (!strcmp(*argv,"-in")) { - if (--argc < 1) badarg = 1; - infile= *(++argv); + if (--argc < 1) + badarg = 1; + else + infile= *(++argv); } else if (!strcmp(*argv,"-out")) { - if (--argc < 1) badarg = 1; - outfile= *(++argv); + if (--argc < 1) + badarg = 1; + else + outfile= *(++argv); } else if(!strcmp(*argv, "-inkey")) { - if (--argc < 1) badarg = 1; - keyfile = *(++argv); + if (--argc < 1) + badarg = 1; + else + keyfile = *(++argv); } else if (!strcmp(*argv,"-passin")) { - if (--argc < 1) badarg = 1; - passargin= *(++argv); + if (--argc < 1) + badarg = 1; + else + passargin= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { - if (--argc < 1) badarg = 1; - keyform=str2fmt(*(++argv)); + if (--argc < 1) + badarg = 1; + else + keyform=str2fmt(*(++argv)); #ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { - if (--argc < 1) badarg = 1; - engine = *(++argv); + if (--argc < 1) + badarg = 1; + else + engine = *(++argv); #endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; diff --git a/crypto/openssl-0.9/apps/s_client.c b/crypto/openssl-0.9/apps/s_client.c index d240fe2a98..a4983c178f 100644 --- a/crypto/openssl-0.9/apps/s_client.c +++ b/crypto/openssl-0.9/apps/s_client.c @@ -134,6 +134,7 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" #include "timeouts.h" @@ -173,12 +174,16 @@ static int c_Pause=0; static int c_debug=0; #ifndef OPENSSL_NO_TLSEXT static int c_tlsextdebug=0; +static int c_status_req=0; #endif static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); +#ifndef OPENSSL_NO_TLSEXT +static int ocsp_resp_cb(SSL *s, void *arg); +#endif static BIO *bio_c_out=NULL; static int c_quiet=0; static int c_ign_eof=0; @@ -239,6 +244,7 @@ static void sc_usage(void) #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); #endif } @@ -435,6 +441,8 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-tlsextdebug") == 0) c_tlsextdebug=1; + else if (strcmp(*argv,"-status") == 0) + c_status_req=1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) @@ -826,6 +834,23 @@ re_start: SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } + if (c_status_req) + { + SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); + SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); + SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); +#if 0 +{ +STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); +OCSP_RESPID *id = OCSP_RESPID_new(); +id->value.byKey = ASN1_OCTET_STRING_new(); +id->type = V_OCSP_RESPID_KEY; +ASN1_STRING_set(id->value.byKey, "Hello World", -1); +sk_OCSP_RESPID_push(ids, id); +SSL_set_tlsext_status_ids(con, ids); +} +#endif + } #endif SSL_set_bio(con,sbio,sbio); @@ -1430,3 +1455,31 @@ static void print_stuff(BIO *bio, SSL *s, int full) (void)BIO_flush(bio); } +#ifndef OPENSSL_NO_TLSEXT + +static int ocsp_resp_cb(SSL *s, void *arg) + { + const unsigned char *p; + int len; + OCSP_RESPONSE *rsp; + len = SSL_get_tlsext_status_ocsp_resp(s, &p); + BIO_puts(arg, "OCSP response: "); + if (!p) + { + BIO_puts(arg, "no response sent\n"); + return 1; + } + rsp = d2i_OCSP_RESPONSE(NULL, &p, len); + if (!rsp) + { + BIO_puts(arg, "response parse error\n"); + BIO_dump_indent(arg, (char *)p, len, 4); + return 0; + } + BIO_puts(arg, "\n======================================\n"); + OCSP_RESPONSE_print(arg, rsp, 0); + BIO_puts(arg, "======================================\n"); + OCSP_RESPONSE_free(rsp); + return 1; + } +#endif /* ndef OPENSSL_NO_TLSEXT */ diff --git a/crypto/openssl-0.9/apps/s_server.c b/crypto/openssl-0.9/apps/s_server.c index 7c5775f81c..7919c437c6 100644 --- a/crypto/openssl-0.9/apps/s_server.c +++ b/crypto/openssl-0.9/apps/s_server.c @@ -153,6 +153,7 @@ typedef unsigned int u_int; #include #include #include +#include #ifndef OPENSSL_NO_DH #include #endif @@ -269,6 +270,8 @@ static BIO *bio_s_out=NULL; static int s_debug=0; #ifndef OPENSSL_NO_TLSEXT static int s_tlsextdebug=0; +static int s_tlsextstatus=0; +static int cert_status_cb(SSL *s, void *arg); #endif static int s_msg=0; static int s_quiet=0; @@ -330,6 +333,11 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); @@ -585,6 +593,152 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) } return SSL_TLSEXT_ERR_OK; } + +/* Structure passed to cert status callback */ + +typedef struct tlsextstatusctx_st { + /* Default responder to use */ + char *host, *path, *port; + int use_ssl; + int timeout; + BIO *err; + int verbose; +} tlsextstatusctx; + +static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; + +/* Certificate Status callback. This is called when a client includes a + * certificate status request extension. + * + * This is a simplified version. It examines certificates each time and + * makes one OCSP responder query for each request. + * + * A full version would store details such as the OCSP certificate IDs and + * minimise the number of OCSP responses by caching them until they were + * considered "expired". + */ + +static int cert_status_cb(SSL *s, void *arg) + { + tlsextstatusctx *srctx = arg; + BIO *err = srctx->err; + char *host, *port, *path; + int use_ssl; + unsigned char *rspder = NULL; + int rspderlen; + STACK *aia = NULL; + X509 *x = NULL; + X509_STORE_CTX inctx; + X509_OBJECT obj; + OCSP_REQUEST *req = NULL; + OCSP_RESPONSE *resp = NULL; + OCSP_CERTID *id = NULL; + STACK_OF(X509_EXTENSION) *exts; + int ret = SSL_TLSEXT_ERR_NOACK; + int i; +#if 0 +STACK_OF(OCSP_RESPID) *ids; +SSL_get_tlsext_status_ids(s, &ids); +BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); +#endif + if (srctx->verbose) + BIO_puts(err, "cert_status: callback called\n"); + /* Build up OCSP query from server certificate */ + x = SSL_get_certificate(s); + aia = X509_get1_ocsp(x); + if (aia) + { + if (!OCSP_parse_url(sk_value(aia, 0), + &host, &port, &path, &use_ssl)) + { + BIO_puts(err, "cert_status: can't parse AIA URL\n"); + goto err; + } + if (srctx->verbose) + BIO_printf(err, "cert_status: AIA URL: %s\n", + sk_value(aia, 0)); + } + else + { + if (!srctx->host) + { + BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); + goto done; + } + host = srctx->host; + path = srctx->path; + port = srctx->port; + use_ssl = srctx->use_ssl; + } + + if (!X509_STORE_CTX_init(&inctx, + SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), + NULL, NULL)) + goto err; + if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, + X509_get_issuer_name(x),&obj) <= 0) + { + BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); + X509_STORE_CTX_cleanup(&inctx); + goto done; + } + req = OCSP_REQUEST_new(); + if (!req) + goto err; + id = OCSP_cert_to_id(NULL, x, obj.data.x509); + X509_free(obj.data.x509); + X509_STORE_CTX_cleanup(&inctx); + if (!id) + goto err; + if (!OCSP_request_add0_id(req, id)) + goto err; + id = NULL; + /* Add any extensions to the request */ + SSL_get_tlsext_status_exts(s, &exts); + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) + { + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + if (!OCSP_REQUEST_add_ext(req, ext, -1)) + goto err; + } + resp = process_responder(err, req, host, path, port, use_ssl, + srctx->timeout); + if (!resp) + { + BIO_puts(err, "cert_status: error querying responder\n"); + goto done; + } + rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); + if (rspderlen <= 0) + goto err; + SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); + if (srctx->verbose) + { + BIO_puts(err, "cert_status: ocsp response sent:\n"); + OCSP_RESPONSE_print(err, resp, 2); + } + ret = SSL_TLSEXT_ERR_OK; + done: + if (ret != SSL_TLSEXT_ERR_OK) + ERR_print_errors(err); + if (aia) + { + OPENSSL_free(host); + OPENSSL_free(path); + OPENSSL_free(port); + X509_email_free(aia); + } + if (id) + OCSP_CERTID_free(id); + if (req) + OCSP_REQUEST_free(req); + if (resp) + OCSP_RESPONSE_free(resp); + return ret; + err: + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + goto done; + } #endif int MAIN(int, char **); @@ -760,7 +914,7 @@ int MAIN(int argc, char *argv[]) { vflags |= X509_V_FLAG_CRL_CHECK; } - else if (strcmp(*argv,"-crl_check") == 0) + else if (strcmp(*argv,"-crl_check_all") == 0) { vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; } @@ -792,6 +946,33 @@ int MAIN(int argc, char *argv[]) #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-tlsextdebug") == 0) s_tlsextdebug=1; + else if (strcmp(*argv,"-status") == 0) + s_tlsextstatus=1; + else if (strcmp(*argv,"-status_verbose") == 0) + { + s_tlsextstatus=1; + tlscstatp.verbose = 1; + } + else if (!strcmp(*argv, "-status_timeout")) + { + s_tlsextstatus=1; + if (--argc < 1) goto bad; + tlscstatp.timeout = atoi(*(++argv)); + } + else if (!strcmp(*argv, "-status_url")) + { + s_tlsextstatus=1; + if (--argc < 1) goto bad; + if (!OCSP_parse_url(*(++argv), + &tlscstatp.host, + &tlscstatp.port, + &tlscstatp.path, + &tlscstatp.use_ssl)) + { + BIO_printf(bio_err, "Error parsing URL\n"); + goto bad; + } + } #endif else if (strcmp(*argv,"-msg") == 0) { s_msg=1; } @@ -1430,6 +1611,12 @@ static int sv_body(char *hostname, int s, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } + if (s_tlsextstatus) + { + SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); + tlscstatp.err = bio_err; + SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); + } #endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) diff --git a/crypto/openssl-0.9/apps/speed.c b/crypto/openssl-0.9/apps/speed.c index 85f559ed81..8a1974f5fe 100644 --- a/crypto/openssl-0.9/apps/speed.c +++ b/crypto/openssl-0.9/apps/speed.c @@ -577,7 +577,7 @@ int MAIN(int argc, char **argv) #define MAX_BLOCK_SIZE 64 #endif unsigned char DES_iv[8]; - unsigned char iv[MAX_BLOCK_SIZE/8]; + unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; diff --git a/crypto/openssl-0.9/apps/x509.c b/crypto/openssl-0.9/apps/x509.c index 5f61eb5c46..f6938356f8 100644 --- a/crypto/openssl-0.9/apps/x509.c +++ b/crypto/openssl-0.9/apps/x509.c @@ -114,6 +114,7 @@ static const char *x509_usage[]={ " -alias - output certificate alias\n", " -noout - no certificate output\n", " -ocspid - print OCSP hash values for the subject name and public key\n", +" -ocspurl - print OCSP Responder URL(s)\n", " -trustout - output a \"trusted\" certificate\n", " -clrtrust - clear all trusted purposes\n", " -clrreject - clear all rejected purposes\n", @@ -179,6 +180,7 @@ int MAIN(int argc, char **argv) int next_serial=0; int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; + int ocsp_uri=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; @@ -378,6 +380,8 @@ int MAIN(int argc, char **argv) C= ++num; else if (strcmp(*argv,"-email") == 0) email= ++num; + else if (strcmp(*argv,"-ocsp_uri") == 0) + ocsp_uri= ++num; else if (strcmp(*argv,"-serial") == 0) serial= ++num; else if (strcmp(*argv,"-next_serial") == 0) @@ -731,11 +735,14 @@ bad: ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); } - else if (email == i) + else if ((email == i) || (ocsp_uri == i)) { int j; STACK *emlst; - emlst = X509_get1_email(x); + if (email == i) + emlst = X509_get1_email(x); + else + emlst = X509_get1_ocsp(x); for (j = 0; j < sk_num(emlst); j++) BIO_printf(STDout, "%s\n", sk_value(emlst, j)); X509_email_free(emlst); diff --git a/crypto/openssl-0.9/crypto/aes/aes.h b/crypto/openssl-0.9/crypto/aes/aes.h index e6fc44a24d..baf0222d49 100644 --- a/crypto/openssl-0.9/crypto/aes/aes.h +++ b/crypto/openssl-0.9/crypto/aes/aes.h @@ -130,6 +130,12 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key2, const unsigned char *ivec, const int enc); +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); #ifdef __cplusplus } diff --git a/crypto/openssl-0.9/crypto/aes/aes_wrap.c b/crypto/openssl-0.9/crypto/aes/aes_wrap.c new file mode 100644 index 0000000000..9feacd65d8 --- /dev/null +++ b/crypto/openssl-0.9/crypto/aes/aes_wrap.c @@ -0,0 +1,259 @@ +/* crypto/aes/aes_wrap.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include + +static const unsigned char default_iv[] = { + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +}; + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { + unsigned char *A, B[16], *R; + unsigned int i, j, t; + if ((inlen & 0x7) || (inlen < 8)) + return -1; + A = B; + t = 1; + memcpy(out + 8, in, inlen); + if (!iv) + iv = default_iv; + + memcpy(A, iv, 8); + + for (j = 0; j < 6; j++) + { + R = out + 8; + for (i = 0; i < inlen; i += 8, t++, R += 8) + { + memcpy(B + 8, R, 8); + AES_encrypt(B, B, key); + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) + { + A[6] ^= (unsigned char)((t & 0xff) >> 8); + A[5] ^= (unsigned char)((t & 0xff) >> 16); + A[4] ^= (unsigned char)((t & 0xff) >> 24); + } + memcpy(R, B + 8, 8); + } + } + memcpy(out, A, 8); + return inlen + 8; + } + +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { + unsigned char *A, B[16], *R; + unsigned int i, j, t; + inlen -= 8; + if (inlen & 0x7) + return -1; + if (inlen < 8) + return -1; + A = B; + t = 6 * (inlen >> 3); + memcpy(A, in, 8); + memcpy(out, in + 8, inlen); + for (j = 0; j < 6; j++) + { + R = out + inlen - 8; + for (i = 0; i < inlen; i += 8, t--, R -= 8) + { + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) + { + A[6] ^= (unsigned char)((t & 0xff) >> 8); + A[5] ^= (unsigned char)((t & 0xff) >> 16); + A[4] ^= (unsigned char)((t & 0xff) >> 24); + } + memcpy(B + 8, R, 8); + AES_decrypt(B, B, key); + memcpy(R, B + 8, 8); + } + } + if (!iv) + iv = default_iv; + if (memcmp(A, iv, 8)) + { + OPENSSL_cleanse(out, inlen); + return 0; + } + return inlen; + } + +#ifdef AES_WRAP_TEST + +int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, + const unsigned char *iv, + const unsigned char *eout, + const unsigned char *key, int keylen) + { + unsigned char *otmp = NULL, *ptmp = NULL; + int r, ret = 0; + AES_KEY wctx; + otmp = OPENSSL_malloc(keylen + 8); + ptmp = OPENSSL_malloc(keylen); + if (!otmp || !ptmp) + return 0; + if (AES_set_encrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_wrap_key(&wctx, iv, otmp, key, keylen); + if (r <= 0) + goto err; + + if (eout && memcmp(eout, otmp, keylen)) + goto err; + + if (AES_set_decrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); + + if (memcmp(key, ptmp, keylen)) + goto err; + + ret = 1; + + err: + if (otmp) + OPENSSL_free(otmp); + if (ptmp) + OPENSSL_free(ptmp); + + return ret; + + } + + + +int main(int argc, char **argv) +{ + +static const unsigned char kek[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +static const unsigned char key[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +static const unsigned char e1[] = { + 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, + 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, + 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 +}; + +static const unsigned char e2[] = { + 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, + 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, + 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d +}; + +static const unsigned char e3[] = { + 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, + 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, + 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 +}; + +static const unsigned char e4[] = { + 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, + 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, + 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, + 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 +}; + +static const unsigned char e5[] = { + 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, + 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, + 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, + 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 +}; + +static const unsigned char e6[] = { + 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, + 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, + 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, + 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, + 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 +}; + + AES_KEY wctx, xctx; + int ret; + ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); + fprintf(stderr, "Key test result %d\n", ret); +} + + +#endif diff --git a/crypto/openssl-0.9/crypto/asn1/a_object.c b/crypto/openssl-0.9/crypto/asn1/a_object.c index a36356e344..dc980421d0 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_object.c +++ b/crypto/openssl-0.9/crypto/asn1/a_object.c @@ -62,6 +62,7 @@ #include #include #include +#include int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { diff --git a/crypto/openssl-0.9/crypto/asn1/a_type.c b/crypto/openssl-0.9/crypto/asn1/a_type.c index a6acef16f3..36beceacdb 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_type.c +++ b/crypto/openssl-0.9/crypto/asn1/a_type.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include int ASN1_TYPE_get(ASN1_TYPE *a) { @@ -79,6 +80,31 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) a->value.ptr=value; } +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) + { + if (!value || (type == V_ASN1_BOOLEAN)) + { + void *p = (void *)value; + ASN1_TYPE_set(a, type, p); + } + else if (type == V_ASN1_OBJECT) + { + ASN1_OBJECT *odup; + odup = OBJ_dup(value); + if (!odup) + return 0; + ASN1_TYPE_set(a, type, odup); + } + else + { + ASN1_STRING *sdup; + sdup = ASN1_STRING_dup((ASN1_STRING *)value); + if (!sdup) + return 0; + ASN1_TYPE_set(a, type, sdup); + } + return 1; + } IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) diff --git a/crypto/openssl-0.9/crypto/asn1/asn1.h b/crypto/openssl-0.9/crypto/asn1/asn1.h index f15131ea3e..424cd348bb 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1.h +++ b/crypto/openssl-0.9/crypto/asn1/asn1.h @@ -158,7 +158,12 @@ extern "C" { #define MBSTRING_BMP (MBSTRING_FLAG|2) #define MBSTRING_UNIV (MBSTRING_FLAG|4) +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 + struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ @@ -218,6 +223,13 @@ typedef struct asn1_object_st * be inserted in the memory buffer */ #define ASN1_STRING_FLAG_NDEF 0x010 + +/* This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been + * accessed. The flag will be reset when content has been written to it. + */ +#define ASN1_STRING_FLAG_CONT 0x020 + /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { @@ -311,8 +323,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; int i2d_##name##_NDEF(name *a, unsigned char **out); #define DECLARE_ASN1_FUNCTIONS_const(name) \ - name *name##_new(void); \ - void name##_free(name *a); + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ type *name##_new(void); \ @@ -522,6 +534,7 @@ typedef struct asn1_type_st * contain the set or sequence bytes */ ASN1_STRING * set; ASN1_STRING * sequence; + ASN1_VALUE * asn1_value; } value; } ASN1_TYPE; @@ -752,6 +765,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -774,6 +788,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); /* Since this is used to store all sorts of things, via macros, for now, make its data void * */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); int ASN1_STRING_length(ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); int ASN1_STRING_type(ASN1_STRING *x); @@ -926,6 +941,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); void *ASN1_item_dup(const ASN1_ITEM *it, void *x); +/* ASN1 alloc/free macros for when a type is only used internally */ + +#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +#define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + #ifndef OPENSSL_NO_FP_API void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); @@ -1054,7 +1075,17 @@ void ASN1_add_oid_module(void); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); - + +typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it); + +int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, + asn1_output_data_fn *data_fn, + const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -1104,6 +1135,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_ITEM_VERIFY 197 #define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 +#define ASN1_F_ASN1_OUTPUT_DATA 207 #define ASN1_F_ASN1_PACK_STRING 124 #define ASN1_F_ASN1_PCTX_NEW 205 #define ASN1_F_ASN1_PKCS5_PBE_SET 125 @@ -1123,6 +1155,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_UNPACK_STRING 136 #define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_B64_READ_ASN1 208 +#define ASN1_F_B64_WRITE_ASN1 209 #define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 @@ -1163,6 +1197,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_PKCS5_PBE_SET 202 +#define ASN1_F_SMIME_READ_ASN1 210 +#define ASN1_F_SMIME_TEXT 211 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 #define ASN1_F_X509_INFO_NEW 170 @@ -1174,6 +1210,8 @@ void ERR_load_ASN1_strings(void); /* Reason codes. */ #define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 198 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 199 #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 @@ -1220,6 +1258,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 200 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 @@ -1229,6 +1268,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 #define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 201 +#define ASN1_R_MIME_PARSE_ERROR 202 +#define ASN1_R_MIME_SIG_PARSE_ERROR 203 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 #define ASN1_R_MISSING_VALUE 189 @@ -1238,7 +1280,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_NON_HEX_CHARACTERS 141 #define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 204 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 +#define ASN1_R_NO_MULTIPART_BOUNDARY 206 +#define ASN1_R_NO_SIG_CONTENT_TYPE 207 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 @@ -1248,6 +1294,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 208 +#define ASN1_R_STREAMING_NOT_SUPPORTED 209 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_err.c b/crypto/openssl-0.9/crypto/asn1/asn1_err.c index f6b5c3f3dd..f8a3e2e6cd 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_err.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -110,6 +110,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, +{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, @@ -129,6 +130,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, +{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, +{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, @@ -169,6 +172,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, +{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, +{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, @@ -183,6 +188,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= static ERR_STRING_DATA ASN1_str_reasons[]= { {ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, +{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"}, +{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"}, {ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, {ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, @@ -229,6 +236,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, +{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, @@ -238,6 +246,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, {ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, +{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"}, +{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"}, +{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"}, {ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, {ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, @@ -247,7 +258,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, +{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, +{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, @@ -257,6 +272,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, {ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, +{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"}, {ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, {ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_lib.c b/crypto/openssl-0.9/crypto/asn1/asn1_lib.c index d5ae5b2258..5af559ef8d 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_lib.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_lib.c @@ -393,6 +393,14 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) return(1); } +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) + { + if (str->data) + OPENSSL_free(str->data); + str->data = data; + str->length = len; + } + ASN1_STRING *ASN1_STRING_new(void) { return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); diff --git a/crypto/openssl-0.9/crypto/asn1/asn1t.h b/crypto/openssl-0.9/crypto/asn1/asn1t.h index adbc2a63dd..bf315e65ed 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1t.h +++ b/crypto/openssl-0.9/crypto/asn1/asn1t.h @@ -169,6 +169,9 @@ extern "C" { #define ASN1_NDEF_SEQUENCE(tname) \ ASN1_SEQUENCE(tname) +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + #define ASN1_SEQUENCE_cb(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) @@ -368,6 +371,10 @@ extern "C" { #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +/* EXPLICIT using indefinite length constructed form */ +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + /* EXPLICIT OPTIONAL using indefinite length constructed form */ #define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) diff --git a/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c b/crypto/openssl-0.9/crypto/asn1/asn_mime.c similarity index 75% copy from crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c copy to crypto/openssl-0.9/crypto/asn1/asn_mime.c index 25566a4c21..fe7c4ec7ab 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c +++ b/crypto/openssl-0.9/crypto/asn1/asn_mime.c @@ -1,9 +1,9 @@ -/* pk7_mime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* asn_mime.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -50,10 +50,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ #include @@ -61,8 +57,12 @@ #include "cryptlib.h" #include #include +#include +#include -/* MIME and related routines */ +/* Generalised MIME like utilities for streaming ASN1. Although many + * have a PKCS7/CMS like flavour others are more general purpose. + */ /* MIME format structures * Note that all are translated to lower case apart from @@ -86,9 +86,6 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ DECLARE_STACK_OF(MIME_HEADER) IMPLEMENT_STACK_OF(MIME_HEADER) -static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); -static PKCS7 *B64_read_PKCS7(BIO *bio); static char * strip_ends(char *name); static char * strip_start(char *name); static char * strip_end(char *name); @@ -110,57 +107,123 @@ static void mime_hdr_free(MIME_HEADER *hdr); #define MAX_SMLEN 1024 #define mime_debug(x) /* x */ -/* Base 64 read and write of PKCS#7 structure */ +/* Base 64 read and write of ASN1 structure */ -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) -{ +static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it) + { BIO *b64; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); + int r; + b64 = BIO_new(BIO_f_base64()); + if(!b64) + { + ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE); return 0; - } - bio = BIO_push(b64, bio); - i2d_PKCS7_bio(bio, p7); - (void)BIO_flush(bio); - bio = BIO_pop(bio); + } + /* prepend the b64 BIO so all data is base64 encoded. + */ + out = BIO_push(b64, out); + r = ASN1_item_i2d_bio(it, out, val); + (void)BIO_flush(out); + BIO_pop(out); BIO_free(b64); - return 1; -} + return r; + } -static PKCS7 *B64_read_PKCS7(BIO *bio) +static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) { BIO *b64; - PKCS7 *p7; + ASN1_VALUE *val; if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE); return 0; } bio = BIO_push(b64, bio); - if(!(p7 = d2i_PKCS7_bio(bio, NULL))) - PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); + val = ASN1_item_d2i_bio(it, bio, NULL); + if(!val) + ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR); (void)BIO_flush(bio); bio = BIO_pop(bio); BIO_free(b64); - return p7; + return val; } +/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ + +static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + { + const EVP_MD *md; + int i, have_unknown = 0, write_comma, md_nid; + have_unknown = 0; + write_comma = 0; + for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) + { + if (write_comma) + BIO_write(out, ",", 1); + write_comma = 1; + md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + md = EVP_get_digestbynid(md_nid); + switch(md_nid) + { + case NID_sha1: + BIO_puts(out, "sha1"); + break; + + case NID_md5: + BIO_puts(out, "md5"); + break; + + case NID_sha256: + BIO_puts(out, "sha-256"); + break; + + case NID_sha384: + BIO_puts(out, "sha-384"); + break; + + case NID_sha512: + BIO_puts(out, "sha-512"); + break; + + default: + if (have_unknown) + write_comma = 0; + else + { + BIO_puts(out, "unknown"); + have_unknown = 1; + } + break; + + } + } + + return 1; + + } + /* SMIME sender */ -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, + asn1_output_data_fn *data_fn, + const ASN1_ITEM *it) { char bound[33], c; int i; - char *mime_prefix, *mime_eol, *msg_type=NULL; - if (flags & PKCS7_NOOLDMIMETYPE) - mime_prefix = "application/pkcs7-"; - else + const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; + const char *msg_type=NULL; + if (flags & SMIME_OLDMIME) mime_prefix = "application/x-pkcs7-"; + else + mime_prefix = "application/pkcs7-"; - if (flags & PKCS7_CRLFEOL) + if (flags & SMIME_CRLFEOL) mime_eol = "\r\n"; else mime_eol = "\n"; - if((flags & PKCS7_DETACHED) && data) { + if((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ RAND_pseudo_bytes((unsigned char *)bound, 32); @@ -174,13 +237,16 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + BIO_puts(bio, " micalg=\""); + asn1_write_micalg(bio, mdalgs); + BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", bound, mime_eol, mime_eol); BIO_printf(bio, "This is an S/MIME signed message%s%s", mime_eol, mime_eol); /* Now write out the first part */ BIO_printf(bio, "------%s%s", bound, mime_eol); - pkcs7_output_data(bio, data, p7, flags); + if (!data_fn(bio, data, val, flags, it)) + return 0; BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ @@ -192,7 +258,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) BIO_printf(bio, "Content-Disposition: attachment;"); BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); + B64_write_ASN1(bio, val, NULL, 0, it); BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, mime_eol, mime_eol); return 1; @@ -200,100 +266,119 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) /* Determine smime-type header */ - if (PKCS7_type_is_enveloped(p7)) + if (ctype_nid == NID_pkcs7_enveloped) msg_type = "enveloped-data"; - else if (PKCS7_type_is_signed(p7)) + else if (ctype_nid == NID_pkcs7_signed) { - /* If we have any signers it is signed-data othewise - * certs-only. - */ - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - sinfos = PKCS7_get_signer_info(p7); - if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0) + if (econt_nid == NID_id_smime_ct_receipt) + msg_type = "signed-receipt"; + else if (sk_X509_ALGOR_num(mdalgs) >= 0) msg_type = "signed-data"; else msg_type = "certs-only"; } + else if (ctype_nid == NID_id_smime_ct_compressedData) + { + msg_type = "compressed-data"; + cname = "smime.p7z"; + } /* MIME headers */ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); BIO_printf(bio, "Content-Type: %smime;", mime_prefix); if (msg_type) BIO_printf(bio, " smime-type=%s;", msg_type); - BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); + if (!B64_write_ASN1(bio, val, data, flags, it)) + return 0; BIO_printf(bio, "%s", mime_eol); return 1; } -/* Handle output of PKCS#7 data */ +#if 0 +/* Handle output of ASN1 data */ -static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) + +static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) { - BIO *tmpbio, *p7bio; + BIO *tmpbio; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; - if (!(flags & PKCS7_STREAM)) + if (!(flags & SMIME_DETACHED)) { SMIME_crlf_copy(data, out, flags); return 1; } - /* Partial sign operation */ + if (!aux || !aux->asn1_cb) + { + ASN1err(ASN1_F_ASN1_OUTPUT_DATA, + ASN1_R_STREAMING_NOT_SUPPORTED); + return 0; + } - /* Initialize sign operation */ - p7bio = PKCS7_dataInit(p7, out); + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; - /* Copy data across, computing digests etc */ - SMIME_crlf_copy(data, p7bio, flags); + /* Let ASN1 code prepend any needed BIOs */ - /* Must be detached */ - PKCS7_set_detached(p7, 1); + if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ + SMIME_crlf_copy(data, sarg.ndef_bio, flags); - /* Finalize signatures */ - PKCS7_dataFinal(p7, p7bio); + /* Finalize structure */ + if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) + return 0; /* Now remove any digests prepended to the BIO */ - while (p7bio != out) + while (sarg.ndef_bio != out) { - tmpbio = BIO_pop(p7bio); - BIO_free(p7bio); - p7bio = tmpbio; + tmpbio = BIO_pop(sarg.ndef_bio); + BIO_free(sarg.ndef_bio); + sarg.ndef_bio = tmpbio; } return 1; } +#endif + /* SMIME reader: handle multipart/signed and opaque signing. * in multipart case the content is placed in a memory BIO * pointed to by "bcont". In opaque this is set to NULL */ -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) { - BIO *p7in; + BIO *asnin; STACK_OF(MIME_HEADER) *headers = NULL; STACK_OF(BIO) *parts = NULL; MIME_HEADER *hdr; MIME_PARAM *prm; - PKCS7 *p7; + ASN1_VALUE *val; int ret; if(bcont) *bcont = NULL; if (!(headers = mime_parse_hdr(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR); return NULL; } if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); return NULL; } @@ -304,22 +389,22 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) prm = mime_param_find(hdr, "boundary"); if(!prm || !prm->param_value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); return NULL; } ret = multi_split(bio, prm->param_value, &parts); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); if(!ret || (sk_BIO_num(parts) != 2) ) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } /* Parse the signature piece */ - p7in = sk_BIO_value(parts, 1); + asnin = sk_BIO_value(parts, 1); - if (!(headers = mime_parse_hdr(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); + if (!(headers = mime_parse_hdr(asnin))) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -329,39 +414,39 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); return NULL; } if(strcmp(hdr->value, "application/x-pkcs7-signature") && strcmp(hdr->value, "application/pkcs7-signature")) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); ERR_add_error_data(2, "type: ", hdr->value); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in PKCS#7 */ - if(!(p7 = B64_read_PKCS7(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); + /* Read in ASN1 */ + if(!(val = b64_read_asn1(asnin, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } if(bcont) { *bcont = sk_BIO_value(parts, 0); - BIO_free(p7in); + BIO_free(asnin); sk_BIO_free(parts); } else sk_BIO_pop_free(parts, BIO_vfree); - return p7; + return val; } /* OK, if not multipart/signed try opaque signature */ if (strcmp (hdr->value, "application/x-pkcs7-mime") && strcmp (hdr->value, "application/pkcs7-mime")) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE); ERR_add_error_data(2, "type: ", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return NULL; @@ -369,33 +454,49 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if(!(p7 = B64_read_PKCS7(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); + if(!(val = b64_read_asn1(bio, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); return NULL; } - return p7; + return val; } /* Copy text from one BIO to another making the output CRLF at EOL */ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) { + BIO *bf; char eol; int len; char linebuf[MAX_SMLEN]; - if(flags & PKCS7_BINARY) { + /* Buffer output so we don't write one line at a time. This is + * useful when streaming as we don't end up with one OCTET STRING + * per line. + */ + bf = BIO_new(BIO_f_buffer()); + if (!bf) + return 0; + out = BIO_push(bf, out); + if(flags & SMIME_BINARY) + { while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) BIO_write(out, linebuf, len); - return 1; - } - if(flags & PKCS7_TEXT) - BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = strip_eol(linebuf, &len); - if (len) - BIO_write(out, linebuf, len); - if(eol) BIO_write(out, "\r\n", 2); - } + } + else + { + if(flags & SMIME_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) + { + eol = strip_eol(linebuf, &len); + if (len) + BIO_write(out, linebuf, len); + if(eol) BIO_write(out, "\r\n", 2); + } + } + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(bf); return 1; } @@ -408,16 +509,16 @@ int SMIME_text(BIO *in, BIO *out) MIME_HEADER *hdr; if (!(headers = mime_parse_hdr(in))) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR); return 0; } if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; } if (strcmp (hdr->value, "text/plain")) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE); ERR_add_error_data(2, "type: ", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; diff --git a/crypto/openssl-0.9/crypto/asn1/t_x509.c b/crypto/openssl-0.9/crypto/asn1/t_x509.c index fe2ea4046d..eb776b7b3b 100644 --- a/crypto/openssl-0.9/crypto/asn1/t_x509.c +++ b/crypto/openssl-0.9/crypto/asn1/t_x509.c @@ -449,13 +449,13 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) l=80-2-obase; - b=s=X509_NAME_oneline(name,NULL,0); - if (!*s) + b=X509_NAME_oneline(name,NULL,0); + if (!*b) { OPENSSL_free(b); return 1; } - s++; /* skip the first slash */ + s=b+1; /* skip the first slash */ c=s; for (;;) @@ -480,8 +480,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { i=s-c; if (BIO_write(bp,c,i) != i) goto err; - c+=i; - c++; + c=s+1; /* skip following slash */ if (*s != '\0') { if (BIO_write(bp,", ",2) != 2) goto err; diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_dec.c b/crypto/openssl-0.9/crypto/asn1/tasn_dec.c index c4a3abe4f6..0ee406231e 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_dec.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_dec.c @@ -944,7 +944,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); opval = pval; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; } switch(utype) { diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c index ed892e2cb2..be19b36acd 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c @@ -597,7 +597,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, typ = (ASN1_TYPE *)*pval; utype = typ->type; *putype = utype; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; } else utype = *putype; diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_fre.c b/crypto/openssl-0.9/crypto/asn1/tasn_fre.c index b68b66a23b..bb7c1e2af4 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_fre.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_fre.c @@ -115,8 +115,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c return; } i = asn1_get_choice_selector(pval, it); - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_PRE, pval, it); if ((i >= 0) && (i < it->tcount)) { ASN1_VALUE **pchval; @@ -221,7 +219,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; utype = typ->type; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; if (!*pval) return; } diff --git a/crypto/openssl-0.9/crypto/asn1/x_algor.c b/crypto/openssl-0.9/crypto/asn1/x_algor.c index 00b9ea54a1..33533aba86 100644 --- a/crypto/openssl-0.9/crypto/asn1/x_algor.c +++ b/crypto/openssl-0.9/crypto/asn1/x_algor.c @@ -66,8 +66,65 @@ ASN1_SEQUENCE(X509_ALGOR) = { ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) } ASN1_SEQUENCE_END(X509_ALGOR) +ASN1_ITEM_TEMPLATE(X509_ALGORS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) +ASN1_ITEM_TEMPLATE_END(X509_ALGORS) + IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) IMPLEMENT_STACK_OF(X509_ALGOR) IMPLEMENT_ASN1_SET_OF(X509_ALGOR) + +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) + { + if (!alg) + return 0; + if (ptype != V_ASN1_UNDEF) + { + if (alg->parameter == NULL) + alg->parameter = ASN1_TYPE_new(); + if (alg->parameter == NULL) + return 0; + } + if (alg) + { + if (alg->algorithm) + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + } + if (ptype == 0) + return 1; + if (ptype == V_ASN1_UNDEF) + { + if (alg->parameter) + { + ASN1_TYPE_free(alg->parameter); + alg->parameter = NULL; + } + } + else + ASN1_TYPE_set(alg->parameter, ptype, pval); + return 1; + } + +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor) + { + if (paobj) + *paobj = algor->algorithm; + if (pptype) + { + if (algor->parameter == NULL) + { + *pptype = V_ASN1_UNDEF; + return; + } + else + *pptype = algor->parameter->type; + if (ppval) + *ppval = algor->parameter->value.ptr; + } + } + diff --git a/crypto/openssl-0.9/crypto/asn1/x_exten.c b/crypto/openssl-0.9/crypto/asn1/x_exten.c index 702421b6c8..1732e66712 100644 --- a/crypto/openssl-0.9/crypto/asn1/x_exten.c +++ b/crypto/openssl-0.9/crypto/asn1/x_exten.c @@ -67,5 +67,10 @@ ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_EXTENSION) +ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) +ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) + IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) diff --git a/crypto/openssl-0.9/crypto/bio/b_sock.c b/crypto/openssl-0.9/crypto/bio/b_sock.c index cd78de1e87..ead477d8a2 100644 --- a/crypto/openssl-0.9/crypto/bio/b_sock.c +++ b/crypto/openssl-0.9/crypto/bio/b_sock.c @@ -63,7 +63,11 @@ #include "cryptlib.h" #include #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) -#include "netdb.h" +#include +#if defined(NETWARE_CLIB) +#include +NETDB_DEFINE_CONTEXT +#endif #endif #ifndef OPENSSL_NO_SOCK @@ -178,11 +182,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr) /* Note: under VMS with SOCKETSHR, it seems like the first * parameter is 'char *', instead of 'const char *' */ - s=getservbyname( #ifndef CONST_STRICT - (char *) + s=getservbyname((char *)str,"tcp"); +#else + s=getservbyname(str,"tcp"); #endif - str,"tcp"); if(s != NULL) *port_ptr=ntohs((unsigned short)s->s_port); CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); @@ -360,7 +364,11 @@ struct hostent *BIO_gethostbyname(const char *name) #if 1 /* Caching gethostbyname() results forever is wrong, * so we have to let the true gethostbyname() worry about this */ +#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) + return gethostbyname((char*)name); +#else return gethostbyname(name); +#endif #else struct hostent *ret; int i,lowi=0,j; @@ -400,11 +408,11 @@ struct hostent *BIO_gethostbyname(const char *name) /* Note: under VMS with SOCKETSHR, it seems like the first * parameter is 'char *', instead of 'const char *' */ - ret=gethostbyname( # ifndef CONST_STRICT - (char *) + ret=gethostbyname((char *)name); +# else + ret=gethostbyname(name); # endif - name); if (ret == NULL) goto end; diff --git a/crypto/openssl-0.9/crypto/bio/bio.h b/crypto/openssl-0.9/crypto/bio/bio.h index 0362bb90ca..cecb6a7207 100644 --- a/crypto/openssl-0.9/crypto/bio/bio.h +++ b/crypto/openssl-0.9/crypto/bio/bio.h @@ -95,6 +95,7 @@ extern "C" { #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ #define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#define BIO_TYPE_COMP (23|0x0200) /* filter */ #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ #define BIO_TYPE_FILTER 0x0200 diff --git a/crypto/openssl-0.9/crypto/bio/bss_dgram.c b/crypto/openssl-0.9/crypto/bio/bss_dgram.c index a0cb29b3dc..ea2c3fff63 100644 --- a/crypto/openssl-0.9/crypto/bio/bss_dgram.c +++ b/crypto/openssl-0.9/crypto/bio/bss_dgram.c @@ -208,9 +208,13 @@ static int dgram_write(BIO *b, const char *in, int inl) clear_socket_error(); if ( data->connected ) - ret=send(b->num,in,inl,0); + ret=writesocket(b->num,in,inl); else +#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) + ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer)); +#else ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); +#endif BIO_clear_retry_flags(b); if (ret <= 0) diff --git a/crypto/openssl-0.9/crypto/bio/bss_file.c b/crypto/openssl-0.9/crypto/bio/bss_file.c index b277367da3..4df9927c43 100644 --- a/crypto/openssl-0.9/crypto/bio/bss_file.c +++ b/crypto/openssl-0.9/crypto/bio/bss_file.c @@ -89,6 +89,10 @@ #include "bio_lcl.h" #include +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +#include +#endif + #if !defined(OPENSSL_NO_STDIO) static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); @@ -285,9 +289,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) /* Under CLib there are differences in file modes */ if (num & BIO_FP_TEXT) - _setmode(fd,O_TEXT); + setmode(fd,O_TEXT); else - _setmode(fd,O_BINARY); + setmode(fd,O_BINARY); #elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ diff --git a/crypto/openssl-0.9/crypto/bn/bn.h b/crypto/openssl-0.9/crypto/bn/bn.h index df6eea29a7..6d754d5547 100644 --- a/crypto/openssl-0.9/crypto/bn/bn.h +++ b/crypto/openssl-0.9/crypto/bn/bn.h @@ -303,7 +303,12 @@ struct bn_mont_ctx_st BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ +#if 0 + /* OpenSSL 0.9.9 preview: */ + BN_ULONG n0[2];/* least significant word(s) of Ni */ +#else BN_ULONG n0; /* least significant word of Ni */ +#endif int flags; }; diff --git a/crypto/openssl-0.9/crypto/bn/bn_lcl.h b/crypto/openssl-0.9/crypto/bn/bn_lcl.h index ad4ca7ff30..27ac4397a1 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_lcl.h +++ b/crypto/openssl-0.9/crypto/bn/bn_lcl.h @@ -481,6 +481,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); #ifdef __cplusplus } diff --git a/crypto/openssl-0.9/crypto/bn/bn_mont.c b/crypto/openssl-0.9/crypto/bn/bn_mont.c index b5d35d10be..4799b152dd 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_mont.c +++ b/crypto/openssl-0.9/crypto/bn/bn_mont.c @@ -122,11 +122,50 @@ #define MONT_WORD /* use the faster word-based algorithm */ +#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +/* This condition means we have a specific non-default build: + * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any + * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. + * I.e., if we are here, the user intentionally deviates from the + * normal stable build to get better Montgomery performance from + * the 0.9.9-dev backport. + * + * In this case only, we also enable BN_from_montgomery_word() + * (another non-stable feature from 0.9.9-dev). + */ +#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#endif + +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +#endif + + + int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret=0; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) + int num = mont->N.top; + + if (num>1 && a->top==num && b->top==num) + { + if (bn_wexpand(r,num) == NULL) return(0); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) +#else + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) +#endif + { + r->neg = a->neg^b->neg; + r->top = num; + bn_correct_top(r); + return(1); + } + } +#endif BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); @@ -142,7 +181,11 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (!BN_mul(tmp,a,b,ctx)) goto err; } /* reduce from aRR to aR */ +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + if (!BN_from_montgomery_word(r,tmp,mont)) goto err; +#else if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; +#endif bn_check_top(r); ret=1; err: @@ -150,6 +193,150 @@ err: return(ret); } +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + { + BIGNUM *n; + BN_ULONG *ap,*np,*rp,n0,v,*nrp; + int al,nl,max,i,x,ri; + + n= &(mont->N); + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ + al=ri=mont->ri/BN_BITS2; + + nl=n->top; + if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } + + max=(nl+al+1); /* allow for overflow (no?) XXX */ + if (bn_wexpand(r,max) == NULL) return(0); + + r->neg^=n->neg; + np=n->d; + rp=r->d; + nrp= &(r->d[nl]); + + /* clear the top words of T */ + for (i=r->top; id[i]=0; + + r->top=max; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + n0=mont->n0[0]; +#else + n0=mont->n0; +#endif + +#ifdef BN_COUNT + fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); +#endif + for (i=0; i= v) + continue; + else + { + if (((++nrp[0])&BN_MASK2) != 0) continue; + if (((++nrp[1])&BN_MASK2) != 0) continue; + for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; + } + } + bn_correct_top(r); + + /* mont->ri will be a multiple of the word size and below code + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ + if (r->top <= ri) + { + ret->top=0; + return(1); + } + al=r->top-ri; + + if (bn_wexpand(ret,ri) == NULL) return(0); + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); + + { + size_t m1,m2; + + v=bn_sub_words(rp,ap,np,ri); + /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ + /* in other words if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ + m1|=m2; /* (al!=ri) */ + m1|=(0-(size_t)v); /* (al!=ri || v) */ + m1&=~m2; /* (al!=ri || v) && !al>ri */ + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + } + + /* 'iRR)); BN_init(&(ctx->N)); BN_init(&(ctx->Ni)); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + ctx->n0[0] = ctx->n0[1] = 0; +#else + ctx->n0 = 0; +#endif ctx->flags=0; } @@ -394,14 +587,51 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; BN_zero(R); +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", + only certain BN_BITS2<=32 platforms actually need this */ + if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ +#else if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ +#endif buf[0]=mod->d[0]; /* tmod = N mod word size */ buf[1]=0; + + BN_init(&tmod); tmod.d=buf; tmod.top = buf[0] != 0 ? 1 : 0; tmod.dmax=2; tmod.neg=0; + +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; + only certain BN_BITS2<=32 platforms actually need this */ + tmod.top=0; + if ((buf[0] = mod->d[0])) tmod.top=1; + if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; + + if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) + goto err; + if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) + { + if (!BN_sub_word(Ri,1)) goto err; + } + else /* if N mod word size == 1 */ + { + if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) + goto err; + /* Ri-- (mod double word size) */ + Ri->neg=0; + Ri->d[0]=BN_MASK2; + Ri->d[1]=BN_MASK2; + Ri->top=2; + } + if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; + /* Ni = (R*Ri-1)/N, + * keep only couple of least significant words: */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; +#else /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) goto err; @@ -417,7 +647,13 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; /* Ni = (R*Ri-1)/N, * keep only least significant word: */ +# if 0 /* for OpenSSL 0.9.9 mont->n0 */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = 0; +# else mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; +# endif +#endif } #else /* !MONT_WORD */ { /* bignum version */ @@ -453,7 +689,12 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) if (!BN_copy(&(to->N),&(from->N))) return NULL; if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; to->ri=from->ri; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + to->n0[0]=from->n0[0]; + to->n0[1]=from->n0[1]; +#else to->n0=from->n0; +#endif return(to); } diff --git a/crypto/openssl-0.9/crypto/bn/bn_mul.c b/crypto/openssl-0.9/crypto/bn/bn_mul.c index 312b467645..b848c8cc60 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_mul.c +++ b/crypto/openssl-0.9/crypto/bn/bn_mul.c @@ -389,6 +389,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ +/* dnX may not be positive, but n2/2+dnX has to be */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna, int dnb, BN_ULONG *t) { @@ -398,7 +399,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); # endif # ifdef BN_MUL_COMBA # if 0 @@ -545,6 +546,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* n+tn is the word length * t needs to be n*4 is size, as does r */ +/* tnX may not be negative but less than n */ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { @@ -553,8 +555,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", - tna, n, tnb, n); + fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", + n, tna, n, tnb); # endif if (n < 8) { @@ -655,16 +657,19 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, for (;;) { i/=2; - if (i <= tna && tna == tnb) + /* these simplified conditions work + * exclusively because difference + * between tna and tnb is 1 or 0 */ + if (i < tna || i < tnb) { - bn_mul_recursive(&(r[n2]), + bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), i,tna-i,tnb-i,p); break; } - else if (i < tna || i < tnb) + else if (i == tna || i == tnb) { - bn_mul_part_recursive(&(r[n2]), + bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), i,tna-i,tnb-i,p); break; diff --git a/crypto/openssl-0.9/crypto/bn/bn_nist.c b/crypto/openssl-0.9/crypto/bn/bn_nist.c index f8e306bb82..e14232fdbb 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_nist.c +++ b/crypto/openssl-0.9/crypto/bn/bn_nist.c @@ -99,41 +99,6 @@ static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; -#elif BN_BITS2 == 16 -static const BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000, - 0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF, - 0xFFFF}; -static const BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000, - 0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF}; -#elif BN_BITS2 == 8 -static const BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF}; -static const BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0x01}; #endif const BIGNUM *BN_get0_nist_prime_192(void) @@ -171,18 +136,7 @@ const BIGNUM *BN_get0_nist_prime_521(void) return &const_nist_521; } -/* some misc internal functions */ -#if BN_BITS2 != 64 -static BN_ULONG _256_data[BN_NIST_256_TOP*6]; -static int _is_set_256_data = 0; -static void _init_256_data(void); - -static BN_ULONG _384_data[BN_NIST_384_TOP*8]; -static int _is_set_384_data = 0; -static void _init_384_data(void); -#endif - -#define BN_NIST_ADD_ONE(a) while (!(++(*(a)))) ++(a); +#define BN_NIST_ADD_ONE(a) while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a); static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) { @@ -203,10 +157,10 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) } #if BN_BITS2 == 64 -#define bn_cp_64(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; /* TBD */ -#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; #else #define bn_cp_64(to, n, from, m) \ @@ -220,26 +174,8 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) bn_32_set_0(to, (n)*2+1); \ } #if BN_BITS2 == 32 -#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -#elif BN_BITS2 == 16 -#define bn_cp_32(to, n, from, m) \ - { \ - (to)[(n)*2] = (from)[(m)*2]; \ - (to)[(n)*2+1] = (from)[(m)*2+1];\ - } -#define bn_32_set_0(to, n) { (to)[(n)*2] = 0; (to)[(n)*2+1] = 0; } -#elif BN_BITS2 == 8 -#define bn_cp_32(to, n, from, m) \ - { \ - (to)[(n)*4] = (from)[(m)*4]; \ - (to)[(n)*4+1] = (from)[(m)*4+1];\ - (to)[(n)*4+2] = (from)[(m)*4+2];\ - (to)[(n)*4+3] = (from)[(m)*4+3];\ - } -#define bn_32_set_0(to, n) \ - { (to)[(n)*4] = (BN_ULONG)0; (to)[(n)*4+1] = (BN_ULONG)0; \ - (to)[(n)*4+2] = (BN_ULONG)0; (to)[(n)*4+3] = (BN_ULONG)0; } #endif #endif /* BN_BITS2 != 64 */ @@ -255,10 +191,13 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { int top = a->top, i; - BN_ULONG carry = 0; + int carry; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_192_TOP], - buf[BN_NIST_192_TOP]; + buf[BN_NIST_192_TOP], + c_d[BN_NIST_192_TOP], + *res; + size_t mask; i = BN_ucmp(field, a); if (i == 0) @@ -284,41 +223,28 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma message save -# pragma message disable BADSUBSCRIPT -#endif - nist_set_192(t_d, buf, 0, 3, 3); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; - + carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_192(t_d, buf, 4, 4, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; - -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma message restore -#endif + carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); nist_set_192(t_d, buf, 5, 5, 5) - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - while (carry) - { - if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP)) - --carry; - } + nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) - { - bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); - bn_correct_top(r); - } - bn_check_top(r); return 1; } @@ -336,12 +262,15 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int top = a->top, i; - int carry = 0; + int carry; BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_224_TOP], - buf[BN_NIST_224_TOP]; + buf[BN_NIST_224_TOP], + c_d[BN_NIST_224_TOP], + *res; + size_t mask; i = BN_ucmp(field, a); if (i == 0) @@ -368,65 +297,48 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - ++carry; + carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); + bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP)) + bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#endif nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - --carry; - - if (carry > 0) - while (carry) - { - if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) - --carry; - } - else if (carry < 0) - while (carry) - { - if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) - ++carry; - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); + bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#endif r->top = BN_NIST_224_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) - { - bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); - bn_correct_top(r); - } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } -#if BN_BITS2 != 64 -static void _init_256_data(void) - { - int i; - BN_ULONG *tmp1 = _256_data; - const BN_ULONG *tmp2 = tmp1; - - memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG)); - tmp1 += BN_NIST_256_TOP; - - for (i=0; i<5; i++) - { - bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP); - tmp2 = tmp1; - tmp1 += BN_NIST_256_TOP; - } - _is_set_256_data = 1; - } -#endif - #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ { \ if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ @@ -442,24 +354,16 @@ static void _init_256_data(void) int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; BN_ULONG t_d[BN_NIST_256_TOP], - t_d2[BN_NIST_256_TOP], - buf[BN_NIST_256_TOP]; + buf[BN_NIST_256_TOP], + c_d[BN_NIST_256_TOP], + *res; + size_t mask; - if (!_is_set_256_data) - { - CRYPTO_w_lock(CRYPTO_LOCK_BN); - - if (!_is_set_256_data) - _init_256_data(); - - CRYPTO_w_unlock(CRYPTO_LOCK_BN); - } - i = BN_ucmp(field, a); if (i == 0) { @@ -487,98 +391,91 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /*S1*/ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(t_d2,buf, 0, 15, 14, 13, 12, 0, 0, 0); - if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP)) - carry = 2; - /* left shift */ - { - register BN_ULONG *ap,t,c; - ap = t_d; - c=0; - for (i = BN_NIST_256_TOP; i != 0; --i) - { - t= *ap; - *(ap++)=((t<<1)|c)&BN_MASK2; - c=(t & BN_TBIT)?1:0; - } - if (c) - ++carry; - } + nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0); + carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); + + carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); + + carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; /*S3*/ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S4*/ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*D1*/ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP)) + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D2*/ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D3*/ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D4*/ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; - - if (carry) - { - if (carry > 0) - bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP * - --carry, BN_NIST_256_TOP); - else - { - carry = -carry; - bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP * - --carry, BN_NIST_256_TOP); - } - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif r->top = BN_NIST_256_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) - { - bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); - bn_correct_top(r); - } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } -#if BN_BITS2 != 64 -static void _init_384_data(void) - { - int i; - BN_ULONG *tmp1 = _384_data; - const BN_ULONG *tmp2 = tmp1; - - memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG)); - tmp1 += BN_NIST_384_TOP; - - for (i=0; i<7; i++) - { - bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP); - tmp2 = tmp1; - tmp1 += BN_NIST_384_TOP; - } - _is_set_384_data = 1; - } -#endif - #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ { \ if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ @@ -598,22 +495,15 @@ static void _init_384_data(void) int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_384_TOP], - buf[BN_NIST_384_TOP]; - - if (!_is_set_384_data) - { - CRYPTO_w_lock(CRYPTO_LOCK_BN); - - if (!_is_set_384_data) - _init_384_data(); - - CRYPTO_w_unlock(CRYPTO_LOCK_BN); - } + buf[BN_NIST_384_TOP], + c_d[BN_NIST_384_TOP], + *res; + size_t mask; i = BN_ucmp(field, a); if (i == 0) @@ -646,72 +536,103 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, register BN_ULONG *ap,t,c; ap = t_d; c=0; - for (i = BN_NIST_256_TOP; i != 0; --i) + for (i = 3; i != 0; --i) { t= *ap; *(ap++)=((t<<1)|c)&BN_MASK2; c=(t & BN_TBIT)?1:0; } + *ap=c; } - if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), - t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + t_d, BN_NIST_256_TOP); + /* + * we need if (result>=modulus) subtract(result,modulus); + * in n-bit space this can be expressed as + * if (carry || result>=modulus) subtract(result,modulus); + * the catch is that comparison implies subtraction and + * therefore one can write tmp=subtract(result,modulus); + * and then if(carry || !borrow) result=tmp; this's what + * happens below, but without explicit if:-) a. + */ + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S2 */ - if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S5*/ - nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4); - if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), - t_d, BN_NIST_256_TOP)) - ++carry; + nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP)) + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; - - if (carry) - { - if (carry > 0) - bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP * - --carry, BN_NIST_384_TOP); - else - { - carry = -carry; - bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP * - --carry, BN_NIST_384_TOP); - } - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif r->top = BN_NIST_384_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) - { - bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); - bn_correct_top(r); - } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } @@ -723,10 +644,6 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #elif BN_BITS2 == 32 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 16 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 8 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1 #endif int top, ret = 0; BN_ULONG *r_d; @@ -762,7 +679,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) { BN_NIST_ADD_ONE(r_d) - r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + r->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; } bn_correct_top(r); diff --git a/crypto/openssl-0.9/crypto/cms/Makefile b/crypto/openssl-0.9/crypto/cms/Makefile new file mode 100644 index 0000000000..e39c310b6c --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/Makefile @@ -0,0 +1,183 @@ +# +# OpenSSL/crypto/cms/Makefile +# + +DIR= cms +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \ + cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c +LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \ + cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o + +SRC= $(LIBSRC) + +EXHEADER= cms.h +HEADER= cms_lcl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +test: + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_asn1.o: ../../include/openssl/opensslconf.h +cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_asn1.o: cms.h cms_asn1.c cms_lcl.h +cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_att.o: cms.h cms_att.c cms_lcl.h +cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_err.o: cms_err.c +cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h +cms_io.o: cms_io.c cms_lcl.h +cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h +cms_lib.o: cms_lcl.h cms_lib.c +cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c +cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h +cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_smime.o: ../../include/openssl/objects.h +cms_smime.o: ../../include/openssl/opensslconf.h +cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c diff --git a/crypto/openssl-0.9/crypto/cms/cms.h b/crypto/openssl-0.9/crypto/cms/cms.h new file mode 100644 index 0000000000..25f88745f2 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms.h @@ -0,0 +1,473 @@ +/* crypto/cms/cms.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMS_H +#define HEADER_CMS_H + +#include + +#ifdef OPENSSL_NO_CMS +#error CMS is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(GENERAL_NAMES) +DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +#ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +#endif + +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, + unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, + unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +#ifdef HEADER_X509V3_H + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); + +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMS_strings(void); + +/* Error codes for the CMS functions. */ + +/* Function codes. */ +#define CMS_F_CHECK_CONTENT 99 +#define CMS_F_CMS_ADD0_CERT 164 +#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +#define CMS_F_CMS_ADD1_SIGNER 102 +#define CMS_F_CMS_ADD1_SIGNINGTIME 103 +#define CMS_F_CMS_COMPRESS 104 +#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +#define CMS_F_CMS_COPY_CONTENT 107 +#define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +#define CMS_F_CMS_DATA 109 +#define CMS_F_CMS_DATAFINAL 110 +#define CMS_F_CMS_DATAINIT 111 +#define CMS_F_CMS_DECRYPT 112 +#define CMS_F_CMS_DECRYPT_SET1_KEY 113 +#define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +#define CMS_F_CMS_DIGEST_VERIFY 118 +#define CMS_F_CMS_ENCODE_RECEIPT 161 +#define CMS_F_CMS_ENCRYPT 119 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +#define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +#define CMS_F_CMS_FINAL 127 +#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +#define CMS_F_CMS_GET0_CONTENT 129 +#define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +#define CMS_F_CMS_GET0_ENVELOPED 131 +#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +#define CMS_F_CMS_GET0_SIGNED 133 +#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +#define CMS_F_CMS_RECEIPT_VERIFY 160 +#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +#define CMS_F_CMS_SET_DETACHED 147 +#define CMS_F_CMS_SIGN 148 +#define CMS_F_CMS_SIGNED_DATA_INIT 149 +#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +#define CMS_F_CMS_SIGNERINFO_SIGN 151 +#define CMS_F_CMS_SIGNERINFO_VERIFY 152 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +#define CMS_F_CMS_SIGN_RECEIPT 163 +#define CMS_F_CMS_STREAM 155 +#define CMS_F_CMS_UNCOMPRESS 156 +#define CMS_F_CMS_VERIFY 157 + +/* Reason codes. */ +#define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +#define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +#define CMS_R_CIPHER_INITIALISATION_ERROR 101 +#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +#define CMS_R_CMS_DATAFINAL_ERROR 103 +#define CMS_R_CMS_LIB 104 +#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +#define CMS_R_CONTENT_NOT_FOUND 105 +#define CMS_R_CONTENT_TYPE_MISMATCH 171 +#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +#define CMS_R_CONTENT_VERIFY_ERROR 109 +#define CMS_R_CTRL_ERROR 110 +#define CMS_R_CTRL_FAILURE 111 +#define CMS_R_DECRYPT_ERROR 112 +#define CMS_R_DIGEST_ERROR 161 +#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +#define CMS_R_ERROR_SETTING_KEY 115 +#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +#define CMS_R_INVALID_KEY_LENGTH 118 +#define CMS_R_MD_BIO_INIT_ERROR 119 +#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +#define CMS_R_MSGSIGDIGEST_ERROR 172 +#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +#define CMS_R_NEED_ONE_SIGNER 164 +#define CMS_R_NOT_A_SIGNED_RECEIPT 165 +#define CMS_R_NOT_ENCRYPTED_DATA 122 +#define CMS_R_NOT_KEK 123 +#define CMS_R_NOT_KEY_TRANSPORT 124 +#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +#define CMS_R_NO_CIPHER 126 +#define CMS_R_NO_CONTENT 127 +#define CMS_R_NO_CONTENT_TYPE 173 +#define CMS_R_NO_DEFAULT_DIGEST 128 +#define CMS_R_NO_DIGEST_SET 129 +#define CMS_R_NO_KEY 130 +#define CMS_R_NO_KEY_OR_CERT 174 +#define CMS_R_NO_MATCHING_DIGEST 131 +#define CMS_R_NO_MATCHING_RECIPIENT 132 +#define CMS_R_NO_MATCHING_SIGNATURE 166 +#define CMS_R_NO_MSGSIGDIGEST 167 +#define CMS_R_NO_PRIVATE_KEY 133 +#define CMS_R_NO_PUBLIC_KEY 134 +#define CMS_R_NO_RECEIPT_REQUEST 168 +#define CMS_R_NO_SIGNERS 135 +#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +#define CMS_R_RECEIPT_DECODE_ERROR 169 +#define CMS_R_RECIPIENT_ERROR 137 +#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +#define CMS_R_SIGNFINAL_ERROR 139 +#define CMS_R_SMIME_TEXT_ERROR 140 +#define CMS_R_STORE_INIT_ERROR 141 +#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +#define CMS_R_TYPE_NOT_DATA 143 +#define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +#define CMS_R_UNKNOWN_CIPHER 148 +#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 +#define CMS_R_UNKNOWN_ID 150 +#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 +#define CMS_R_UNSUPPORTED_TYPE 156 +#define CMS_R_UNWRAP_ERROR 157 +#define CMS_R_VERIFICATION_FAILURE 158 +#define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/openssl-0.9/crypto/cms/cms_asn1.c b/crypto/openssl-0.9/crypto/cms/cms_asn1.c new file mode 100644 index 0000000000..7664921861 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_asn1.c @@ -0,0 +1,346 @@ +/* crypto/cms/cms_asn1.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + + +ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) +} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber) + +ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { + ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) + +ASN1_CHOICE(CMS_CertificateChoices) = { + ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), + ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), + ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), + ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), + ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) +} ASN1_CHOICE_END(CMS_CertificateChoices) + +ASN1_CHOICE(CMS_SignerIdentifier) = { + ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) +} ASN1_CHOICE_END(CMS_SignerIdentifier) + +ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { + ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), + ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) +} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) + +/* Minor tweak to operation: free up signer key, cert */ +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { + if(operation == ASN1_OP_FREE_POST) + { + CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; + if (si->pkey) + EVP_PKEY_free(si->pkey); + if (si->signer) + X509_free(si->signer); + } + return 1; + } + +ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { + ASN1_SIMPLE(CMS_SignerInfo, version, LONG), + ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), + ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) +} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo) + +ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { + ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) + +ASN1_CHOICE(CMS_RevocationInfoChoice) = { + ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), + ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) +} ASN1_CHOICE_END(CMS_RevocationInfoChoice) + +ASN1_NDEF_SEQUENCE(CMS_SignedData) = { + ASN1_SIMPLE(CMS_SignedData, version, LONG), + ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), + ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), + ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) +} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) + +ASN1_SEQUENCE(CMS_OriginatorInfo) = { + ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) +} ASN1_SEQUENCE_END(CMS_OriginatorInfo) + +ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), + ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) +} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) + +ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo) + +ASN1_SEQUENCE(CMS_OtherKeyAttribute) = { + ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), + ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute) + +ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { + ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) +} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) + +ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { + ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) +} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) + +ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { + ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), + ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey) + +ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { + ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) + +ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { + ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) +} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) + +ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = { + ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG), + ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), + ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), + ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) +} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo) + +ASN1_SEQUENCE(CMS_KEKIdentifier) = { + ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) +} ASN1_SEQUENCE_END(CMS_KEKIdentifier) + +ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { + ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG), + ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), + ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) + +ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { + ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG), + ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) + +ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { + ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) + +/* Free up RecipientInfo additional data */ +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { + if(operation == ASN1_OP_FREE_PRE) + { + CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; + if (ri->type == CMS_RECIPINFO_TRANS) + { + CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + if (ktri->pkey) + EVP_PKEY_free(ktri->pkey); + if (ktri->recip) + X509_free(ktri->recip); + } + else if (ri->type == CMS_RECIPINFO_KEK) + { + CMS_KEKRecipientInfo *kekri = ri->d.kekri; + if (kekri->key) + { + OPENSSL_cleanse(kekri->key, kekri->keylen); + OPENSSL_free(kekri->key); + } + } + } + return 1; + } + +ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { + ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), + ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), + ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), + ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), + ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) +} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) + +ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { + ASN1_SIMPLE(CMS_EnvelopedData, version, LONG), + ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) +} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) + +ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { + ASN1_SIMPLE(CMS_DigestedData, version, LONG), + ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) +} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) + +ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { + ASN1_SIMPLE(CMS_EncryptedData, version, LONG), + ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) +} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) + +ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { + ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG), + ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), + ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), + ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), + ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) +} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) + +ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { + ASN1_SIMPLE(CMS_CompressedData, version, LONG), + ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), +} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) + +/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ + +ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0); + +ASN1_ADB(CMS_ContentInfo) = { + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), + ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), + ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), +} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); + +ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = { + ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), + ASN1_ADB_OBJECT(CMS_ContentInfo) +} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo) + +/* Specials for signed attributes */ + +/* When signing attributes we want to reorder them to match the sorted + * encoding. + */ + +ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) + +/* When verifying attributes we need to use the received order. So + * we use SEQUENCE OF and tag it to SET OF + */ + +ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) + + + +ASN1_CHOICE(CMS_ReceiptsFrom) = { + ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), + ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) +} ASN1_CHOICE_END(CMS_ReceiptsFrom) + +ASN1_SEQUENCE(CMS_ReceiptRequest) = { + ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), + ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) +} ASN1_SEQUENCE_END(CMS_ReceiptRequest) + +ASN1_SEQUENCE(CMS_Receipt) = { + ASN1_SIMPLE(CMS_Receipt, version, LONG), + ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_Receipt) + diff --git a/crypto/openssl-0.9/crypto/cms/cms_att.c b/crypto/openssl-0.9/crypto/cms/cms_att.c new file mode 100644 index 0000000000..5b71722ebc --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_att.c @@ -0,0 +1,195 @@ +/* crypto/cms/cms_att.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +/* CMS SignedData Attribute utilities */ + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si) +{ + return X509at_get_attr_count(si->signedAttrs); +} + +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); +} + +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); +} + +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) +{ + return X509at_get_attr(si->signedAttrs, loc); +} + +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) +{ + return X509at_delete_attr(si->signedAttrs, loc); +} + +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&si->signedAttrs, attr)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, + type, bytes, len)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&si->signedAttrs, nid, + type, bytes, len)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname, + type, bytes, len)) return 1; + return 0; +} + +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type) +{ + return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); +} + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) +{ + return X509at_get_attr_count(si->unsignedAttrs); +} + +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); +} + +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); +} + +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) +{ + return X509at_get_attr(si->unsignedAttrs, loc); +} + +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) +{ + return X509at_delete_attr(si->unsignedAttrs, loc); +} + +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, + type, bytes, len)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, + type, bytes, len)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, + type, bytes, len)) return 1; + return 0; +} + +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type) +{ + return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); +} + +/* Specific attribute cases */ diff --git a/crypto/openssl-0.9/crypto/comp/comp_err.c b/crypto/openssl-0.9/crypto/cms/cms_cd.c similarity index 56% copy from crypto/openssl-0.9/crypto/comp/comp_err.c copy to crypto/openssl-0.9/crypto/cms/cms_cd.c index 07372226c9..a5fc2c4e2b 100644 --- a/crypto/openssl-0.9/crypto/comp/comp_err.c +++ b/crypto/openssl-0.9/crypto/cms/cms_cd.c @@ -1,6 +1,9 @@ -/* crypto/comp/comp_err.c */ +/* crypto/cms/cms_cd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -22,7 +25,7 @@ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. + * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written @@ -46,48 +49,86 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include +#include "cryptlib.h" +#include +#include +#include #include +#include +#include #include +#include "cms_lcl.h" -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR +DECLARE_ASN1_ITEM(CMS_CompressedData) -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) +#ifdef ZLIB -static ERR_STRING_DATA COMP_str_functs[]= - { -{0,NULL} - }; +/* CMS CompressedData Utilities */ -static ERR_STRING_DATA COMP_str_reasons[]= +CMS_ContentInfo *cms_CompressedData_create(int comp_nid) { -{0,NULL} - }; + CMS_ContentInfo *cms; + CMS_CompressedData *cd; + /* Will need something cleverer if there is ever more than one + * compression algorithm or parameters have some meaning... + */ + if (comp_nid != NID_zlib_compression) + { + CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE, + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; -#endif + cd = M_ASN1_new_of(CMS_CompressedData); -void ERR_load_COMP_strings(void) - { -#ifndef OPENSSL_NO_ERR + if (!cd) + goto err; + + cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData); + cms->d.compressedData = cd; + + cd->version = 0; + + X509_ALGOR_set0(cd->compressionAlgorithm, + OBJ_nid2obj(NID_zlib_compression), + V_ASN1_UNDEF, NULL); - if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) + cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); + + return cms; + + err: + + if (cms) + CMS_ContentInfo_free(cms); + + return NULL; + } + +BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) + { + CMS_CompressedData *cd; + ASN1_OBJECT *compoid; + if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) { - ERR_load_strings(0,COMP_str_functs); - ERR_load_strings(0,COMP_str_reasons); + CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, + CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); + return NULL; } -#endif + cd = cms->d.compressedData; + X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); + if (OBJ_obj2nid(compoid) != NID_zlib_compression) + { + CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + return BIO_new(BIO_f_zlib()); } + +#endif diff --git a/crypto/openssl-0.9/crypto/asn1/x_algor.c b/crypto/openssl-0.9/crypto/cms/cms_dd.c similarity index 55% copy from crypto/openssl-0.9/crypto/asn1/x_algor.c copy to crypto/openssl-0.9/crypto/cms/cms_dd.c index 00b9ea54a1..8919c15be1 100644 --- a/crypto/openssl-0.9/crypto/asn1/x_algor.c +++ b/crypto/openssl-0.9/crypto/cms/cms_dd.c @@ -1,9 +1,9 @@ -/* x_algor.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2000. +/* crypto/cms/cms_dd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -49,25 +49,100 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ -#include -#include -#include +#include "cryptlib.h" #include +#include +#include +#include +#include +#include "cms_lcl.h" + +DECLARE_ASN1_ITEM(CMS_DigestedData) + +/* CMS DigestedData Utilities */ + +CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) + { + CMS_ContentInfo *cms; + CMS_DigestedData *dd; + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; + + dd = M_ASN1_new_of(CMS_DigestedData); + + if (!dd) + goto err; + + cms->contentType = OBJ_nid2obj(NID_pkcs7_digest); + cms->d.digestedData = dd; + + dd->version = 0; + dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); + + cms_DigestAlgorithm_set(dd->digestAlgorithm, md); + + return cms; + + err: + + if (cms) + CMS_ContentInfo_free(cms); + + return NULL; + } + +BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) + { + CMS_DigestedData *dd; + dd = cms->d.digestedData; + return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); + } + +int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) + { + EVP_MD_CTX mctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + int r = 0; + CMS_DigestedData *dd; + EVP_MD_CTX_init(&mctx); + + dd = cms->d.digestedData; + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + goto err; + + if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + goto err; + + if (verify) + { + if (mdlen != (unsigned int)dd->digest->length) + { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, + CMS_R_MESSAGEDIGEST_WRONG_LENGTH); + goto err; + } + + if (memcmp(md, dd->digest->data, mdlen)) + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, + CMS_R_VERIFICATION_FAILURE); + else + r = 1; + } + else + { + if (!ASN1_STRING_set(dd->digest, md, mdlen)) + goto err; + r = 1; + } -ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), - ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) -} ASN1_SEQUENCE_END(X509_ALGOR) + err: + EVP_MD_CTX_cleanup(&mctx); -IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) + return r; -IMPLEMENT_STACK_OF(X509_ALGOR) -IMPLEMENT_ASN1_SET_OF(X509_ALGOR) + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_enc.c b/crypto/openssl-0.9/crypto/cms/cms_enc.c new file mode 100644 index 0000000000..bab26235bd --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_enc.c @@ -0,0 +1,262 @@ +/* crypto/cms/cms_enc.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS EncryptedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_EncryptedData) + +/* Return BIO based on EncryptedContentInfo and key */ + +BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) + { + BIO *b; + EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *ciph; + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; + + int ok = 0; + + int enc, keep_key = 0; + + enc = ec->cipher ? 1 : 0; + + b = BIO_new(BIO_f_cipher()); + if (!b) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + BIO_get_cipher_ctx(b, &ctx); + + if (enc) + { + ciph = ec->cipher; + /* If not keeping key set cipher to NULL so subsequent calls + * decrypt. + */ + if (ec->key) + ec->cipher = NULL; + } + else + { + ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (!ciph) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_UNKNOWN_CIPHER); + goto err; + } + } + + if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_INITIALISATION_ERROR); + goto err; + } + + if (enc) + { + int ivlen; + calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + /* Generate a random IV if we need one */ + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + if (ivlen > 0) + { + if (RAND_pseudo_bytes(iv, ivlen) <= 0) + goto err; + piv = iv; + } + } + else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } + + + if (enc && !ec->key) + { + /* Generate random key */ + if (!ec->keylen) + ec->keylen = EVP_CIPHER_CTX_key_length(ctx); + ec->key = OPENSSL_malloc(ec->keylen); + if (!ec->key) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0) + goto err; + keep_key = 1; + } + else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx)) + { + /* If necessary set key length */ + if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + } + + if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_INITIALISATION_ERROR); + goto err; + } + + if (piv) + { + calg->parameter = ASN1_TYPE_new(); + if (!calg->parameter) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } + } + ok = 1; + + err: + if (ec->key && !keep_key) + { + OPENSSL_cleanse(ec->key, ec->keylen); + OPENSSL_free(ec->key); + ec->key = NULL; + } + if (ok) + return b; + BIO_free(b); + return NULL; + } + +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen) + { + ec->cipher = cipher; + if (key) + { + ec->key = OPENSSL_malloc(keylen); + if (!ec->key) + return 0; + memcpy(ec->key, key, keylen); + } + ec->keylen = keylen; + if (cipher) + ec->contentType = OBJ_nid2obj(NID_pkcs7_data); + return 1; + } + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen) + { + CMS_EncryptedContentInfo *ec; + if (!key || !keylen) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); + return 0; + } + if (ciph) + { + cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); + if (!cms->d.encryptedData) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); + cms->d.encryptedData->version = 0; + } + else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, + CMS_R_NOT_ENCRYPTED_DATA); + return 0; + } + ec = cms->d.encryptedData->encryptedContentInfo; + return cms_EncryptedContent_init(ec, ciph, key, keylen); + } + +BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) + { + CMS_EncryptedData *enc = cms->d.encryptedData; + if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) + enc->version = 2; + return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_env.c b/crypto/openssl-0.9/crypto/cms/cms_env.c new file mode 100644 index 0000000000..d499ae85b4 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_env.c @@ -0,0 +1,825 @@ +/* crypto/cms/cms_env.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS EnvelopedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ITEM(CMS_RecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) +DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) + +DECLARE_STACK_OF(CMS_RecipientInfo) + +static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) + { + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) + { + CMSerr(CMS_F_CMS_GET0_ENVELOPED, + CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + return NULL; + } + return cms->d.envelopedData; + } + +static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) + { + if (cms->d.other == NULL) + { + cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); + if (!cms->d.envelopedData) + { + CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + cms->d.envelopedData->version = 0; + cms->d.envelopedData->encryptedContentInfo->contentType = + OBJ_nid2obj(NID_pkcs7_data); + ASN1_OBJECT_free(cms->contentType); + cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); + return cms->d.envelopedData; + } + return cms_get0_enveloped(cms); + } + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) + { + CMS_EnvelopedData *env; + env = cms_get0_enveloped(cms); + if (!env) + return NULL; + return env->recipientInfos; + } + +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) + { + return ri->type; + } + +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) + { + CMS_ContentInfo *cms; + CMS_EnvelopedData *env; + cms = CMS_ContentInfo_new(); + if (!cms) + goto merr; + env = cms_enveloped_data_init(cms); + if (!env) + goto merr; + if (!cms_EncryptedContent_init(env->encryptedContentInfo, + cipher, NULL, 0)) + goto merr; + return cms; + merr: + if (cms) + CMS_ContentInfo_free(cms); + CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); + return NULL; + } + +/* Key Transport Recipient Info (KTRI) routines */ + +/* Add a recipient certificate. For now only handle key transport. + * If we ever handle key agreement will need updating. + */ + +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags) + { + CMS_RecipientInfo *ri = NULL; + CMS_KeyTransRecipientInfo *ktri; + CMS_EnvelopedData *env; + EVP_PKEY *pk = NULL; + int type; + env = cms_get0_enveloped(cms); + if (!env) + goto err; + + /* Initialize recipient info */ + ri = M_ASN1_new_of(CMS_RecipientInfo); + if (!ri) + goto merr; + + /* Initialize and add key transport recipient info */ + + ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); + if (!ri->d.ktri) + goto merr; + ri->type = CMS_RECIPINFO_TRANS; + + ktri = ri->d.ktri; + + X509_check_purpose(recip, -1, -1); + pk = X509_get_pubkey(recip); + if (!pk) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_ERROR_GETTING_PUBLIC_KEY); + goto err; + } + CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); + ktri->pkey = pk; + ktri->recip = recip; + + if (flags & CMS_USE_KEYID) + { + ktri->version = 2; + type = CMS_RECIPINFO_KEYIDENTIFIER; + } + else + { + ktri->version = 0; + type = CMS_RECIPINFO_ISSUER_SERIAL; + } + + /* Not a typo: RecipientIdentifier and SignerIdentifier are the + * same structure. + */ + + if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) + goto err; + + /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, + * hard code algorithm parameters. + */ + + if (pk->type == EVP_PKEY_RSA) + { + X509_ALGOR_set0(ktri->keyEncryptionAlgorithm, + OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + } + else + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + goto merr; + + return ri; + + merr: + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); + err: + if (ri) + M_ASN1_free_of(ri, CMS_RecipientInfo); + return NULL; + + } + +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg) + { + CMS_KeyTransRecipientInfo *ktri; + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + + ktri = ri->d.ktri; + + if (pk) + *pk = ktri->pkey; + if (recip) + *recip = ktri->recip; + if (palg) + *palg = ktri->keyEncryptionAlgorithm; + return 1; + } + +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + CMS_KeyTransRecipientInfo *ktri; + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ktri = ri->d.ktri; + + return cms_SignerIdentifier_get0_signer_id(ktri->rid, + keyid, issuer, sno); + } + +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) + { + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, + CMS_R_NOT_KEY_TRANSPORT); + return -2; + } + return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); + } + +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) + { + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ri->d.ktri->pkey = pkey; + return 1; + } + +/* Encrypt content key in key transport recipient info */ + +static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_KeyTransRecipientInfo *ktri; + CMS_EncryptedContentInfo *ec; + unsigned char *ek = NULL; + int eklen; + + int ret = 0; + + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ktri = ri->d.ktri; + ec = cms->d.envelopedData->encryptedContentInfo; + + eklen = EVP_PKEY_size(ktri->pkey); + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); + + if (eklen <= 0) + goto err; + + ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); + ek = NULL; + + ret = 1; + + err: + if (ek) + OPENSSL_free(ek); + return ret; + + } + +/* Decrypt content key from KTRI */ + +static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + unsigned char *ek = NULL; + int eklen; + int ret = 0; + + if (ktri->pkey == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, + CMS_R_NO_PRIVATE_KEY); + return 0; + } + + eklen = EVP_PKEY_size(ktri->pkey); + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + eklen = EVP_PKEY_decrypt(ek, + ktri->encryptedKey->data, + ktri->encryptedKey->length, ktri->pkey); + if (eklen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); + goto err; + } + + ret = 1; + + cms->d.envelopedData->encryptedContentInfo->key = ek; + cms->d.envelopedData->encryptedContentInfo->keylen = eklen; + + err: + if (!ret && ek) + OPENSSL_free(ek); + + return ret; + } + +/* Key Encrypted Key (KEK) RecipientInfo routines */ + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen) + { + ASN1_OCTET_STRING tmp_os; + CMS_KEKRecipientInfo *kekri; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); + return -2; + } + kekri = ri->d.kekri; + tmp_os.type = V_ASN1_OCTET_STRING; + tmp_os.flags = 0; + tmp_os.data = (unsigned char *)id; + tmp_os.length = (int)idlen; + return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); + } + +/* For now hard code AES key wrap info */ + +static size_t aes_wrap_keylen(int nid) + { + switch (nid) + { + case NID_id_aes128_wrap: + return 16; + + case NID_id_aes192_wrap: + return 24; + + case NID_id_aes256_wrap: + return 32; + + default: + return 0; + } + } + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType) + { + CMS_RecipientInfo *ri = NULL; + CMS_EnvelopedData *env; + CMS_KEKRecipientInfo *kekri; + env = cms_get0_enveloped(cms); + if (!env) + goto err; + + if (nid == NID_undef) + { + switch (keylen) + { + case 16: + nid = NID_id_aes128_wrap; + break; + + case 24: + nid = NID_id_aes192_wrap; + break; + + case 32: + nid = NID_id_aes256_wrap; + break; + + default: + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + + } + else + { + + size_t exp_keylen = aes_wrap_keylen(nid); + + if (!exp_keylen) + { + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_UNSUPPORTED_KEK_ALGORITHM); + goto err; + } + + if (keylen != exp_keylen) + { + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + + } + + /* Initialize recipient info */ + ri = M_ASN1_new_of(CMS_RecipientInfo); + if (!ri) + goto merr; + + ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); + if (!ri->d.kekri) + goto merr; + ri->type = CMS_RECIPINFO_KEK; + + kekri = ri->d.kekri; + + if (otherTypeId) + { + kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); + if (kekri->kekid->other == NULL) + goto merr; + } + + if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + goto merr; + + + /* After this point no calls can fail */ + + kekri->version = 4; + + kekri->key = key; + kekri->keylen = keylen; + + ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); + + kekri->kekid->date = date; + + if (kekri->kekid->other) + { + kekri->kekid->other->keyAttrId = otherTypeId; + kekri->kekid->other->keyAttr = otherType; + } + + X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, + OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + + return ri; + + merr: + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); + err: + if (ri) + M_ASN1_free_of(ri, CMS_RecipientInfo); + return NULL; + + } + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype) + { + CMS_KEKIdentifier *rkid; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); + return 0; + } + rkid = ri->d.kekri->kekid; + if (palg) + *palg = ri->d.kekri->keyEncryptionAlgorithm; + if (pid) + *pid = rkid->keyIdentifier; + if (pdate) + *pdate = rkid->date; + if (potherid) + { + if (rkid->other) + *potherid = rkid->other->keyAttrId; + else + *potherid = NULL; + } + if (pothertype) + { + if (rkid->other) + *pothertype = rkid->other->keyAttr; + else + *pothertype = NULL; + } + return 1; + } + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen) + { + CMS_KEKRecipientInfo *kekri; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); + return 0; + } + + kekri = ri->d.kekri; + kekri->key = key; + kekri->keylen = keylen; + return 1; + } + + +/* Encrypt content key in KEK recipient info */ + +static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_EncryptedContentInfo *ec; + CMS_KEKRecipientInfo *kekri; + AES_KEY actx; + unsigned char *wkey = NULL; + int wkeylen; + int r = 0; + + ec = cms->d.envelopedData->encryptedContentInfo; + + kekri = ri->d.kekri; + + if (!kekri->key) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); + return 0; + } + + if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, + CMS_R_ERROR_SETTING_KEY); + goto err; + } + + wkey = OPENSSL_malloc(ec->keylen + 8); + + if (!wkey) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); + + if (wkeylen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); + goto err; + } + + ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); + + r = 1; + + err: + + if (!r && wkey) + OPENSSL_free(wkey); + OPENSSL_cleanse(&actx, sizeof(actx)); + + return r; + + } + +/* Decrypt content key in KEK recipient info */ + +static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_EncryptedContentInfo *ec; + CMS_KEKRecipientInfo *kekri; + AES_KEY actx; + unsigned char *ukey = NULL; + int ukeylen; + int r = 0, wrap_nid; + + ec = cms->d.envelopedData->encryptedContentInfo; + + kekri = ri->d.kekri; + + if (!kekri->key) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); + return 0; + } + + wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); + if (aes_wrap_keylen(wrap_nid) != kekri->keylen) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_INVALID_KEY_LENGTH); + return 0; + } + + /* If encrypted key length is invalid don't bother */ + + if (kekri->encryptedKey->length < 16) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); + goto err; + } + + if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_ERROR_SETTING_KEY); + goto err; + } + + ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); + + if (!ukey) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + ukeylen = AES_unwrap_key(&actx, NULL, ukey, + kekri->encryptedKey->data, + kekri->encryptedKey->length); + + if (ukeylen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_UNWRAP_ERROR); + goto err; + } + + ec->key = ukey; + ec->keylen = ukeylen; + + r = 1; + + err: + + if (!r && ukey) + OPENSSL_free(ukey); + OPENSSL_cleanse(&actx, sizeof(actx)); + + return r; + + } + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) + { + switch(ri->type) + { + case CMS_RECIPINFO_TRANS: + return cms_RecipientInfo_ktri_decrypt(cms, ri); + + case CMS_RECIPINFO_KEK: + return cms_RecipientInfo_kekri_decrypt(cms, ri); + + default: + CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, + CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); + return 0; + } + } + +BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) + { + CMS_EncryptedContentInfo *ec; + STACK_OF(CMS_RecipientInfo) *rinfos; + CMS_RecipientInfo *ri; + int i, r, ok = 0; + BIO *ret; + + /* Get BIO first to set up key */ + + ec = cms->d.envelopedData->encryptedContentInfo; + ret = cms_EncryptedContent_init_bio(ec); + + /* If error or no cipher end of processing */ + + if (!ret || !ec->cipher) + return ret; + + /* Now encrypt content key according to each RecipientInfo type */ + + rinfos = cms->d.envelopedData->recipientInfos; + + for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) + { + ri = sk_CMS_RecipientInfo_value(rinfos, i); + + switch (ri->type) + { + case CMS_RECIPINFO_TRANS: + r = cms_RecipientInfo_ktri_encrypt(cms, ri); + break; + + case CMS_RECIPINFO_KEK: + r = cms_RecipientInfo_kekri_encrypt(cms, ri); + break; + + default: + CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, + CMS_R_UNSUPPORTED_RECIPIENT_TYPE); + goto err; + } + + if (r <= 0) + { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, + CMS_R_ERROR_SETTING_RECIPIENTINFO); + goto err; + } + } + + ok = 1; + + err: + ec->cipher = NULL; + if (ec->key) + { + OPENSSL_cleanse(ec->key, ec->keylen); + OPENSSL_free(ec->key); + ec->key = NULL; + ec->keylen = 0; + } + if (ok) + return ret; + BIO_free(ret); + return NULL; + + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_err.c b/crypto/openssl-0.9/crypto/cms/cms_err.c new file mode 100644 index 0000000000..52fa53954f --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_err.c @@ -0,0 +1,236 @@ +/* crypto/cms/cms_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) + +static ERR_STRING_DATA CMS_str_functs[]= + { +{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, +{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, +{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, +{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, +{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, +{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, +{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, +{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, +{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, +{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, +{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, +{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, +{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, +{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, +{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, +{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, +{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, +{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, +{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, +{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, +{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, +{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, +{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, +{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, +{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"}, +{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, +{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, +{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, +{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, +{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, +{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, +{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, +{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, +{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, +{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, +{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, +{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, +{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, +{0,NULL} + }; + +static ERR_STRING_DATA CMS_str_reasons[]= + { +{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, +{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"}, +{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, +{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, +{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, +{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"}, +{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"}, +{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"}, +{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"}, +{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"}, +{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"}, +{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"}, +{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"}, +{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"}, +{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"}, +{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"}, +{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"}, +{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"}, +{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"}, +{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"}, +{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"}, +{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"}, +{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"}, +{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"}, +{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"}, +{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"}, +{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"}, +{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"}, +{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"}, +{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"}, +{ERR_REASON(CMS_R_NO_KEY) ,"no key"}, +{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"}, +{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"}, +{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"}, +{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"}, +{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"}, +{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"}, +{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"}, +{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"}, +{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"}, +{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"}, +{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"}, +{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"}, +{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"}, +{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"}, +{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"}, +{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"}, +{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"}, +{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"}, +{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"}, +{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"}, +{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"}, +{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"}, +{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"}, +{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, +{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"}, +{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"}, +{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"}, +{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"}, +{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"}, +{0,NULL} + }; + +#endif + +void ERR_load_CMS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,CMS_str_functs); + ERR_load_strings(0,CMS_str_reasons); + } +#endif + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_ess.c b/crypto/openssl-0.9/crypto/cms/cms_ess.c new file mode 100644 index 0000000000..ed34ff3228 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_ess.c @@ -0,0 +1,420 @@ +/* crypto/cms/cms_ess.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +DECLARE_ASN1_ITEM(CMS_ReceiptRequest) +DECLARE_ASN1_ITEM(CMS_Receipt) + +IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) + +/* ESS services: for now just Signed Receipt related */ + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) + { + ASN1_STRING *str; + CMS_ReceiptRequest *rr = NULL; + if (prr) + *prr = NULL; + str = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_id_smime_aa_receiptRequest), + -3, V_ASN1_SEQUENCE); + if (!str) + return 0; + + rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest)); + if (!rr) + return -1; + if (prr) + *prr = rr; + else + CMS_ReceiptRequest_free(rr); + return 1; + } + +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo) + { + CMS_ReceiptRequest *rr = NULL; + + rr = CMS_ReceiptRequest_new(); + if (!rr) + goto merr; + if (id) + ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); + else + { + if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) + goto merr; + if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) + <= 0) + goto err; + } + + sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); + rr->receiptsTo = receiptsTo; + + if (receiptList) + { + rr->receiptsFrom->type = 1; + rr->receiptsFrom->d.receiptList = receiptList; + } + else + { + rr->receiptsFrom->type = 0; + rr->receiptsFrom->d.allOrFirstTier = allorfirst; + } + + return rr; + + merr: + CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + + return NULL; + + } + +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) + { + unsigned char *rrder = NULL; + int rrderlen, r = 0; + + rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder); + if (rrderlen < 0) + goto merr; + + if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, + V_ASN1_SEQUENCE, rrder, rrderlen)) + goto merr; + + r = 1; + + merr: + if (!r) + CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); + + if (rrder) + OPENSSL_free(rrder); + + return r; + + } + +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto) + { + if (pcid) + *pcid = rr->signedContentIdentifier; + if (rr->receiptsFrom->type == 0) + { + if (pallorfirst) + *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; + if (plist) + *plist = NULL; + } + else + { + if (pallorfirst) + *pallorfirst = -1; + if (plist) + *plist = rr->receiptsFrom->d.receiptList; + } + if (prto) + *prto = rr->receiptsTo; + } + +/* Digest a SignerInfo structure for msgSigDigest attribute processing */ + +static int cms_msgSigDigest(CMS_SignerInfo *si, + unsigned char *dig, unsigned int *diglen) + { + const EVP_MD *md; + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return 0; + if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, + si->signedAttrs, dig, diglen)) + return 0; + return 1; + } + +/* Add a msgSigDigest attribute to a SignerInfo */ + +int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) + { + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int diglen; + if (!cms_msgSigDigest(src, dig, &diglen)) + { + CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); + return 0; + } + if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, + V_ASN1_OCTET_STRING, dig, diglen)) + { + CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; + } + +/* Verify signed receipt after it has already passed normal CMS verify */ + +int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) + { + int r = 0, i; + CMS_ReceiptRequest *rr = NULL; + CMS_Receipt *rct = NULL; + STACK_OF(CMS_SignerInfo) *sis, *osis; + CMS_SignerInfo *si, *osi = NULL; + ASN1_OCTET_STRING *msig, **pcont; + ASN1_OBJECT *octype; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int diglen; + + /* Get SignerInfos, also checks SignedData content type */ + osis = CMS_get0_SignerInfos(req_cms); + sis = CMS_get0_SignerInfos(cms); + if (!osis || !sis) + goto err; + + if (sk_CMS_SignerInfo_num(sis) != 1) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER); + goto err; + } + + /* Check receipt content type */ + if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT); + goto err; + } + + /* Extract and decode receipt content */ + pcont = CMS_get0_content(cms); + if (!pcont || !*pcont) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT); + goto err; + } + + rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); + + if (!rct) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR); + goto err; + } + + /* Locate original request */ + + for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) + { + osi = sk_CMS_SignerInfo_value(osis, i); + if (!ASN1_STRING_cmp(osi->signature, + rct->originatorSignatureValue)) + break; + } + + if (i == sk_CMS_SignerInfo_num(osis)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE); + goto err; + } + + si = sk_CMS_SignerInfo_value(sis, 0); + + /* Get msgSigDigest value and compare */ + + msig = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), + -3, V_ASN1_OCTET_STRING); + + if (!msig) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); + goto err; + } + + if (!cms_msgSigDigest(osi, dig, &diglen)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR); + goto err; + } + + if (diglen != (unsigned int)msig->length) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_WRONG_LENGTH); + goto err; + } + + if (memcmp(dig, msig->data, diglen)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); + goto err; + } + + /* Compare content types */ + + octype = CMS_signed_get0_data_by_OBJ(osi, + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); + if (!octype) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); + goto err; + } + + /* Compare details in receipt request */ + + if (OBJ_cmp(octype, rct->contentType)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH); + goto err; + } + + /* Get original receipt request details */ + + if (!CMS_get1_ReceiptRequest(osi, &rr)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); + goto err; + } + + if (ASN1_STRING_cmp(rr->signedContentIdentifier, + rct->signedContentIdentifier)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_CONTENTIDENTIFIER_MISMATCH); + goto err; + } + + r = 1; + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + if (rct) + M_ASN1_free_of(rct, CMS_Receipt); + + return r; + + } + +/* Encode a Receipt into an OCTET STRING read for including into content of + * a SignedData ContentInfo. + */ + +ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) + { + CMS_Receipt rct; + CMS_ReceiptRequest *rr = NULL; + ASN1_OBJECT *ctype; + ASN1_OCTET_STRING *os = NULL; + + /* Get original receipt request */ + + /* Get original receipt request details */ + + if (!CMS_get1_ReceiptRequest(si, &rr)) + { + CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); + goto err; + } + + /* Get original content type */ + + ctype = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); + if (!ctype) + { + CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); + goto err; + } + + rct.version = 1; + rct.contentType = ctype; + rct.signedContentIdentifier = rr->signedContentIdentifier; + rct.originatorSignatureValue = si->signature; + + os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + + return os; + + } + + diff --git a/crypto/openssl-0.9/crypto/asn1/x_algor.c b/crypto/openssl-0.9/crypto/cms/cms_io.c similarity index 54% copy from crypto/openssl-0.9/crypto/asn1/x_algor.c copy to crypto/openssl-0.9/crypto/cms/cms_io.c index 00b9ea54a1..30f5ddfe6d 100644 --- a/crypto/openssl-0.9/crypto/asn1/x_algor.c +++ b/crypto/openssl-0.9/crypto/cms/cms_io.c @@ -1,9 +1,9 @@ -/* x_algor.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2000. +/* crypto/cms/cms_io.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -49,25 +49,92 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ -#include -#include -#include #include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) + { + return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); + } + +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) + { + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); + } + +IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) + +/* Callback for int_smime_write_ASN1 */ + +static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) + { + CMS_ContentInfo *cms = (CMS_ContentInfo *)val; + BIO *tmpbio, *cmsbio; + int r = 0; + + if (!(flags & SMIME_DETACHED)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Let CMS code prepend any needed BIOs */ + + cmsbio = CMS_dataInit(cms, out); + + if (!cmsbio) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ + SMIME_crlf_copy(data, cmsbio, flags); + + /* Finalize structure */ + if (CMS_dataFinal(cms, cmsbio) <= 0) + goto err; + + r = 1; + + err: + + /* Now remove any digests prepended to the BIO */ + + while (cmsbio != out) + { + tmpbio = BIO_pop(cmsbio); + BIO_free(cmsbio); + cmsbio = tmpbio; + } + + return 1; + + } + -ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), - ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) -} ASN1_SEQUENCE_END(X509_ALGOR) +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(cms->contentType); + int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = cms->d.signedData->digestAlgorithms; + else + mdalgs = NULL; -IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) + return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, + ctype_nid, econt_nid, mdalgs, + cms_output_data, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } -IMPLEMENT_STACK_OF(X509_ALGOR) -IMPLEMENT_ASN1_SET_OF(X509_ALGOR) +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) + { + return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_lcl.h b/crypto/openssl-0.9/crypto/cms/cms_lcl.h new file mode 100644 index 0000000000..7d60fac67e --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_lcl.h @@ -0,0 +1,460 @@ +/* crypto/cms/cms_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMS_LCL_H +#define HEADER_CMS_LCL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Cryptographic message syntax (CMS) structures: taken + * from RFC3852 + */ + +/* Forward references */ + +typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; +typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; +typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; +typedef struct CMS_SignedData_st CMS_SignedData; +typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; +typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; +typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; +typedef struct CMS_DigestedData_st CMS_DigestedData; +typedef struct CMS_EncryptedData_st CMS_EncryptedData; +typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; +typedef struct CMS_CompressedData_st CMS_CompressedData; +typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; +typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; +typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; +typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; +typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; +typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; +typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; +typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; +typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; +typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; +typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; + +struct CMS_ContentInfo_st + { + ASN1_OBJECT *contentType; + union { + ASN1_OCTET_STRING *data; + CMS_SignedData *signedData; + CMS_EnvelopedData *envelopedData; + CMS_DigestedData *digestedData; + CMS_EncryptedData *encryptedData; + CMS_AuthenticatedData *authenticatedData; + CMS_CompressedData *compressedData; + ASN1_TYPE *other; + /* Other types ... */ + void *otherData; + } d; + }; + +struct CMS_SignedData_st + { + long version; + STACK_OF(X509_ALGOR) *digestAlgorithms; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; + STACK_OF(CMS_SignerInfo) *signerInfos; + }; + +struct CMS_EncapsulatedContentInfo_st + { + ASN1_OBJECT *eContentType; + ASN1_OCTET_STRING *eContent; + /* Set to 1 if incomplete structure only part set up */ + int partial; + }; + +struct CMS_SignerInfo_st + { + long version; + CMS_SignerIdentifier *sid; + X509_ALGOR *digestAlgorithm; + STACK_OF(X509_ATTRIBUTE) *signedAttrs; + X509_ALGOR *signatureAlgorithm; + ASN1_OCTET_STRING *signature; + STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; + /* Signing certificate and key */ + X509 *signer; + EVP_PKEY *pkey; + }; + +struct CMS_SignerIdentifier_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + } d; + }; + +struct CMS_EnvelopedData_st + { + long version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; + }; + +struct CMS_OriginatorInfo_st + { + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; + }; + +struct CMS_EncryptedContentInfo_st + { + ASN1_OBJECT *contentType; + X509_ALGOR *contentEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedContent; + /* Content encryption algorithm and key */ + const EVP_CIPHER *cipher; + unsigned char *key; + size_t keylen; + }; + +struct CMS_RecipientInfo_st + { + int type; + union { + CMS_KeyTransRecipientInfo *ktri; + CMS_KeyAgreeRecipientInfo *kari; + CMS_KEKRecipientInfo *kekri; + CMS_PasswordRecipientInfo *pwri; + CMS_OtherRecipientInfo *ori; + } d; + }; + +typedef CMS_SignerIdentifier CMS_RecipientIdentifier; + +struct CMS_KeyTransRecipientInfo_st + { + long version; + CMS_RecipientIdentifier *rid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Recipient Key and cert */ + X509 *recip; + EVP_PKEY *pkey; + }; + +struct CMS_KeyAgreeRecipientInfo_st + { + long version; + CMS_OriginatorIdentifierOrKey *originator; + ASN1_OCTET_STRING *ukm; + X509_ALGOR *keyEncryptionAlgorithm; + STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; + }; + +struct CMS_OriginatorIdentifierOrKey_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + CMS_OriginatorPublicKey *originatorKey; + } d; + }; + +struct CMS_OriginatorPublicKey_st + { + X509_ALGOR *algorithm; + ASN1_BIT_STRING *publicKey; + }; + +struct CMS_RecipientEncryptedKey_st + { + CMS_KeyAgreeRecipientIdentifier *rid; + ASN1_OCTET_STRING *encryptedKey; + }; + +struct CMS_KeyAgreeRecipientIdentifier_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + CMS_RecipientKeyIdentifier *rKeyId; + } d; + }; + +struct CMS_RecipientKeyIdentifier_st + { + ASN1_OCTET_STRING *subjectKeyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; + }; + +struct CMS_KEKRecipientInfo_st + { + long version; + CMS_KEKIdentifier *kekid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Extra info: symmetric key to use */ + unsigned char *key; + size_t keylen; + }; + +struct CMS_KEKIdentifier_st + { + ASN1_OCTET_STRING *keyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; + }; + +struct CMS_PasswordRecipientInfo_st + { + long version; + X509_ALGOR *keyDerivationAlgorithm; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + }; + +struct CMS_OtherRecipientInfo_st + { + ASN1_OBJECT *oriType; + ASN1_TYPE *oriValue; + }; + +struct CMS_DigestedData_st + { + long version; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + ASN1_OCTET_STRING *digest; + }; + +struct CMS_EncryptedData_st + { + long version; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; + }; + +struct CMS_AuthenticatedData_st + { + long version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + X509_ALGOR *macAlgorithm; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(X509_ATTRIBUTE) *authAttrs; + ASN1_OCTET_STRING *mac; + STACK_OF(X509_ATTRIBUTE) *unauthAttrs; + }; + +struct CMS_CompressedData_st + { + long version; + X509_ALGOR *compressionAlgorithm; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncapsulatedContentInfo *encapContentInfo; + }; + +struct CMS_RevocationInfoChoice_st + { + int type; + union { + X509_CRL *crl; + CMS_OtherRevocationInfoFormat *other; + } d; + }; + +#define CMS_REVCHOICE_CRL 0 +#define CMS_REVCHOICE_OTHER 1 + +struct CMS_OtherRevocationInfoFormat_st + { + ASN1_OBJECT *otherRevInfoFormat; + ASN1_TYPE *otherRevInfo; + }; + +struct CMS_CertificateChoices + { + int type; + union { + X509 *certificate; + ASN1_STRING *extendedCertificate; /* Obsolete */ + ASN1_STRING *v1AttrCert; /* Left encoded for now */ + ASN1_STRING *v2AttrCert; /* Left encoded for now */ + CMS_OtherCertificateFormat *other; + } d; + }; + +#define CMS_CERTCHOICE_CERT 0 +#define CMS_CERTCHOICE_EXCERT 1 +#define CMS_CERTCHOICE_V1ACERT 2 +#define CMS_CERTCHOICE_V2ACERT 3 +#define CMS_CERTCHOICE_OTHER 4 + +struct CMS_OtherCertificateFormat_st + { + ASN1_OBJECT *otherCertFormat; + ASN1_TYPE *otherCert; + }; + +/* This is also defined in pkcs7.h but we duplicate it + * to allow the CMS code to be independent of PKCS#7 + */ + +struct CMS_IssuerAndSerialNumber_st + { + X509_NAME *issuer; + ASN1_INTEGER *serialNumber; + }; + +struct CMS_OtherKeyAttribute_st + { + ASN1_OBJECT *keyAttrId; + ASN1_TYPE *keyAttr; + }; + +/* ESS structures */ + +#ifdef HEADER_X509V3_H + +struct CMS_ReceiptRequest_st + { + ASN1_OCTET_STRING *signedContentIdentifier; + CMS_ReceiptsFrom *receiptsFrom; + STACK_OF(GENERAL_NAMES) *receiptsTo; + }; + + +struct CMS_ReceiptsFrom_st + { + int type; + union + { + long allOrFirstTier; + STACK_OF(GENERAL_NAMES) *receiptList; + } d; + }; +#endif + +struct CMS_Receipt_st + { + long version; + ASN1_OBJECT *contentType; + ASN1_OCTET_STRING *signedContentIdentifier; + ASN1_OCTET_STRING *originatorSignatureValue; + }; + +DECLARE_ASN1_ITEM(CMS_SignerInfo) +DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) +DECLARE_ASN1_ITEM(CMS_Attributes_Sign) +DECLARE_ASN1_ITEM(CMS_Attributes_Verify) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_ISSUER_SERIAL 0 +#define CMS_RECIPINFO_KEYIDENTIFIER 1 + +BIO *cms_content_bio(CMS_ContentInfo *cms); + +CMS_ContentInfo *cms_Data_create(void); + +CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); +BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); +int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); + +BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); +int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); +int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); +int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); + +CMS_ContentInfo *cms_CompressedData_create(int comp_nid); +BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); + +void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); +BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); +int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg); + +BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); +BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen); + +int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); +int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); +ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); + +BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/openssl-0.9/crypto/cms/cms_lib.c b/crypto/openssl-0.9/crypto/cms/cms_lib.c new file mode 100644 index 0000000000..8e6c1d29a5 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_lib.c @@ -0,0 +1,623 @@ +/* crypto/cms/cms_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) + +DECLARE_ASN1_ITEM(CMS_CertificateChoices) +DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) +DECLARE_STACK_OF(CMS_CertificateChoices) +DECLARE_STACK_OF(CMS_RevocationInfoChoice) + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) + { + return cms->contentType; + } + +CMS_ContentInfo *cms_Data_create(void) + { + CMS_ContentInfo *cms; + cms = CMS_ContentInfo_new(); + if (cms) + { + cms->contentType = OBJ_nid2obj(NID_pkcs7_data); + /* Never detached */ + CMS_set_detached(cms, 0); + } + return cms; + } + +BIO *cms_content_bio(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) + return NULL; + /* If content detached data goes nowhere: create NULL BIO */ + if (!*pos) + return BIO_new(BIO_s_null()); + /* If content not detached and created return memory BIO + */ + if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) + return BIO_new(BIO_s_mem()); + /* Else content was read in: return read only BIO for it */ + return BIO_new_mem_buf((*pos)->data, (*pos)->length); + } + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) + { + BIO *cmsbio, *cont; + if (icont) + cont = icont; + else + cont = cms_content_bio(cms); + if (!cont) + { + CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); + return NULL; + } + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + return cont; + + case NID_pkcs7_signed: + cmsbio = cms_SignedData_init_bio(cms); + break; + + case NID_pkcs7_digest: + cmsbio = cms_DigestedData_init_bio(cms); + break; +#ifdef ZLIB + case NID_id_smime_ct_compressedData: + cmsbio = cms_CompressedData_init_bio(cms); + break; +#endif + + case NID_pkcs7_encrypted: + cmsbio = cms_EncryptedData_init_bio(cms); + break; + + case NID_pkcs7_enveloped: + cmsbio = cms_EnvelopedData_init_bio(cms); + break; + + default: + CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); + return NULL; + } + + if (cmsbio) + return BIO_push(cmsbio, cont); + + if (!icont) + BIO_free(cont); + return NULL; + + } + +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) + return 0; + /* If ebmedded content find memory BIO and set content */ + if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) + { + BIO *mbio; + unsigned char *cont; + long contlen; + mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); + if (!mbio) + { + CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); + return 0; + } + contlen = BIO_get_mem_data(mbio, &cont); + /* Set bio as read only so its content can't be clobbered */ + BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(mbio, 0); + ASN1_STRING_set0(*pos, cont, contlen); + (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; + } + + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + case NID_pkcs7_enveloped: + case NID_pkcs7_encrypted: + case NID_id_smime_ct_compressedData: + /* Nothing to do */ + return 1; + + case NID_pkcs7_signed: + return cms_SignedData_final(cms, cmsbio); + + case NID_pkcs7_digest: + return cms_DigestedData_do_final(cms, cmsbio, 0); + + default: + CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); + return 0; + } + } + +/* Return an OCTET STRING pointer to content. This allows it to + * be accessed or set later. + */ + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + return &cms->d.data; + + case NID_pkcs7_signed: + return &cms->d.signedData->encapContentInfo->eContent; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; + + case NID_pkcs7_digest: + return &cms->d.digestedData->encapContentInfo->eContent; + + case NID_pkcs7_encrypted: + return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; + + case NID_id_smime_ct_authData: + return &cms->d.authenticatedData->encapContentInfo->eContent; + + case NID_id_smime_ct_compressedData: + return &cms->d.compressedData->encapContentInfo->eContent; + + default: + if (cms->d.other->type == V_ASN1_OCTET_STRING) + return &cms->d.other->value.octet_string; + CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +/* Return an ASN1_OBJECT pointer to content type. This allows it to + * be accessed or set later. + */ + +static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->encapContentInfo->eContentType; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->encryptedContentInfo->contentType; + + case NID_pkcs7_digest: + return &cms->d.digestedData->encapContentInfo->eContentType; + + case NID_pkcs7_encrypted: + return &cms->d.encryptedData->encryptedContentInfo->contentType; + + case NID_id_smime_ct_authData: + return &cms->d.authenticatedData->encapContentInfo->eContentType; + + case NID_id_smime_ct_compressedData: + return &cms->d.compressedData->encapContentInfo->eContentType; + + default: + CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) + { + ASN1_OBJECT **petype; + petype = cms_get0_econtent_type(cms); + if (petype) + return *petype; + return NULL; + } + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) + { + ASN1_OBJECT **petype, *etype; + petype = cms_get0_econtent_type(cms); + if (!petype) + return 0; + if (!oid) + return 1; + etype = OBJ_dup(oid); + if (!etype) + return 0; + ASN1_OBJECT_free(*petype); + *petype = etype; + return 1; + } + +int CMS_is_detached(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return -1; + if (*pos) + return 0; + return 1; + } + +int CMS_set_detached(CMS_ContentInfo *cms, int detached) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return 0; + if (detached) + { + if (*pos) + { + ASN1_OCTET_STRING_free(*pos); + *pos = NULL; + } + return 1; + } + if (!*pos) + *pos = ASN1_OCTET_STRING_new(); + if (*pos) + { + /* NB: special flag to show content is created and not + * read in. + */ + (*pos)->flags |= ASN1_STRING_FLAG_CONT; + return 1; + } + CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); + return 0; + } + +/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ + +void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) + { + int param_type; + + switch (EVP_MD_type(md)) + { + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + param_type = V_ASN1_UNDEF; + break; + + default: + param_type = V_ASN1_NULL; + break; + } + + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); + + } + +/* Create a digest BIO from an X509_ALGOR structure */ + +BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) + { + BIO *mdbio = NULL; + ASN1_OBJECT *digestoid; + const EVP_MD *digest; + X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); + digest = EVP_get_digestbyobj(digestoid); + if (!digest) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, + CMS_R_UNKNOWN_DIGEST_ALGORIHM); + goto err; + } + mdbio = BIO_new(BIO_f_md()); + if (!mdbio || !BIO_set_md(mdbio, digest)) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, + CMS_R_MD_BIO_INIT_ERROR); + goto err; + } + return mdbio; + err: + if (mdbio) + BIO_free(mdbio); + return NULL; + } + +/* Locate a message digest content from a BIO chain based on SignerInfo */ + +int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg) + { + int nid; + ASN1_OBJECT *mdoid; + X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); + nid = OBJ_obj2nid(mdoid); + /* Look for digest type to match signature */ + for (;;) + { + EVP_MD_CTX *mtmp; + chain = BIO_find_type(chain, BIO_TYPE_MD); + if (chain == NULL) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, + CMS_R_NO_MATCHING_DIGEST); + return 0; + } + BIO_get_md_ctx(chain, &mtmp); + if (EVP_MD_CTX_type(mtmp) == nid) + { + EVP_MD_CTX_copy_ex(mctx, mtmp); + return 1; + } + chain = BIO_next(chain); + } + } + +static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->certificates; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->originatorInfo->certificates; + + default: + CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) + { + STACK_OF(CMS_CertificateChoices) **pcerts; + CMS_CertificateChoices *cch; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return NULL; + if (!*pcerts) + *pcerts = sk_CMS_CertificateChoices_new_null(); + if (!*pcerts) + return NULL; + cch = M_ASN1_new_of(CMS_CertificateChoices); + if (!cch) + return NULL; + if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) + { + M_ASN1_free_of(cch, CMS_CertificateChoices); + return NULL; + } + return cch; + } + +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) + { + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) **pcerts; + int i; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return 0; + if (!pcerts) + return 0; + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) + { + cch = sk_CMS_CertificateChoices_value(*pcerts, i); + if (cch->type == CMS_CERTCHOICE_CERT) + { + if (!X509_cmp(cch->d.certificate, cert)) + { + CMSerr(CMS_F_CMS_ADD0_CERT, + CMS_R_CERTIFICATE_ALREADY_PRESENT); + return 0; + } + } + } + cch = CMS_add0_CertificateChoices(cms); + if (!cch) + return 0; + cch->type = CMS_CERTCHOICE_CERT; + cch->d.certificate = cert; + return 1; + } + +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) + { + int r; + r = CMS_add0_cert(cms, cert); + if (r > 0) + CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + return r; + } + +static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->crls; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->originatorInfo->crls; + + default: + CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) + { + STACK_OF(CMS_RevocationInfoChoice) **pcrls; + CMS_RevocationInfoChoice *rch; + pcrls = cms_get0_revocation_choices(cms); + if (!pcrls) + return NULL; + if (!*pcrls) + *pcrls = sk_CMS_RevocationInfoChoice_new_null(); + if (!*pcrls) + return NULL; + rch = M_ASN1_new_of(CMS_RevocationInfoChoice); + if (!rch) + return NULL; + if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) + { + M_ASN1_free_of(rch, CMS_RevocationInfoChoice); + return NULL; + } + return rch; + } + +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) + { + CMS_RevocationInfoChoice *rch; + rch = CMS_add0_RevocationInfoChoice(cms); + if (!rch) + return 0; + rch->type = CMS_REVCHOICE_CRL; + rch->d.crl = crl; + return 1; + } + +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) + { + STACK_OF(X509) *certs = NULL; + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) **pcerts; + int i; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return NULL; + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) + { + cch = sk_CMS_CertificateChoices_value(*pcerts, i); + if (cch->type == 0) + { + if (!certs) + { + certs = sk_X509_new_null(); + if (!certs) + return NULL; + } + if (!sk_X509_push(certs, cch->d.certificate)) + { + sk_X509_pop_free(certs, X509_free); + return NULL; + } + CRYPTO_add(&cch->d.certificate->references, + 1, CRYPTO_LOCK_X509); + } + } + return certs; + + } + +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) + { + STACK_OF(X509_CRL) *crls = NULL; + STACK_OF(CMS_RevocationInfoChoice) **pcrls; + CMS_RevocationInfoChoice *rch; + int i; + pcrls = cms_get0_revocation_choices(cms); + if (!pcrls) + return NULL; + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) + { + rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); + if (rch->type == 0) + { + if (!crls) + { + crls = sk_X509_CRL_new_null(); + if (!crls) + return NULL; + } + if (!sk_X509_CRL_push(crls, rch->d.crl)) + { + sk_X509_CRL_pop_free(crls, X509_CRL_free); + return NULL; + } + CRYPTO_add(&rch->d.crl->references, + 1, CRYPTO_LOCK_X509_CRL); + } + } + return crls; + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_sd.c b/crypto/openssl-0.9/crypto/cms/cms_sd.c new file mode 100644 index 0000000000..591bfbec33 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_sd.c @@ -0,0 +1,1014 @@ +/* crypto/cms/cms_sd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS SignedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_SignedData) + +static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) + { + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) + { + CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); + return NULL; + } + return cms->d.signedData; + } + +static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) + { + if (cms->d.other == NULL) + { + cms->d.signedData = M_ASN1_new_of(CMS_SignedData); + if (!cms->d.signedData) + { + CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + cms->d.signedData->version = 1; + cms->d.signedData->encapContentInfo->eContentType = + OBJ_nid2obj(NID_pkcs7_data); + cms->d.signedData->encapContentInfo->partial = 1; + ASN1_OBJECT_free(cms->contentType); + cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); + return cms->d.signedData; + } + return cms_get0_signed(cms); + } + +/* Just initialize SignedData e.g. for certs only structure */ + +int CMS_SignedData_init(CMS_ContentInfo *cms) + { + if (cms_signed_data_init(cms)) + return 1; + else + return 0; + } + +/* Check structures and fixup version numbers (if necessary) */ + +static void cms_sd_set_version(CMS_SignedData *sd) + { + int i; + CMS_CertificateChoices *cch; + CMS_RevocationInfoChoice *rch; + CMS_SignerInfo *si; + + for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) + { + cch = sk_CMS_CertificateChoices_value(sd->certificates, i); + if (cch->type == CMS_CERTCHOICE_OTHER) + { + if (sd->version < 5) + sd->version = 5; + } + else if (cch->type == CMS_CERTCHOICE_V2ACERT) + { + if (sd->version < 4) + sd->version = 4; + } + else if (cch->type == CMS_CERTCHOICE_V1ACERT) + { + if (sd->version < 3) + sd->version = 3; + } + } + + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) + { + rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); + if (rch->type == CMS_REVCHOICE_OTHER) + { + if (sd->version < 5) + sd->version = 5; + } + } + + if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) + && (sd->version < 3)) + sd->version = 3; + + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) + { + si = sk_CMS_SignerInfo_value(sd->signerInfos, i); + if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + if (si->version < 3) + si->version = 3; + if (sd->version < 3) + sd->version = 3; + } + else + sd->version = 1; + } + + if (sd->version < 1) + sd->version = 1; + + } + +/* Copy an existing messageDigest value */ + +static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) + { + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *sitmp; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + ASN1_OCTET_STRING *messageDigest; + sitmp = sk_CMS_SignerInfo_value(sinfos, i); + if (sitmp == si) + continue; + if (CMS_signed_get_attr_count(sitmp) < 0) + continue; + if (OBJ_cmp(si->digestAlgorithm->algorithm, + sitmp->digestAlgorithm->algorithm)) + continue; + messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!messageDigest) + { + CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + return 0; + } + + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, + messageDigest, -1)) + return 1; + else + return 0; + } + CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); + return 0; + } + +int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) + { + switch(type) + { + case CMS_SIGNERINFO_ISSUER_SERIAL: + sid->d.issuerAndSerialNumber = + M_ASN1_new_of(CMS_IssuerAndSerialNumber); + if (!sid->d.issuerAndSerialNumber) + goto merr; + if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, + X509_get_issuer_name(cert))) + goto merr; + ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); + sid->d.issuerAndSerialNumber->serialNumber = + ASN1_STRING_dup(X509_get_serialNumber(cert)); + if(!sid->d.issuerAndSerialNumber->serialNumber) + goto merr; + break; + + case CMS_SIGNERINFO_KEYIDENTIFIER: + if (!cert->skid) + { + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, + CMS_R_CERTIFICATE_HAS_NO_KEYID); + return 0; + } + sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); + if (!sid->d.subjectKeyIdentifier) + goto merr; + break; + + default: + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); + return 0; + } + + sid->type = type; + + return 1; + + merr: + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); + return 0; + + } + +int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) + { + if (issuer) + *issuer = sid->d.issuerAndSerialNumber->issuer; + if (sno) + *sno = sid->d.issuerAndSerialNumber->serialNumber; + } + else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + if (keyid) + *keyid = sid->d.subjectKeyIdentifier; + } + else + return 0; + return 1; + } + +int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) + { + int ret; + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) + { + ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, + X509_get_issuer_name(cert)); + if (ret) + return ret; + return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, + X509_get_serialNumber(cert)); + } + else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + X509_check_purpose(cert, -1, -1); + if (!cert->skid) + return -1; + return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, + cert->skid); + } + else + return -1; + } + +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags) + { + CMS_SignedData *sd; + CMS_SignerInfo *si = NULL; + X509_ALGOR *alg; + int i, type; + if(!X509_check_private_key(signer, pk)) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + sd = cms_signed_data_init(cms); + if (!sd) + goto err; + si = M_ASN1_new_of(CMS_SignerInfo); + if (!si) + goto merr; + X509_check_purpose(signer, -1, -1); + + CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + + si->pkey = pk; + si->signer = signer; + + if (flags & CMS_USE_KEYID) + { + si->version = 3; + if (sd->version < 3) + sd->version = 3; + type = CMS_SIGNERINFO_KEYIDENTIFIER; + } + else + { + type = CMS_SIGNERINFO_ISSUER_SERIAL; + si->version = 1; + } + + if (!cms_set1_SignerIdentifier(si->sid, signer, type)) + goto err; + + /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ + if (md == NULL) + md = EVP_sha1(); + + /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ + + if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + cms_DigestAlgorithm_set(si->digestAlgorithm, md); + + /* See if digest is present in digestAlgorithms */ + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) + { + ASN1_OBJECT *aoid; + alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); + X509_ALGOR_get0(&aoid, NULL, NULL, alg); + if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) + break; + } + + if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) + { + alg = X509_ALGOR_new(); + if (!alg) + goto merr; + cms_DigestAlgorithm_set(alg, md); + if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) + { + X509_ALGOR_free(alg); + goto merr; + } + } + + /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, + * hard code algorithm parameters. + */ + + switch (pk->type) + { + + case EVP_PKEY_RSA: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + break; + + case EVP_PKEY_DSA: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_dsaWithSHA1), + V_ASN1_UNDEF, 0); + break; + + + case EVP_PKEY_EC: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_ecdsa_with_SHA1), + V_ASN1_UNDEF, 0); + break; + + default: + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + + } + + if (!(flags & CMS_NOATTR)) + { + /* Initialialize signed attributes strutucture so other + * attributes such as signing time etc are added later + * even if we add none here. + */ + if (!si->signedAttrs) + { + si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); + if (!si->signedAttrs) + goto merr; + } + + if (!(flags & CMS_NOSMIMECAP)) + { + STACK_OF(X509_ALGOR) *smcap = NULL; + i = CMS_add_standard_smimecap(&smcap); + if (i) + i = CMS_add_smimecap(si, smcap); + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + if (!i) + goto merr; + } + if (flags & CMS_REUSE_DIGEST) + { + if (!cms_copy_messageDigest(cms, si)) + goto err; + if (!(flags & CMS_PARTIAL) && + !CMS_SignerInfo_sign(si)) + goto err; + } + } + + if (!(flags & CMS_NOCERTS)) + { + /* NB ignore -1 return for duplicate cert */ + if (!CMS_add1_cert(cms, signer)) + goto merr; + } + + if (!sd->signerInfos) + sd->signerInfos = sk_CMS_SignerInfo_new_null(); + if (!sd->signerInfos || + !sk_CMS_SignerInfo_push(sd->signerInfos, si)) + goto merr; + + return si; + + merr: + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + err: + if (si) + M_ASN1_free_of(si, CMS_SignerInfo); + return NULL; + + } + +static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) + { + ASN1_TIME *tt; + int r = 0; + if (t) + tt = t; + else + tt = X509_gmtime_adj(NULL, 0); + + if (!tt) + goto merr; + + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, + tt->type, tt, -1) <= 0) + goto merr; + + r = 1; + + merr: + + if (!t) + ASN1_TIME_free(tt); + + if (!r) + CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); + + return r; + + } + +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) + { + CMS_SignedData *sd; + sd = cms_get0_signed(cms); + if (!sd) + return NULL; + return sd->signerInfos; + } + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) + { + STACK_OF(X509) *signers = NULL; + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *si; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (si->signer) + { + if (!signers) + { + signers = sk_X509_new_null(); + if (!signers) + return NULL; + } + if (!sk_X509_push(signers, si->signer)) + { + sk_X509_free(signers); + return NULL; + } + } + } + return signers; + } + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) + { + if (signer) + { + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + if (si->pkey) + EVP_PKEY_free(si->pkey); + si->pkey = X509_get_pubkey(signer); + } + if (si->signer) + X509_free(si->signer); + si->signer = signer; + } + +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); + } + +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) + { + return cms_SignerIdentifier_cert_cmp(si->sid, cert); + } + +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, + unsigned int flags) + { + CMS_SignedData *sd; + CMS_SignerInfo *si; + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) *certs; + X509 *x; + int i, j; + int ret = 0; + sd = cms_get0_signed(cms); + if (!sd) + return -1; + certs = sd->certificates; + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) + { + si = sk_CMS_SignerInfo_value(sd->signerInfos, i); + if (si->signer) + continue; + + for (j = 0; j < sk_X509_num(scerts); j++) + { + x = sk_X509_value(scerts, j); + if (CMS_SignerInfo_cert_cmp(si, x) == 0) + { + CMS_SignerInfo_set1_signer_cert(si, x); + ret++; + break; + } + } + + if (si->signer || (flags & CMS_NOINTERN)) + continue; + + for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) + { + cch = sk_CMS_CertificateChoices_value(certs, j); + if (cch->type != 0) + continue; + x = cch->d.certificate; + if (CMS_SignerInfo_cert_cmp(si, x) == 0) + { + CMS_SignerInfo_set1_signer_cert(si, x); + ret++; + break; + } + } + } + return ret; + } + +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig) + { + if (pk) + *pk = si->pkey; + if (signer) + *signer = si->signer; + if (pdig) + *pdig = si->digestAlgorithm; + if (psig) + *psig = si->signatureAlgorithm; + } + +/* In OpenSSL 0.9.8 we have the link between digest types and public + * key types so we need to fixup the digest type if the public key + * type is not appropriate. + */ + +static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) + { + if (EVP_MD_CTX_type(mctx) != NID_sha1) + return; +#ifndef OPENSSL_NO_DSA + if (pkey->type == EVP_PKEY_DSA) + mctx->digest = EVP_dss1(); +#endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + mctx->digest = EVP_ecdsa(); +#endif + } + +static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, + CMS_SignerInfo *si, BIO *chain) + { + EVP_MD_CTX mctx; + int r = 0; + EVP_MD_CTX_init(&mctx); + + + if (!si->pkey) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); + return 0; + } + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + goto err; + + /* If any signed attributes calculate and add messageDigest attribute */ + + if (CMS_signed_get_attr_count(si) >= 0) + { + ASN1_OBJECT *ctype = + cms->d.signedData->encapContentInfo->eContentType; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + EVP_DigestFinal_ex(&mctx, md, &mdlen); + if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, + md, mdlen)) + goto err; + /* Copy content type across */ + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, ctype, -1) <= 0) + goto err; + if (!CMS_SignerInfo_sign(si)) + goto err; + } + else + { + unsigned char *sig; + unsigned int siglen; + sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); + if (!sig) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, + ERR_R_MALLOC_FAILURE); + goto err; + } + cms_fixup_mctx(&mctx, si->pkey); + if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, + CMS_R_SIGNFINAL_ERROR); + OPENSSL_free(sig); + goto err; + } + ASN1_STRING_set0(si->signature, sig, siglen); + } + + r = 1; + + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + + } + +int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) + { + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *si; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!cms_SignerInfo_content_sign(cms, si, chain)) + return 0; + } + cms->d.signedData->encapContentInfo->partial = 0; + return 1; + } + +int CMS_SignerInfo_sign(CMS_SignerInfo *si) + { + EVP_MD_CTX mctx; + unsigned char *abuf = NULL; + int alen; + unsigned int siglen; + const EVP_MD *md = NULL; + + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return 0; + + EVP_MD_CTX_init(&mctx); + + if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) + { + if (!cms_add1_signingTime(si, NULL)) + goto err; + } + + if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) + goto err; + +#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); + goto err; + } +#endif + + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, + ASN1_ITEM_rptr(CMS_Attributes_Sign)); + if(!abuf) + goto err; + if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) + goto err; + siglen = EVP_PKEY_size(si->pkey); + OPENSSL_free(abuf); + abuf = OPENSSL_malloc(siglen); + if(!abuf) + goto err; + cms_fixup_mctx(&mctx, si->pkey); + if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) + goto err; +#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); + goto err; + } +#endif + EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->signature, abuf, siglen); + + return 1; + + err: + if (abuf) + OPENSSL_free(abuf); + EVP_MD_CTX_cleanup(&mctx); + return 0; + + } + +int CMS_SignerInfo_verify(CMS_SignerInfo *si) + { + EVP_MD_CTX mctx; + unsigned char *abuf = NULL; + int alen, r = -1; + const EVP_MD *md = NULL; + + if (!si->pkey) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); + return -1; + } + + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return -1; + EVP_MD_CTX_init(&mctx); + if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) + goto err; + + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, + ASN1_ITEM_rptr(CMS_Attributes_Verify)); + if(!abuf) + goto err; + r = EVP_VerifyUpdate(&mctx, abuf, alen); + OPENSSL_free(abuf); + if (r <= 0) + { + r = -1; + goto err; + } + cms_fixup_mctx(&mctx, si->pkey); + r = EVP_VerifyFinal(&mctx, + si->signature->data, si->signature->length, si->pkey); + if (!r) + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + } + +/* Create a chain of digest BIOs from a CMS ContentInfo */ + +BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) + { + int i; + CMS_SignedData *sd; + BIO *chain = NULL; + sd = cms_get0_signed(cms); + if (!sd) + return NULL; + if (cms->d.signedData->encapContentInfo->partial) + cms_sd_set_version(sd); + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) + { + X509_ALGOR *digestAlgorithm; + BIO *mdbio; + digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); + mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); + if (!mdbio) + goto err; + if (chain) + BIO_push(chain, mdbio); + else + chain = mdbio; + } + return chain; + err: + if (chain) + BIO_free_all(chain); + return NULL; + } + +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) + { + ASN1_OCTET_STRING *os = NULL; + EVP_MD_CTX mctx; + int r = -1; + EVP_MD_CTX_init(&mctx); + /* If we have any signed attributes look for messageDigest value */ + if (CMS_signed_get_attr_count(si) >= 0) + { + os = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!os) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + goto err; + } + } + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + goto err; + + /* If messageDigest found compare it */ + + if (os) + { + unsigned char mval[EVP_MAX_MD_SIZE]; + unsigned int mlen; + if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_UNABLE_TO_FINALIZE_CONTEXT); + goto err; + } + if (mlen != (unsigned int)os->length) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); + goto err; + } + + if (memcmp(mval, os->data, mlen)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_VERIFICATION_FAILURE); + r = 0; + } + else + r = 1; + } + else + { + cms_fixup_mctx(&mctx, si->pkey); + r = EVP_VerifyFinal(&mctx, si->signature->data, + si->signature->length, si->pkey); + if (r <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_VERIFICATION_FAILURE); + r = 0; + } + } + + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + + } + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) + { + unsigned char *smder = NULL; + int smderlen, r; + smderlen = i2d_X509_ALGORS(algs, &smder); + if (smderlen <= 0) + return 0; + r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, smder, smderlen); + OPENSSL_free(smder); + return r; + } + +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize) + { + X509_ALGOR *alg; + ASN1_INTEGER *key = NULL; + if (keysize > 0) + { + key = ASN1_INTEGER_new(); + if (!key || !ASN1_INTEGER_set(key, keysize)) + return 0; + } + alg = X509_ALGOR_new(); + if (!alg) + { + if (key) + ASN1_INTEGER_free(key); + return 0; + } + + X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); + if (!*algs) + *algs = sk_X509_ALGOR_new_null(); + if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) + { + X509_ALGOR_free(alg); + return 0; + } + return 1; + } + +/* Check to see if a cipher exists and if so add S/MIME capabilities */ + +static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) + { + if (EVP_get_cipherbynid(nid)) + return CMS_add_simple_smimecap(sk, nid, arg); + return 1; + } +#if 0 +static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) + { + if (EVP_get_digestbynid(nid)) + return CMS_add_simple_smimecap(sk, nid, arg); + return 1; + } +#endif +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) + { + if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) + || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) + return 0; + return 1; + } diff --git a/crypto/openssl-0.9/crypto/cms/cms_smime.c b/crypto/openssl-0.9/crypto/cms/cms_smime.c new file mode 100644 index 0000000000..f79c504e91 --- /dev/null +++ b/crypto/openssl-0.9/crypto/cms/cms_smime.c @@ -0,0 +1,806 @@ +/* crypto/cms/cms_smime.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) + { + unsigned char buf[4096]; + int r = 0, i; + BIO *tmpout = NULL; + + if (out == NULL) + tmpout = BIO_new(BIO_s_null()); + else if (flags & CMS_TEXT) + tmpout = BIO_new(BIO_s_mem()); + else + tmpout = out; + + if(!tmpout) + { + CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Read all content through chain to process digest, decrypt etc */ + for (;;) + { + i=BIO_read(in,buf,sizeof(buf)); + if (i <= 0) + { + if (BIO_method_type(in) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(in)) + goto err; + } + break; + } + + if (tmpout) + BIO_write(tmpout, buf, i); + } + + if(flags & CMS_TEXT) + { + if(!SMIME_text(tmpout, out)) + { + CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR); + goto err; + } + } + + r = 1; + + err: + if (tmpout && (tmpout != out)) + BIO_free(tmpout); + return r; + + } + +static int check_content(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos || !*pos) + { + CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); + return 0; + } + return 1; + } + +static void do_free_upto(BIO *f, BIO *upto) + { + if (upto) + { + BIO *tbio; + do + { + tbio = BIO_pop(f); + BIO_free(f); + f = tbio; + } + while (f != upto); + } + else + BIO_free_all(f); + } + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) + { + CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); + return 0; + } + cont = CMS_dataInit(cms, NULL); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + BIO_free_all(cont); + return r; + } + +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) + { + CMS_ContentInfo *cms; + cms = cms_Data_create(); + if (!cms) + return NULL; + + if (CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + + return NULL; + } + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) + { + CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + if (r) + r = cms_DigestedData_do_final(cms, cont, 1); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags) + { + CMS_ContentInfo *cms; + if (!md) + md = EVP_sha1(); + cms = cms_DigestedData_create(md); + if (!cms) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, + CMS_R_TYPE_NOT_ENCRYPTED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0) + return 0; + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags) + { + CMS_ContentInfo *cms; + if (!cipher) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); + return NULL; + } + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; + if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, + X509_STORE *store, + STACK_OF(X509) *certs, + STACK_OF(X509_CRL) *crls, + unsigned int flags) + { + X509_STORE_CTX ctx; + X509 *signer; + int i, j, r = 0; + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); + if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, + CMS_R_STORE_INIT_ERROR); + goto err; + } + X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); + if (crls) + X509_STORE_CTX_set0_crls(&ctx, crls); + + i = X509_verify_cert(&ctx); + if (i <= 0) + { + j = X509_STORE_CTX_get_error(&ctx); + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, + CMS_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + goto err; + } + r = 1; + err: + X509_STORE_CTX_cleanup(&ctx); + return r; + + } + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) + { + CMS_SignerInfo *si; + STACK_OF(CMS_SignerInfo) *sinfos; + STACK_OF(X509) *cms_certs = NULL; + STACK_OF(X509_CRL) *crls = NULL; + X509 *signer; + int i, scount = 0, ret = 0; + BIO *cmsbio = NULL, *tmpin = NULL; + + if (!dcont && !check_content(cms)) + return 0; + + /* Attempt to find all signer certificates */ + + sinfos = CMS_get0_SignerInfos(cms); + + if (sk_CMS_SignerInfo_num(sinfos) <= 0) + { + CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); + goto err; + } + + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); + if (signer) + scount++; + } + + if (scount != sk_CMS_SignerInfo_num(sinfos)) + scount += CMS_set1_signers_certs(cms, certs, flags); + + if (scount != sk_CMS_SignerInfo_num(sinfos)) + { + CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); + goto err; + } + + /* Attempt to verify all signers certs */ + + if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) + { + cms_certs = CMS_get1_certs(cms); + if (!(flags & CMS_NOCRL)) + crls = CMS_get1_crls(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!cms_signerinfo_verify_cert(si, store, + cms_certs, crls, flags)) + goto err; + } + } + + /* Attempt to verify all SignerInfo signed attribute signatures */ + + if (!(flags & CMS_NO_ATTR_VERIFY)) + { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (CMS_signed_get_attr_count(si) < 0) + continue; + if (CMS_SignerInfo_verify(si) <= 0) + goto err; + } + } + + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(dcont, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = dcont; + + + cmsbio=CMS_dataInit(cms, tmpin); + if (!cmsbio) + goto err; + + if (!cms_copy_content(out, cmsbio, flags)) + goto err; + + if (!(flags & CMS_NO_CONTENT_VERIFY)) + { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!CMS_SignerInfo_verify_content(si, cmsbio)) + { + CMSerr(CMS_F_CMS_VERIFY, + CMS_R_CONTENT_VERIFY_ERROR); + goto err; + } + } + } + + ret = 1; + + err: + + if (dcont && (tmpin == dcont)) + do_free_upto(cmsbio, dcont); + else + BIO_free_all(cmsbio); + + if (cms_certs) + sk_X509_pop_free(cms_certs, X509_free); + if (crls) + sk_X509_CRL_pop_free(crls, X509_CRL_free); + + return ret; + } + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags) + { + int r; + r = CMS_verify(rcms, certs, store, NULL, NULL, flags); + if (r <= 0) + return r; + return cms_Receipt_verify(rcms, ocms); + } + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags) + { + CMS_ContentInfo *cms; + int i; + + cms = CMS_ContentInfo_new(); + if (!cms || !CMS_SignedData_init(cms)) + goto merr; + + if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) + { + CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); + goto err; + } + + for (i = 0; i < sk_X509_num(certs); i++) + { + X509 *x = sk_X509_value(certs, i); + if (!CMS_add1_cert(cms, x)) + goto merr; + } + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, data, NULL, flags)) + return cms; + else + goto err; + + merr: + CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); + + err: + if (cms) + CMS_ContentInfo_free(cms); + return NULL; + } + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, + unsigned int flags) + { + CMS_SignerInfo *rct_si; + CMS_ContentInfo *cms = NULL; + ASN1_OCTET_STRING **pos, *os; + BIO *rct_cont = NULL; + int r = 0; + + flags &= ~CMS_STREAM; + /* Not really detached but avoids content being allocated */ + flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; + if (!pkey || !signcert) + { + CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); + return NULL; + } + + /* Initialize signed data */ + + cms = CMS_sign(NULL, NULL, certs, NULL, flags); + if (!cms) + goto err; + + /* Set inner content type to signed receipt */ + if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt))) + goto err; + + rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); + if (!rct_si) + { + CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); + goto err; + } + + os = cms_encode_Receipt(si); + + if (!os) + goto err; + + /* Set content to digest */ + rct_cont = BIO_new_mem_buf(os->data, os->length); + if (!rct_cont) + goto err; + + /* Add msgSigDigest attribute */ + + if (!cms_msgSigDigest_add1(rct_si, si)) + goto err; + + /* Finalize structure */ + if (!CMS_final(cms, rct_cont, NULL, flags)) + goto err; + + /* Set embedded content */ + pos = CMS_get0_content(cms); + *pos = os; + + r = 1; + + err: + if (rct_cont) + BIO_free(rct_cont); + if (r) + return cms; + CMS_ContentInfo_free(cms); + return NULL; + + } + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, + const EVP_CIPHER *cipher, unsigned int flags) + { + CMS_ContentInfo *cms; + int i; + X509 *recip; + cms = CMS_EnvelopedData_create(cipher); + if (!cms) + goto merr; + for (i = 0; i < sk_X509_num(certs); i++) + { + recip = sk_X509_value(certs, i); + if (!CMS_add1_recipient_cert(cms, recip, flags)) + { + CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); + goto err; + } + } + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, data, NULL, flags)) + return cms; + else + goto err; + + merr: + CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); + err: + if (cms) + CMS_ContentInfo_free(cms); + return NULL; + } + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) + { + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; + ris = CMS_get0_RecipientInfos(cms); + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); + if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) + continue; + /* If we have a cert try matching RecipientInfo + * otherwise try them all. + */ + if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) + { + CMS_RecipientInfo_set0_pkey(ri, pk); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_pkey(ri, NULL); + if (r > 0) + return 1; + if (cert) + { + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, + CMS_R_DECRYPT_ERROR); + return 0; + } + ERR_clear_error(); + } + } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; + + } + +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen) + { + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; + ris = CMS_get0_RecipientInfos(cms); + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); + if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) + continue; + + /* If we have an id try matching RecipientInfo + * otherwise try them all. + */ + if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) + { + CMS_RecipientInfo_set0_key(ri, key, keylen); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_key(ri, NULL, 0); + if (r > 0) + return 1; + if (id) + { + CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, + CMS_R_DECRYPT_ERROR); + return 0; + } + ERR_clear_error(); + } + } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; + + } + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, + BIO *dcont, BIO *out, + unsigned int flags) + { + int r; + BIO *cont; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) + { + CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); + return 0; + } + if (!dcont && !check_content(cms)) + return 0; + if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) + { + BIO *cmsbio; + int ret = 0; + if (!(cmsbio = CMS_dataInit(cms, dcont))) + { + CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); + return 0; + } + + SMIME_crlf_copy(data, cmsbio, flags); + + (void)BIO_flush(cmsbio); + + + if (!CMS_dataFinal(cms, cmsbio)) + { + CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR); + goto err; + } + + ret = 1; + + err: + do_free_upto(cmsbio, dcont); + + return ret; + + } + +#ifdef ZLIB + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) + { + CMSerr(CMS_F_CMS_UNCOMPRESS, + CMS_R_TYPE_NOT_COMPRESSED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) + { + CMS_ContentInfo *cms; + if (comp_nid <= 0) + comp_nid = NID_zlib_compression; + cms = cms_CompressedData_create(comp_nid); + if (!cms) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if (CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +#else + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return 0; + } + +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) + { + CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + +#endif diff --git a/crypto/openssl-0.9/crypto/comp/c_zlib.c b/crypto/openssl-0.9/crypto/comp/c_zlib.c index 43402e75db..0f34597e70 100644 --- a/crypto/openssl-0.9/crypto/comp/c_zlib.c +++ b/crypto/openssl-0.9/crypto/comp/c_zlib.c @@ -105,6 +105,7 @@ typedef int (*deflateEnd_ft)(z_streamp strm); typedef int (*deflate_ft)(z_streamp strm, int flush); typedef int (*deflateInit__ft)(z_streamp strm, int level, const char * version, int stream_size); +typedef const char * (*zError__ft)(int err); static compress_ft p_compress=NULL; static inflateEnd_ft p_inflateEnd=NULL; static inflate_ft p_inflate=NULL; @@ -112,6 +113,7 @@ static inflateInit__ft p_inflateInit_=NULL; static deflateEnd_ft p_deflateEnd=NULL; static deflate_ft p_deflate=NULL; static deflateInit__ft p_deflateInit_=NULL; +static zError__ft p_zError=NULL; static int zlib_loaded = 0; /* only attempt to init func pts once */ static DSO *zlib_dso = NULL; @@ -123,6 +125,7 @@ static DSO *zlib_dso = NULL; #define deflateEnd p_deflateEnd #define deflate p_deflate #define deflateInit_ p_deflateInit_ +#define zError p_zError #endif /* ZLIB_SHARED */ struct zlib_state @@ -373,10 +376,13 @@ COMP_METHOD *COMP_zlib(void) p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); + p_zError + = (zError__ft) DSO_bind_func(zlib_dso, + "zError"); if (p_compress && p_inflateEnd && p_inflate && p_inflateInit_ && p_deflateEnd - && p_deflate && p_deflateInit_) + && p_deflate && p_deflateInit_ && p_zError) zlib_loaded++; } } @@ -410,3 +416,386 @@ err: return(meth); } +void COMP_zlib_cleanup(void) + { +#ifdef ZLIB_SHARED + if (zlib_dso) + DSO_free(zlib_dso); +#endif + } + +#ifdef ZLIB + +/* Zlib based compression/decompression filter BIO */ + +typedef struct + { + unsigned char *ibuf; /* Input buffer */ + int ibufsize; /* Buffer size */ + z_stream zin; /* Input decompress context */ + unsigned char *obuf; /* Output buffer */ + int obufsize; /* Output buffer size */ + unsigned char *optr; /* Position in output buffer */ + int ocount; /* Amount of data in output buffer */ + int odone; /* deflate EOF */ + int comp_level; /* Compression level to use */ + z_stream zout; /* Output compression context */ + } BIO_ZLIB_CTX; + +#define ZLIB_DEFAULT_BUFSIZE 1024 + +static int bio_zlib_new(BIO *bi); +static int bio_zlib_free(BIO *bi); +static int bio_zlib_read(BIO *b, char *out, int outl); +static int bio_zlib_write(BIO *b, const char *in, int inl); +static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); + +static BIO_METHOD bio_meth_zlib = + { + BIO_TYPE_COMP, + "zlib", + bio_zlib_write, + bio_zlib_read, + NULL, + NULL, + bio_zlib_ctrl, + bio_zlib_new, + bio_zlib_free, + bio_zlib_callback_ctrl + }; + +BIO_METHOD *BIO_f_zlib(void) + { + return &bio_meth_zlib; + } + + +static int bio_zlib_new(BIO *bi) + { + BIO_ZLIB_CTX *ctx; +#ifdef ZLIB_SHARED + (void)COMP_zlib(); + if (!zlib_loaded) + { + COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); + return 0; + } +#endif + ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); + if(!ctx) + { + COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->ibuf = NULL; + ctx->obuf = NULL; + ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->zin.zalloc = Z_NULL; + ctx->zin.zfree = Z_NULL; + ctx->zin.next_in = NULL; + ctx->zin.avail_in = 0; + ctx->zin.next_out = NULL; + ctx->zin.avail_out = 0; + ctx->zout.zalloc = Z_NULL; + ctx->zout.zfree = Z_NULL; + ctx->zout.next_in = NULL; + ctx->zout.avail_in = 0; + ctx->zout.next_out = NULL; + ctx->zout.avail_out = 0; + ctx->odone = 0; + ctx->comp_level = Z_DEFAULT_COMPRESSION; + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return 1; + } + +static int bio_zlib_free(BIO *bi) + { + BIO_ZLIB_CTX *ctx; + if(!bi) return 0; + ctx = (BIO_ZLIB_CTX *)bi->ptr; + if(ctx->ibuf) + { + /* Destroy decompress context */ + inflateEnd(&ctx->zin); + OPENSSL_free(ctx->ibuf); + } + if(ctx->obuf) + { + /* Destroy compress context */ + deflateEnd(&ctx->zout); + OPENSSL_free(ctx->obuf); + } + OPENSSL_free(ctx); + bi->ptr = NULL; + bi->init = 0; + bi->flags = 0; + return 1; + } + +static int bio_zlib_read(BIO *b, char *out, int outl) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zin; + if(!out || !outl) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + zin = &ctx->zin; + BIO_clear_retry_flags(b); + if(!ctx->ibuf) + { + ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); + if(!ctx->ibuf) + { + COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); + return 0; + } + inflateInit(zin); + zin->next_in = ctx->ibuf; + zin->avail_in = 0; + } + + /* Copy output data directly to supplied buffer */ + zin->next_out = (unsigned char *)out; + zin->avail_out = (unsigned int)outl; + for(;;) + { + /* Decompress while data available */ + while(zin->avail_in) + { + ret = inflate(zin, 0); + if((ret != Z_OK) && (ret != Z_STREAM_END)) + { + COMPerr(COMP_F_BIO_ZLIB_READ, + COMP_R_ZLIB_INFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", + zError(ret)); + return 0; + } + /* If EOF or we've read everything then return */ + if((ret == Z_STREAM_END) || !zin->avail_out) + return outl - zin->avail_out; + } + + /* No data in input buffer try to read some in, + * if an error then return the total data read. + */ + ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); + if(ret <= 0) + { + /* Total data read */ + int tot = outl - zin->avail_out; + BIO_copy_next_retry(b); + if(ret < 0) return (tot > 0) ? tot : ret; + return tot; + } + zin->avail_in = ret; + zin->next_in = ctx->ibuf; + } + } + +static int bio_zlib_write(BIO *b, const char *in, int inl) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + if(!in || !inl) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + if(ctx->odone) return 0; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + if(!ctx->obuf) + { + ctx->obuf = OPENSSL_malloc(ctx->obufsize); + /* Need error here */ + if(!ctx->obuf) + { + COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->optr = ctx->obuf; + ctx->ocount = 0; + deflateInit(zout, ctx->comp_level); + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + } + /* Obtain input data directly from supplied buffer */ + zout->next_in = (void *)in; + zout->avail_in = inl; + for(;;) + { + /* If data in output buffer write it first */ + while(ctx->ocount) { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if(ret <= 0) + { + /* Total data written */ + int tot = inl - zout->avail_in; + BIO_copy_next_retry(b); + if(ret < 0) return (tot > 0) ? tot : ret; + return tot; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + + /* Have we consumed all supplied data? */ + if(!zout->avail_in) + return inl; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, 0); + if(ret != Z_OK) + { + COMPerr(COMP_F_BIO_ZLIB_WRITE, + COMP_R_ZLIB_DEFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } + } + +static int bio_zlib_flush(BIO *b) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + ctx = (BIO_ZLIB_CTX *)b->ptr; + /* If no data written or already flush show success */ + if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + /* No more input data */ + zout->next_in = NULL; + zout->avail_in = 0; + for(;;) + { + /* If data in output buffer write it first */ + while(ctx->ocount) + { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if(ret <= 0) + { + BIO_copy_next_retry(b); + return ret; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + if(ctx->odone) return 1; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, Z_FINISH); + if(ret == Z_STREAM_END) ctx->odone = 1; + else if(ret != Z_OK) + { + COMPerr(COMP_F_BIO_ZLIB_FLUSH, + COMP_R_ZLIB_DEFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } + } + +static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + { + BIO_ZLIB_CTX *ctx; + int ret, *ip; + int ibs, obs; + if(!b->next_bio) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + switch (cmd) + { + + case BIO_CTRL_RESET: + ctx->ocount = 0; + ctx->odone = 0; + break; + + case BIO_CTRL_FLUSH: + ret = bio_zlib_flush(b); + if (ret > 0) + ret = BIO_flush(b->next_bio); + break; + + case BIO_C_SET_BUFF_SIZE: + ibs = -1; + obs = -1; + if (ptr != NULL) + { + ip = ptr; + if (*ip == 0) + ibs = (int) num; + else + obs = (int) num; + } + else + { + ibs = (int)num; + obs = ibs; + } + + if (ibs != -1) + { + if (ctx->ibuf) + { + OPENSSL_free(ctx->ibuf); + ctx->ibuf = NULL; + } + ctx->ibufsize = ibs; + } + + if (obs != -1) + { + if (ctx->obuf) + { + OPENSSL_free(ctx->obuf); + ctx->obuf = NULL; + } + ctx->obufsize = obs; + } + + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + default: + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + + } + + return ret; + } + + +static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + if(!b->next_bio) + return 0; + return + BIO_callback_ctrl(b->next_bio, cmd, fp); + } + +#endif diff --git a/crypto/openssl-0.9/crypto/comp/comp.h b/crypto/openssl-0.9/crypto/comp/comp.h index 5d59354a57..4b405c7d49 100644 --- a/crypto/openssl-0.9/crypto/comp/comp.h +++ b/crypto/openssl-0.9/crypto/comp/comp.h @@ -47,6 +47,13 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); COMP_METHOD *COMP_rle(void ); COMP_METHOD *COMP_zlib(void ); +void COMP_zlib_cleanup(void); + +#ifdef HEADER_BIO_H +#ifdef ZLIB +BIO_METHOD *BIO_f_zlib(void); +#endif +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -57,8 +64,15 @@ void ERR_load_COMP_strings(void); /* Error codes for the COMP functions. */ /* Function codes. */ +#define COMP_F_BIO_ZLIB_FLUSH 99 +#define COMP_F_BIO_ZLIB_NEW 100 +#define COMP_F_BIO_ZLIB_READ 101 +#define COMP_F_BIO_ZLIB_WRITE 102 /* Reason codes. */ +#define COMP_R_ZLIB_DEFLATE_ERROR 99 +#define COMP_R_ZLIB_INFLATE_ERROR 100 +#define COMP_R_ZLIB_NOT_SUPPORTED 101 #ifdef __cplusplus } diff --git a/crypto/openssl-0.9/crypto/comp/comp_err.c b/crypto/openssl-0.9/crypto/comp/comp_err.c index 07372226c9..187d68b725 100644 --- a/crypto/openssl-0.9/crypto/comp/comp_err.c +++ b/crypto/openssl-0.9/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* crypto/comp/comp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,11 +70,18 @@ static ERR_STRING_DATA COMP_str_functs[]= { +{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, {0,NULL} }; static ERR_STRING_DATA COMP_str_reasons[]= { +{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"}, +{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"}, +{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"}, {0,NULL} }; diff --git a/crypto/openssl-0.9/crypto/des/des.h b/crypto/openssl-0.9/crypto/des/des.h index 3cbc2b568e..92b6663599 100644 --- a/crypto/openssl-0.9/crypto/des/des.h +++ b/crypto/openssl-0.9/crypto/des/des.h @@ -195,9 +195,10 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, DES_cblock *ivec,int *num); - +#if 0 void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, DES_cblock *out_white); +#endif int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, DES_cblock *iv); diff --git a/crypto/openssl-0.9/crypto/des/des_old.c b/crypto/openssl-0.9/crypto/des/des_old.c index 7e4cd7180d..7c33ed7a93 100644 --- a/crypto/openssl-0.9/crypto/des/des_old.c +++ b/crypto/openssl-0.9/crypto/des/des_old.c @@ -169,11 +169,13 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, (DES_key_schedule *)ks3, ivec, num); } +#if 0 /* broken code, preserved just in case anyone specifically looks for this */ void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), _ossl_old_des_cblock (*out_white)) { DES_xwhite_in2out(des_key, in_white, out_white); } +#endif int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, _ossl_old_des_cblock *iv) diff --git a/crypto/openssl-0.9/crypto/des/des_old.h b/crypto/openssl-0.9/crypto/des/des_old.h index 1b0620c3a2..2b2c372354 100644 --- a/crypto/openssl-0.9/crypto/des/des_old.h +++ b/crypto/openssl-0.9/crypto/des/des_old.h @@ -364,9 +364,10 @@ void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); - +#if 0 void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), _ossl_old_des_cblock (*out_white)); +#endif int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, _ossl_old_des_cblock *iv); diff --git a/crypto/openssl-0.9/crypto/des/xcbc_enc.c b/crypto/openssl-0.9/crypto/des/xcbc_enc.c index 47246eb466..dc0c761b71 100644 --- a/crypto/openssl-0.9/crypto/des/xcbc_enc.c +++ b/crypto/openssl-0.9/crypto/des/xcbc_enc.c @@ -60,6 +60,7 @@ /* RSA's DESX */ +#if 0 /* broken code, preserved just in case anyone specifically looks for this */ static unsigned char desx_white_in2out[256]={ 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, @@ -98,7 +99,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, } out0=out[0]; - out1=out[i]; + out1=out[i]; /* BUG: out-of-bounds read */ for (i=0; i<8; i++) { out[i]=in[i]^desx_white_in2out[out0^out1]; @@ -106,6 +107,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, out1=(int)out[i&0x07]; } } +#endif void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, diff --git a/crypto/openssl-0.9/crypto/ecdsa/ecs_ossl.c b/crypto/openssl-0.9/crypto/ecdsa/ecs_ossl.c index 32d66a9774..3ead1af94e 100644 --- a/crypto/openssl-0.9/crypto/ecdsa/ecs_ossl.c +++ b/crypto/openssl-0.9/crypto/ecdsa/ecs_ossl.c @@ -251,8 +251,16 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (dgst_len > BN_num_bytes(order)) + if (8 * dgst_len > BN_num_bits(order)) { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; @@ -376,6 +384,21 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } + if (8 * dgst_len > BN_num_bits(order)) + { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, + ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ret = 0; + goto err; + } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || diff --git a/crypto/openssl-0.9/crypto/engine/eng_padlock.c b/crypto/openssl-0.9/crypto/engine/eng_padlock.c index 8531bde1db..1ba9d85db4 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_padlock.c +++ b/crypto/openssl-0.9/crypto/engine/eng_padlock.c @@ -126,6 +126,9 @@ void ENGINE_load_padlock (void) #ifdef _MSC_VER # include # define alloca _alloca +#elif defined(NETWARE_CLIB) && defined(__GNUC__) + void *alloca(size_t); +# define alloca(s) __builtin_alloca(s) #else # include #endif diff --git a/crypto/openssl-0.9/crypto/engine/eng_table.c b/crypto/openssl-0.9/crypto/engine/eng_table.c index 0c1656168d..8879a267d1 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_table.c +++ b/crypto/openssl-0.9/crypto/engine/eng_table.c @@ -135,7 +135,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, { fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); if(!fnd) goto end; - fnd->uptodate = 0; + fnd->uptodate = 1; fnd->nid = *nids; fnd->sk = sk_ENGINE_new_null(); if(!fnd->sk) @@ -152,7 +152,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if(!sk_ENGINE_push(fnd->sk, e)) goto end; /* "touch" this ENGINE_PILE */ - fnd->uptodate = 1; + fnd->uptodate = 0; if(setdefault) { if(!engine_unlocked_init(e)) @@ -164,6 +164,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if(fnd->funct) engine_unlocked_finish(fnd->funct, 0); fnd->funct = e; + fnd->uptodate = 1; } nids++; } @@ -179,8 +180,7 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) while((n = sk_ENGINE_find(pile->sk, e)) >= 0) { (void)sk_ENGINE_delete(pile->sk, n); - /* "touch" this ENGINE_CIPHER */ - pile->uptodate = 1; + pile->uptodate = 0; } if(pile->funct == e) { diff --git a/crypto/openssl-0.9/crypto/err/err.c b/crypto/openssl-0.9/crypto/err/err.c index 96bd255e50..b6ff070e8f 100644 --- a/crypto/openssl-0.9/crypto/err/err.c +++ b/crypto/openssl-0.9/crypto/err/err.c @@ -149,6 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, +{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, {0,NULL}, }; diff --git a/crypto/openssl-0.9/crypto/err/err.h b/crypto/openssl-0.9/crypto/err/err.h index b723cd977a..bf28fce492 100644 --- a/crypto/openssl-0.9/crypto/err/err.h +++ b/crypto/openssl-0.9/crypto/err/err.h @@ -140,6 +140,7 @@ typedef struct err_state_st #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 #define ERR_LIB_STORE 44 +#define ERR_LIB_CMS 45 #define ERR_LIB_USER 128 @@ -171,6 +172,7 @@ typedef struct err_state_st #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ diff --git a/crypto/openssl-0.9/crypto/err/err_all.c b/crypto/openssl-0.9/crypto/err/err_all.c index c33d24bb68..5813060ce2 100644 --- a/crypto/openssl-0.9/crypto/err/err_all.c +++ b/crypto/openssl-0.9/crypto/err/err_all.c @@ -94,6 +94,9 @@ #include #include #include +#ifndef OPENSSL_NO_CMS +#include +#endif void ERR_load_crypto_strings(void) { @@ -138,5 +141,8 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifndef OPENSSL_NO_CMS + ERR_load_CMS_strings(); +#endif #endif } diff --git a/crypto/openssl-0.9/crypto/md32_common.h b/crypto/openssl-0.9/crypto/md32_common.h index 0e625a8e55..089c450290 100644 --- a/crypto/openssl-0.9/crypto/md32_common.h +++ b/crypto/openssl-0.9/crypto/md32_common.h @@ -1,6 +1,6 @@ /* crypto/md32_common.h */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,10 +47,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ /* @@ -76,40 +72,27 @@ * typedef struct { * ... * HASH_LONG Nl,Nh; + * either { * HASH_LONG data[HASH_LBLOCK]; + * unsigned char data[HASH_CBLOCK]; + * }; * unsigned int num; * ... * } HASH_CTX; + * data[] vector is expected to be zeroed upon first call to + * HASH_UPDATE. * HASH_UPDATE * name of "Update" function, implemented here. * HASH_TRANSFORM * name of "Transform" function, implemented here. * HASH_FINAL * name of "Final" function, implemented here. - * HASH_BLOCK_HOST_ORDER - * name of "block" function treating *aligned* input message - * in host byte order, implemented externally. * HASH_BLOCK_DATA_ORDER - * name of "block" function treating *unaligned* input message - * in original (data) byte order, implemented externally (it - * actually is optional if data and host are of the same - * "endianess"). + * name of "block" function capable of treating *unaligned* input + * message in original (data) byte order, implemented externally. * HASH_MAKE_STRING * macro convering context variables to an ASCII hash string. * - * Optional macros: - * - * B_ENDIAN or L_ENDIAN - * defines host byte-order. - * HASH_LONG_LOG2 - * defaults to 2 if not states otherwise. - * HASH_LBLOCK - * assumed to be HASH_CBLOCK/4 if not stated otherwise. - * HASH_BLOCK_DATA_ORDER_ALIGNED - * alternative "block" function capable of treating - * aligned input message in original (data) order, - * implemented externally. - * * MD5 example: * * #define DATA_ORDER_IS_LITTLE_ENDIAN @@ -118,11 +101,9 @@ * #define HASH_LONG_LOG2 MD5_LONG_LOG2 * #define HASH_CTX MD5_CTX * #define HASH_CBLOCK MD5_CBLOCK - * #define HASH_LBLOCK MD5_LBLOCK * #define HASH_UPDATE MD5_Update * #define HASH_TRANSFORM MD5_Transform * #define HASH_FINAL MD5_Final - * #define HASH_BLOCK_HOST_ORDER md5_block_host_order * #define HASH_BLOCK_DATA_ORDER md5_block_data_order * * @@ -152,27 +133,9 @@ #error "HASH_FINAL must be defined!" #endif -#ifndef HASH_BLOCK_HOST_ORDER -#error "HASH_BLOCK_HOST_ORDER must be defined!" -#endif - -#if 0 -/* - * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED - * isn't defined. - */ #ifndef HASH_BLOCK_DATA_ORDER #error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -#endif - -#ifndef HASH_LBLOCK -#define HASH_LBLOCK (HASH_CBLOCK/4) -#endif - -#ifndef HASH_LONG_LOG2 -#define HASH_LONG_LOG2 2 -#endif /* * Engage compiler specific rotate intrinsic function if available. @@ -206,7 +169,8 @@ : "cc"); \ ret; \ }) -# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ( \ "rlwinm %0,%1,%2,0,31" \ @@ -214,80 +178,28 @@ : "r"(a), "I"(n)); \ ret; \ }) +# elif defined(__s390x__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ("rll %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a), "I"(n)); \ + ret; \ + }) # endif # endif #endif /* PEDANTIC */ -#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ -/* A nice byte order reversal from Wei Dai */ -#ifdef ROTATE -/* 5 instructions with rotate instruction, else 9 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ - ) -#else -/* 6 instructions with rotate instruction, else 8 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ - ROTATE(l,16) \ - ) -/* - * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... - * It's rewritten as above for two reasons: - * - RISCs aren't good at long constants and have to explicitely - * compose 'em with several (well, usually 2) instructions in a - * register before performing the actual operation and (as you - * already realized:-) having same constant should inspire the - * compiler to permanently allocate the only register for it; - * - most modern CPUs have two ALUs, but usually only one has - * circuitry for shifts:-( this minor tweak inspires compiler - * to schedule shift instructions in a better way... - * - * - */ -#endif -#endif - #ifndef ROTATE #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #endif -/* - * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED - * and HASH_BLOCK_HOST_ORDER ought to be the same if input data - * and host are of the same "endianess". It's possible to mask - * this with blank #define HASH_BLOCK_DATA_ORDER though... - * - * - */ -#if defined(B_ENDIAN) -# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# endif -#elif defined(L_ENDIAN) -# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# endif -#endif - -#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) -#ifndef HASH_BLOCK_DATA_ORDER -#error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif -#endif - #if defined(DATA_ORDER_IS_BIG_ENDIAN) #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ (defined(__x86_64) || defined(__x86_64__)) +# if !defined(B_ENDIAN) /* * This gives ~30-40% performance improvement in SHA-256 compiled * with gcc [on P4]. Well, first macro to be frank. We can pull @@ -300,9 +212,14 @@ # define HOST_l2c(l,c) ({ unsigned int r=(l); \ asm ("bswapl %0":"=r"(r):"0"(r)); \ *((unsigned int *)(c))=r; (c)+=4; r; }) +# endif # endif # endif #endif +#if defined(__s390__) || defined(__s390x__) +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +#endif #ifndef HOST_c2l #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ @@ -311,29 +228,6 @@ l|=(((unsigned long)(*((c)++))) ), \ l) #endif -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - case 3: l|=((unsigned long)(*((c)++))); \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<< 8; \ - case 2: l|=((unsigned long)(*(--(c))))<<16; \ - case 1: l|=((unsigned long)(*(--(c))))<<24; \ - } } #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ @@ -344,6 +238,18 @@ #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__s390x__) +# define HOST_c2l(c,l) ({ asm ("lrv %0,0(%1)" \ + :"=r"(l) : "r"(c)); \ + (c)+=4; (l); }) +# define HOST_l2c(l,c) ({ asm ("strv %0,0(%1)" \ + : : "r"(l),"r"(c) : "memory"); \ + (c)+=4; (l); }) +# endif +# endif +#endif #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # ifndef B_ENDIAN /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ @@ -359,29 +265,6 @@ l|=(((unsigned long)(*((c)++)))<<24), \ l) #endif -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++))); \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - case 3: l|=((unsigned long)(*((c)++)))<<24; \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++))); \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<<16; \ - case 2: l|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l|=((unsigned long)(*(--(c)))); \ - } } #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ @@ -399,9 +282,9 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) { const unsigned char *data=data_; - register HASH_LONG * p; - register HASH_LONG l; - size_t sw,sc,ew,ec; + unsigned char *p; + HASH_LONG l; + size_t n; if (len==0) return 1; @@ -413,101 +296,43 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ c->Nl=l; - if (c->num != 0) + n = c->num; + if (n != 0) { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; + p=(unsigned char *)c->data; - if ((c->num+len) >= HASH_CBLOCK) + if ((n+len) >= HASH_CBLOCK) { - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; swnum); - c->num=0; - /* drop through and do the rest */ + memcpy (p+n,data,HASH_CBLOCK-n); + HASH_BLOCK_DATA_ORDER (c,p,1); + n = HASH_CBLOCK-n; + data += n; + len -= n; + c->num = 0; + memset (p,0,HASH_CBLOCK); /* keep it zeroed */ } else { - c->num+=(unsigned int)len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - if (sc) - l=p[sw]; - HOST_p_c2l(data,l,sc); - p[sw++]=l; - for (; sw < ew; sw++) - { - HOST_c2l(data,l); p[sw]=l; - } - if (ec) - { - HOST_c2l_p(data,l,ec); p[sw]=l; - } - } + memcpy (p+n,data,len); + c->num += (unsigned int)len; return 1; } } - sw=len/HASH_CBLOCK; - if (sw > 0) + n = len/HASH_CBLOCK; + if (n > 0) { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - /* - * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined - * only if sizeof(HASH_LONG)==4. - */ - if ((((size_t)data)%4) == 0) - { - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } - else -#if !defined(HASH_BLOCK_DATA_ORDER) - while (sw--) - { - memcpy (p=c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); - data+=HASH_CBLOCK; - len-=HASH_CBLOCK; - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - { - HASH_BLOCK_DATA_ORDER(c,data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } -#endif + HASH_BLOCK_DATA_ORDER (c,data,n); + n *= HASH_CBLOCK; + data += n; + len -= n; } - if (len!=0) + if (len != 0) { - p = c->data; + p = (unsigned char *)c->data; c->num = len; - ew=len>>2; /* words to copy */ - ec=len&0x03; - for (; ew; ew--,p++) - { - HOST_c2l(data,l); *p=l; - } - HOST_c2l_p(data,l,ec); - *p=l; + memcpy (p,data,len); } return 1; } @@ -515,73 +340,38 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - if ((((size_t)data)%4) == 0) - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); - else -#if !defined(HASH_BLOCK_DATA_ORDER) - { - memcpy (c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) HASH_BLOCK_DATA_ORDER (c,data,1); -#endif } int HASH_FINAL (unsigned char *md, HASH_CTX *c) { - register HASH_LONG *p; - register unsigned long l; - register int i,j; - static const unsigned char end[4]={0x80,0x00,0x00,0x00}; - const unsigned char *cp=end; - - /* c->num should definitly have room for at least one more byte. */ - p=c->data; - i=c->num>>2; - j=c->num&0x03; - -#if 0 - /* purify often complains about the following line as an - * Uninitialized Memory Read. While this can be true, the - * following p_c2l macro will reset l when that case is true. - * This is because j&0x03 contains the number of 'valid' bytes - * already in p[i]. If and only if j&0x03 == 0, the UMR will - * occur but this is also the only time p_c2l will do - * l= *(cp++) instead of l|= *(cp++) - * Many thanks to Alex Tang for pickup this - * 'potential bug' */ -#ifdef PURIFY - if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ -#endif - l=p[i]; -#else - l = (j==0) ? 0 : p[i]; -#endif - HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ + unsigned char *p = (unsigned char *)c->data; + size_t n = c->num; - if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ + p[n] = 0x80; /* there is always room for one */ + n++; + + if (n > (HASH_CBLOCK-8)) { - if (iNh; - p[HASH_LBLOCK-1]=c->Nl; + (void)HOST_l2c(c->Nh,p); + (void)HOST_l2c(c->Nl,p); #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - p[HASH_LBLOCK-2]=c->Nl; - p[HASH_LBLOCK-1]=c->Nh; + (void)HOST_l2c(c->Nl,p); + (void)HOST_l2c(c->Nh,p); #endif - HASH_BLOCK_HOST_ORDER (c,p,1); + p -= HASH_CBLOCK; + HASH_BLOCK_DATA_ORDER (c,p,1); + c->num=0; + memset (p,0,HASH_CBLOCK); #ifndef HASH_MAKE_STRING #error "HASH_MAKE_STRING must be defined!" @@ -589,11 +379,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) HASH_MAKE_STRING(c,md); #endif - c->num=0; - /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack - * but I'm not worried :-) - OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); - */ return 1; } diff --git a/crypto/openssl-0.9/crypto/md4/md4_dgst.c b/crypto/openssl-0.9/crypto/md4/md4_dgst.c index 86b79b8e4d..cfef94af39 100644 --- a/crypto/openssl-0.9/crypto/md4/md4_dgst.c +++ b/crypto/openssl-0.9/crypto/md4/md4_dgst.c @@ -82,79 +82,6 @@ int MD4_Init(MD4_CTX *c) return 1; } -#ifndef md4_block_host_order -void md4_block_host_order (MD4_CTX *c, const void *data, size_t num) - { - const MD4_LONG *X=data; - register unsigned MD32_REG_T A,B,C,D; - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 3,0); - R0(D,A,B,C,X[ 1], 7,0); - R0(C,D,A,B,X[ 2],11,0); - R0(B,C,D,A,X[ 3],19,0); - R0(A,B,C,D,X[ 4], 3,0); - R0(D,A,B,C,X[ 5], 7,0); - R0(C,D,A,B,X[ 6],11,0); - R0(B,C,D,A,X[ 7],19,0); - R0(A,B,C,D,X[ 8], 3,0); - R0(D,A,B,C,X[ 9], 7,0); - R0(C,D,A,B,X[10],11,0); - R0(B,C,D,A,X[11],19,0); - R0(A,B,C,D,X[12], 3,0); - R0(D,A,B,C,X[13], 7,0); - R0(C,D,A,B,X[14],11,0); - R0(B,C,D,A,X[15],19,0); - /* Round 1 */ - R1(A,B,C,D,X[ 0], 3,0x5A827999L); - R1(D,A,B,C,X[ 4], 5,0x5A827999L); - R1(C,D,A,B,X[ 8], 9,0x5A827999L); - R1(B,C,D,A,X[12],13,0x5A827999L); - R1(A,B,C,D,X[ 1], 3,0x5A827999L); - R1(D,A,B,C,X[ 5], 5,0x5A827999L); - R1(C,D,A,B,X[ 9], 9,0x5A827999L); - R1(B,C,D,A,X[13],13,0x5A827999L); - R1(A,B,C,D,X[ 2], 3,0x5A827999L); - R1(D,A,B,C,X[ 6], 5,0x5A827999L); - R1(C,D,A,B,X[10], 9,0x5A827999L); - R1(B,C,D,A,X[14],13,0x5A827999L); - R1(A,B,C,D,X[ 3], 3,0x5A827999L); - R1(D,A,B,C,X[ 7], 5,0x5A827999L); - R1(C,D,A,B,X[11], 9,0x5A827999L); - R1(B,C,D,A,X[15],13,0x5A827999L); - /* Round 2 */ - R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 4],11,0x6ED9EBA1); - R2(B,C,D,A,X[12],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1); - R2(D,A,B,C,X[10], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 6],11,0x6ED9EBA1); - R2(B,C,D,A,X[14],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 5],11,0x6ED9EBA1); - R2(B,C,D,A,X[13],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1); - R2(D,A,B,C,X[11], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 7],11,0x6ED9EBA1); - R2(B,C,D,A,X[15],15,0x6ED9EBA1); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md4_block_data_order #ifdef X #undef X @@ -240,19 +167,3 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/crypto/openssl-0.9/crypto/md4/md4_locl.h b/crypto/openssl-0.9/crypto/md4/md4_locl.h index abc7b9bb84..c8085b0ead 100644 --- a/crypto/openssl-0.9/crypto/md4/md4_locl.h +++ b/crypto/openssl-0.9/crypto/md4/md4_locl.h @@ -65,43 +65,13 @@ #define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif -void md4_block_host_order (MD4_CTX *c, const void *p,size_t num); void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -# define md4_block_data_order md4_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD4_LONG -#define HASH_LONG_LOG2 MD4_LONG_LOG2 #define HASH_CTX MD4_CTX #define HASH_CBLOCK MD4_CBLOCK -#define HASH_LBLOCK MD4_LBLOCK #define HASH_UPDATE MD4_Update #define HASH_TRANSFORM MD4_Transform #define HASH_FINAL MD4_Final @@ -112,21 +82,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md4_block_host_order -#if !defined(L_ENDIAN) || defined(md4_block_data_order) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md4_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/crypto/openssl-0.9/crypto/md5/md5_dgst.c b/crypto/openssl-0.9/crypto/md5/md5_dgst.c index 953f0496f6..b96e332ba4 100644 --- a/crypto/openssl-0.9/crypto/md5/md5_dgst.c +++ b/crypto/openssl-0.9/crypto/md5/md5_dgst.c @@ -82,96 +82,6 @@ int MD5_Init(MD5_CTX *c) return 1; } -#ifndef md5_block_host_order -void md5_block_host_order (MD5_CTX *c, const void *data, size_t num) - { - const MD5_LONG *X=data; - register unsigned MD32_REG_T A,B,C,D; - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 7,0xd76aa478L); - R0(D,A,B,C,X[ 1],12,0xe8c7b756L); - R0(C,D,A,B,X[ 2],17,0x242070dbL); - R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); - R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); - R0(D,A,B,C,X[ 5],12,0x4787c62aL); - R0(C,D,A,B,X[ 6],17,0xa8304613L); - R0(B,C,D,A,X[ 7],22,0xfd469501L); - R0(A,B,C,D,X[ 8], 7,0x698098d8L); - R0(D,A,B,C,X[ 9],12,0x8b44f7afL); - R0(C,D,A,B,X[10],17,0xffff5bb1L); - R0(B,C,D,A,X[11],22,0x895cd7beL); - R0(A,B,C,D,X[12], 7,0x6b901122L); - R0(D,A,B,C,X[13],12,0xfd987193L); - R0(C,D,A,B,X[14],17,0xa679438eL); - R0(B,C,D,A,X[15],22,0x49b40821L); - /* Round 1 */ - R1(A,B,C,D,X[ 1], 5,0xf61e2562L); - R1(D,A,B,C,X[ 6], 9,0xc040b340L); - R1(C,D,A,B,X[11],14,0x265e5a51L); - R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); - R1(A,B,C,D,X[ 5], 5,0xd62f105dL); - R1(D,A,B,C,X[10], 9,0x02441453L); - R1(C,D,A,B,X[15],14,0xd8a1e681L); - R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); - R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); - R1(D,A,B,C,X[14], 9,0xc33707d6L); - R1(C,D,A,B,X[ 3],14,0xf4d50d87L); - R1(B,C,D,A,X[ 8],20,0x455a14edL); - R1(A,B,C,D,X[13], 5,0xa9e3e905L); - R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); - R1(C,D,A,B,X[ 7],14,0x676f02d9L); - R1(B,C,D,A,X[12],20,0x8d2a4c8aL); - /* Round 2 */ - R2(A,B,C,D,X[ 5], 4,0xfffa3942L); - R2(D,A,B,C,X[ 8],11,0x8771f681L); - R2(C,D,A,B,X[11],16,0x6d9d6122L); - R2(B,C,D,A,X[14],23,0xfde5380cL); - R2(A,B,C,D,X[ 1], 4,0xa4beea44L); - R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); - R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); - R2(B,C,D,A,X[10],23,0xbebfbc70L); - R2(A,B,C,D,X[13], 4,0x289b7ec6L); - R2(D,A,B,C,X[ 0],11,0xeaa127faL); - R2(C,D,A,B,X[ 3],16,0xd4ef3085L); - R2(B,C,D,A,X[ 6],23,0x04881d05L); - R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); - R2(D,A,B,C,X[12],11,0xe6db99e5L); - R2(C,D,A,B,X[15],16,0x1fa27cf8L); - R2(B,C,D,A,X[ 2],23,0xc4ac5665L); - /* Round 3 */ - R3(A,B,C,D,X[ 0], 6,0xf4292244L); - R3(D,A,B,C,X[ 7],10,0x432aff97L); - R3(C,D,A,B,X[14],15,0xab9423a7L); - R3(B,C,D,A,X[ 5],21,0xfc93a039L); - R3(A,B,C,D,X[12], 6,0x655b59c3L); - R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); - R3(C,D,A,B,X[10],15,0xffeff47dL); - R3(B,C,D,A,X[ 1],21,0x85845dd1L); - R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); - R3(D,A,B,C,X[15],10,0xfe2ce6e0L); - R3(C,D,A,B,X[ 6],15,0xa3014314L); - R3(B,C,D,A,X[13],21,0x4e0811a1L); - R3(A,B,C,D,X[ 4], 6,0xf7537e82L); - R3(D,A,B,C,X[11],10,0xbd3af235L); - R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); - R3(B,C,D,A,X[ 9],21,0xeb86d391L); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md5_block_data_order #ifdef X #undef X @@ -274,19 +184,3 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/crypto/openssl-0.9/crypto/md5/md5_locl.h b/crypto/openssl-0.9/crypto/md5/md5_locl.h index 94f395f27a..84e81b960d 100644 --- a/crypto/openssl-0.9/crypto/md5/md5_locl.h +++ b/crypto/openssl-0.9/crypto/md5/md5_locl.h @@ -66,53 +66,19 @@ #endif #ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) -# if !defined(B_ENDIAN) -# define md5_block_host_order md5_block_asm_host_order -# endif -# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) - void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,size_t num); -# define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +# define md5_block_data_order md5_block_asm_data_order # endif #endif -void md5_block_host_order (MD5_CTX *c, const void *p,size_t num); void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) -# if !defined(B_ENDIAN) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -# define md5_block_data_order md5_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD5_LONG -#define HASH_LONG_LOG2 MD5_LONG_LOG2 #define HASH_CTX MD5_CTX #define HASH_CBLOCK MD5_CBLOCK -#define HASH_LBLOCK MD5_LBLOCK #define HASH_UPDATE MD5_Update #define HASH_TRANSFORM MD5_Transform #define HASH_FINAL MD5_Final @@ -123,21 +89,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md5_block_host_order -#if !defined(L_ENDIAN) || defined(md5_block_data_order) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md5_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/crypto/openssl-0.9/crypto/objects/obj_dat.c b/crypto/openssl-0.9/crypto/objects/obj_dat.c index 7a95c7795a..7fd7433241 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_dat.c +++ b/crypto/openssl-0.9/crypto/objects/obj_dat.c @@ -63,6 +63,7 @@ #include #include #include +#include /* obj_dat.h is generated from objects.h by obj_dat.pl */ #ifndef OPENSSL_NO_OBJECT diff --git a/crypto/openssl-0.9/crypto/objects/obj_dat.h b/crypto/openssl-0.9/crypto/objects/obj_dat.h index a9528d5392..99acf131f8 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_dat.h +++ b/crypto/openssl-0.9/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 780 -#define NUM_SN 773 -#define NUM_LN 773 -#define NUM_OBJ 729 +#define NUM_NID 791 +#define NUM_SN 784 +#define NUM_LN 784 +#define NUM_OBJ 740 -static unsigned char lvalues[5154]={ +static unsigned char lvalues[5258]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -166,637 +166,648 @@ static unsigned char lvalues[5154]={ 0x2B,0x24,0x03,0x03,0x01,0x02, /* [603] OBJ_ripemd160WithRSA */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [609] OBJ_rc5_cbc */ 0x29,0x01,0x01,0x85,0x1A,0x01, /* [617] OBJ_rle_compression */ -0x29,0x01,0x01,0x85,0x1A,0x02, /* [623] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [629] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [632] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [638] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [645] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [653] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [661] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [669] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [677] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [744] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [747] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [750] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [753] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [950] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [958] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [966] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */ -0x55,0x04,0x29, /* [1029] OBJ_name */ -0x55,0x04,0x2E, /* [1032] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1035] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1042] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1049] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1057] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1065] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1073] OBJ_OCSP_sign */ -0x28, /* [1081] OBJ_iso */ -0x2A, /* [1082] OBJ_member_body */ -0x2A,0x86,0x48, /* [1083] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1086] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1091] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1097] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1105] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1863] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1871] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1878] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1885] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1892] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1899] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1906] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1913] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1920] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1927] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1934] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1941] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1948] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1956] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1964] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1972] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1980] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1988] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1996] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2004] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2012] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2020] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2028] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2036] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2044] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2052] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2060] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2068] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2076] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2084] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2164] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2172] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2180] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2188] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2196] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2204] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2212] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2220] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2228] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2236] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2244] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2252] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2260] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2268] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2276] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2284] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2292] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2300] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2308] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2388] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2396] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2412] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2420] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2428] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2436] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2444] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2452] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2460] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2468] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2476] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2484] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2492] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2500] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2508] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2516] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2524] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2532] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2540] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2548] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2556] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2564] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2572] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2580] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2588] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2596] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2604] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2612] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2620] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2628] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2636] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2644] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2652] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2660] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2676] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2684] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2692] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2700] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2708] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2815] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2819] OBJ_rsaSignature */ -0x55,0x08, /* [2824] OBJ_X500algorithms */ -0x2B, /* [2826] OBJ_org */ -0x2B,0x06, /* [2827] OBJ_dod */ -0x2B,0x06,0x01, /* [2829] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2832] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2836] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2840] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2844] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2848] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2852] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2856] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2860] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x00, /* [2894] OBJ_joint_iso_ccitt */ -0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2911] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2919] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2927] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2935] OBJ_role */ -0x55,0x1D,0x24, /* [2938] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2941] OBJ_target_information */ -0x55,0x1D,0x38, /* [2944] OBJ_no_rev_avail */ -0x00, /* [2947] OBJ_ccitt */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2948] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2953] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2960] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2967] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2974] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2982] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2990] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2998] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3006] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3014] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3022] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3030] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3154] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3157] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3164] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3171] OBJ_hold_instruction_reject */ -0x09, /* [3178] OBJ_data */ -0x09,0x92,0x26, /* [3179] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3182] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3189] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3843] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3846] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3851] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3857] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3863] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3870] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3877] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3880] OBJ_pseudonym */ -0x67,0x2A, /* [3883] OBJ_id_set */ -0x67,0x2A,0x00, /* [3885] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3888] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3891] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3894] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3897] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3900] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3903] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3907] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3911] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3915] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3919] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3923] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3927] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3931] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3935] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3939] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3943] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3947] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3951] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3955] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3959] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3963] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3967] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3971] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3975] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3979] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3983] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3987] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [3991] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [3995] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [3999] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [4003] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4007] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4011] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4015] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4019] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4023] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4027] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4031] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4035] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4039] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4043] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4047] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4051] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4055] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4059] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4063] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4067] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4071] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4075] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4079] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4083] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4087] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4091] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4095] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4099] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4103] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4107] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4111] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4115] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4119] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4123] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4127] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4131] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4135] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4139] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4143] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4147] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4151] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4155] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4159] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4163] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4167] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4171] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4175] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4179] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4183] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4187] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4191] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4195] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4199] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4203] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4207] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4211] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4215] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4219] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4223] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4227] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4231] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4235] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4239] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4243] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4247] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4251] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4255] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4259] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4263] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4267] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4271] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4275] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4279] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4283] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4287] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4291] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4295] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4299] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4303] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4307] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4311] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4315] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4319] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4323] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4328] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4333] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4338] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4343] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4348] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4353] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4358] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4364] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4370] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4376] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4382] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4388] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4392] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4396] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4400] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4404] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4408] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ -0x00, /* [4434] OBJ_itu_t */ -0x50, /* [4435] OBJ_joint_iso_itu_t */ -0x67, /* [4436] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4457] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4460] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4463] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4470] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4478] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4486] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4494] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4497] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */ -0x2B, /* [4577] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4578] OBJ_certicom_arc */ -0x67,0x2B, /* [4581] OBJ_wap */ -0x67,0x2B,0x0D, /* [4583] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4586] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4621] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4629] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4637] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4645] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4653] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4661] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4669] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4677] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4685] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4693] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4701] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4709] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4717] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4725] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4733] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4741] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4749] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4757] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4765] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4773] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4781] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4786] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4791] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4796] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4801] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4806] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4811] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4816] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4821] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4826] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4831] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4836] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4841] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4846] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4851] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4856] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4861] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4866] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4871] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4876] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4881] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4886] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4891] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4896] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4901] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4906] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4911] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4916] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4921] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4926] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4931] OBJ_sect571r1 */ -0x67,0x2B,0x0D,0x04,0x01, /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x03, /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x0D,0x04,0x04, /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x0D,0x04,0x05, /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x07, /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x0D,0x04,0x0A, /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x0D,0x04,0x0B, /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x0D,0x04,0x0C, /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [4991] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4995] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [4998] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5034] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5042] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5050] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5058] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5066] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5074] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5082] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5090] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5098] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5106] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5109] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5112] OBJ_certificate_issuer */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5115] OBJ_kisa */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5121] OBJ_seed_ecb */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5129] OBJ_seed_cbc */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5137] OBJ_seed_ofb128 */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5145] OBJ_seed_cfb128 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [634] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [637] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [643] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [650] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [658] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [749] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [752] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [755] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [758] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [955] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [963] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [971] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */ +0x55,0x04,0x29, /* [1034] OBJ_name */ +0x55,0x04,0x2E, /* [1037] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1040] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1047] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1054] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1062] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1070] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1078] OBJ_OCSP_sign */ +0x28, /* [1086] OBJ_iso */ +0x2A, /* [1087] OBJ_member_body */ +0x2A,0x86,0x48, /* [1088] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1091] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1096] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1102] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1110] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1868] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1876] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1883] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1890] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1897] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1904] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1911] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1918] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1925] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1932] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1939] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1946] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1953] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1961] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1969] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1977] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1985] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1993] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2001] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2009] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2017] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2025] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2033] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2041] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2049] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2057] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2065] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2073] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2081] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2089] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2097] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2105] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2113] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2121] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2129] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2137] OBJ_sbgp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2145] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2153] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2161] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2169] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2177] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2185] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2193] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2201] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2209] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2217] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2225] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2233] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2241] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2249] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2257] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2265] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2273] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2281] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2289] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2297] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2305] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2313] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2393] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2401] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2417] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2425] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2433] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2441] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2449] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2457] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2465] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2473] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2481] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2489] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2497] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2505] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2513] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2521] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2529] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2537] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2545] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2553] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2561] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2569] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2577] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2585] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2593] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2601] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2609] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2617] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2625] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2633] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2641] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2649] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2657] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2665] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2681] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2689] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2697] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2705] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2713] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2820] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2824] OBJ_rsaSignature */ +0x55,0x08, /* [2829] OBJ_X500algorithms */ +0x2B, /* [2831] OBJ_org */ +0x2B,0x06, /* [2832] OBJ_dod */ +0x2B,0x06,0x01, /* [2834] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2837] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2841] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2845] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2849] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2853] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2857] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2861] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2865] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */ +0x00, /* [2899] OBJ_joint_iso_ccitt */ +0x55,0x01,0x05, /* [2900] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2903] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2916] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2924] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2932] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2940] OBJ_role */ +0x55,0x1D,0x24, /* [2943] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2946] OBJ_target_information */ +0x55,0x1D,0x38, /* [2949] OBJ_no_rev_avail */ +0x00, /* [2952] OBJ_ccitt */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */ +0x09, /* [3183] OBJ_data */ +0x09,0x92,0x26, /* [3184] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */ +0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */ +0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3885] OBJ_pseudonym */ +0x67,0x2A, /* [3888] OBJ_id_set */ +0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3896] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3899] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3905] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */ +0x00, /* [4439] OBJ_itu_t */ +0x50, /* [4440] OBJ_joint_iso_itu_t */ +0x67, /* [4441] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4462] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4465] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4468] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4475] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4483] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4491] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4499] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4502] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */ +0x2B, /* [4582] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ +0x67,0x2B, /* [4586] OBJ_wap */ +0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4626] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4634] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4642] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4650] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4658] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4666] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4674] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4682] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4690] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4698] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4706] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4714] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4722] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4730] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4738] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4746] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4754] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4762] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4770] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4778] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4786] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4791] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4796] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4801] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4806] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4811] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4816] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4821] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4826] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4831] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4836] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4841] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4846] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4851] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4856] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4861] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4866] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4871] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4876] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4881] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4886] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4891] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4896] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4901] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4906] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4911] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4916] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4921] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ +0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ +0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5039] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5047] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5055] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5063] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5071] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5079] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5087] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5095] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5103] OBJ_camellia_256_ofb128 */ +0x55,0x1D,0x09, /* [5111] OBJ_subject_directory_attributes */ +0x55,0x1D,0x1C, /* [5114] OBJ_issuing_distribution_point */ +0x55,0x1D,0x1D, /* [5117] OBJ_certificate_issuer */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5120] OBJ_kisa */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5126] OBJ_seed_ecb */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5134] OBJ_seed_cbc */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5142] OBJ_seed_ofb128 */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5150] OBJ_seed_cfb128 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5158] OBJ_hmac_md5 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5166] OBJ_hmac_sha1 */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5192] OBJ_id_it_suppLangTags */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5200] OBJ_caRepository */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -967,880 +978,880 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0}, +{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[629]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0}, + &(lvalues[634]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[645]),0}, + &(lvalues[650]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[653]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0}, + &(lvalues[658]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[669]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0}, + &(lvalues[674]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[685]),0}, + &(lvalues[690]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[695]),0}, + &(lvalues[700]),0}, {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[705]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0}, + &(lvalues[710]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[725]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0}, + &(lvalues[730]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[744]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0}, + &(lvalues[749]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[750]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0}, + &(lvalues[755]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[829]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0}, + 11,&(lvalues[834]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[873]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0}, + &(lvalues[878]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[902]),0}, + &(lvalues[907]),0}, {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[912]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0}, + &(lvalues[917]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[966]),0}, + &(lvalues[971]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[974]),0}, + &(lvalues[979]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[983]),0}, + &(lvalues[988]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[992]),0}, + &(lvalues[997]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1001]),0}, + &(lvalues[1006]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1010]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0}, -{"name","name",NID_name,3,&(lvalues[1029]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0}, + &(lvalues[1015]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0}, +{"name","name",NID_name,3,&(lvalues[1034]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1049]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0}, -{"ISO","iso",NID_iso,1,&(lvalues[1081]),0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0}, + 8,&(lvalues[1054]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0}, +{"ISO","iso",NID_iso,1,&(lvalues[1086]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1192]),0}, + &(lvalues[1197]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1203]),0}, + &(lvalues[1208]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1214]),0}, + &(lvalues[1219]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1225]),0}, + 11,&(lvalues[1230]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1280]),0}, + 11,&(lvalues[1285]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1291]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1296]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1313]),0}, + 11,&(lvalues[1318]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1324]),0}, + 11,&(lvalues[1329]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1445]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1450]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1731]),0}, + &(lvalues[1736]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1764]),0}, + &(lvalues[1769]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1863]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1868]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2036]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2041]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2068]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0}, + &(lvalues[2073]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2092]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0}, + &(lvalues[2097]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0}, {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2116]),0}, + &(lvalues[2121]),0}, {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0}, + NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0}, {"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0}, + NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2148]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0}, + &(lvalues[2153]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2180]),0}, + 8,&(lvalues[2185]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2220]),0}, + &(lvalues[2225]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2268]),0}, + 8,&(lvalues[2273]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2276]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2281]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2292]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2297]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2316]),0}, + 9,&(lvalues[2321]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2379]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0}, + &(lvalues[2384]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2396]),0}, + &(lvalues[2401]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2420]),0}, + &(lvalues[2425]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2428]),0}, + NID_id_cmc_identification,8,&(lvalues[2433]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2436]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2441]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2444]),0}, + &(lvalues[2449]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2452]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2457]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2460]),0}, + &(lvalues[2465]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2476]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2481]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2484]),0}, + 8,&(lvalues[2489]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2492]),0}, + 8,&(lvalues[2497]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2508]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0}, + &(lvalues[2513]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2532]),0}, + &(lvalues[2537]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2540]),0}, + 8,&(lvalues[2545]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2548]),0}, + 8,&(lvalues[2553]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2580]),0}, + &(lvalues[2585]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2588]),0}, + &(lvalues[2593]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2596]),0}, + 8,&(lvalues[2601]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2636]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2641]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2684]),0}, + &(lvalues[2689]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2692]),0}, + &(lvalues[2697]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2700]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0}, + &(lvalues[2705]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2716]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0}, + &(lvalues[2721]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2761]),0}, + 9,&(lvalues[2766]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2806]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0}, + &(lvalues[2811]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2824]),0}, -{"ORG","org",NID_org,1,&(lvalues[2826]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2827]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2829]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0}, -{"private","Private",NID_Private,4,&(lvalues[2844]),0}, -{"security","Security",NID_Security,4,&(lvalues[2848]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, + NID_X500algorithms,2,&(lvalues[2829]),0}, +{"ORG","org",NID_org,1,&(lvalues[2831]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2832]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2834]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0}, +{"private","Private",NID_Private,4,&(lvalues[2849]),0}, +{"security","Security",NID_Security,4,&(lvalues[2853]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2895]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, + NID_selected_attribute_types,3,&(lvalues[2900]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2902]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0}, + &(lvalues[2907]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2919]),0}, + &(lvalues[2924]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2927]),0}, -{"role","role",NID_role,3,&(lvalues[2935]),0}, + &(lvalues[2932]),0}, +{"role","role",NID_role,3,&(lvalues[2940]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2938]),0}, + NID_policy_constraints,3,&(lvalues[2943]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2941]),0}, + &(lvalues[2946]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2944]),0}, -{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, + &(lvalues[2949]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2967]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0}, + &(lvalues[2972]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3030]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0}, + &(lvalues[3035]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3154]),0}, + NID_hold_instruction_code,3,&(lvalues[3159]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3157]),0}, + NID_hold_instruction_none,7,&(lvalues[3162]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3171]),0}, -{"data","data",NID_data,1,&(lvalues[3178]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3179]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0}, + NID_hold_instruction_reject,7,&(lvalues[3176]),0}, +{"data","data",NID_data,1,&(lvalues[3183]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3184]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3197]),0}, + &(lvalues[3202]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3206]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3211]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3215]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0}, + &(lvalues[3220]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3233]),0}, + &(lvalues[3238]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0}, -{"account","account",NID_account,10,&(lvalues[3273]),0}, -{"document","document",NID_document,10,&(lvalues[3283]),0}, -{"room","room",NID_room,10,&(lvalues[3293]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0}, +{"account","account",NID_account,10,&(lvalues[3278]),0}, +{"document","document",NID_document,10,&(lvalues[3288]),0}, +{"room","room",NID_room,10,&(lvalues[3298]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3303]),0}, + &(lvalues[3308]),0}, {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3313]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0}, + &(lvalues[3318]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3333]),0}, + 10,&(lvalues[3338]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3343]),0}, + &(lvalues[3348]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3353]),0}, + NID_simpleSecurityObject,10,&(lvalues[3358]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3363]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0}, + &(lvalues[3368]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3383]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3393]),0}, + 10,&(lvalues[3388]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3398]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3403]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0}, -{"info","info",NID_info,10,&(lvalues[3423]),0}, + NID_textEncodedORAddress,10,&(lvalues[3408]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0}, +{"info","info",NID_info,10,&(lvalues[3428]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3433]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3453]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0}, -{"host","host",NID_host,10,&(lvalues[3473]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3483]),0}, + &(lvalues[3438]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3458]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0}, +{"host","host",NID_host,10,&(lvalues[3478]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3488]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3493]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0}, + &(lvalues[3498]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3513]),0}, + &(lvalues[3518]),0}, {"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3523]),0}, + &(lvalues[3528]),0}, {"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3533]),0}, + &(lvalues[3538]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3543]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0}, + 10,&(lvalues[3548]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3573]),0}, + &(lvalues[3578]),0}, {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3583]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0}, + &(lvalues[3588]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3603]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0}, + NID_pilotAttributeType27,10,&(lvalues[3608]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3653]),0}, + &(lvalues[3658]),0}, {"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3663]),0}, + &(lvalues[3668]),0}, {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3673]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0}, + &(lvalues[3678]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3693]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3698]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3703]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3708]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3713]),0}, + 10,&(lvalues[3718]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3723]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0}, + NID_organizationalStatus,10,&(lvalues[3728]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3743]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0}, + NID_mailPreferenceOption,10,&(lvalues[3748]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3773]),0}, + &(lvalues[3778]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3783]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3788]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3793]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3798]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3803]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3823]),0}, + &(lvalues[3808]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3828]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3833]),0}, + &(lvalues[3838]),0}, {"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3843]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0}, + NID_x500UniqueIdentifier,3,&(lvalues[3848]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0}, {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3851]),0}, + &(lvalues[3856]),0}, {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3857]),0}, + &(lvalues[3862]),0}, {"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3863]),0}, + NID_id_hex_partial_message,7,&(lvalues[3868]),0}, {"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3870]),0}, + NID_id_hex_multipart_message,7,&(lvalues[3875]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3877]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, + 3,&(lvalues[3882]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3883]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0}, + &(lvalues[3888]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0}, {"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3897]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0}, + &(lvalues[3902]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0}, {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, - &(lvalues[3907]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0}, + &(lvalues[3912]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0}, {"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0}, + NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0}, {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3931]),0}, + &(lvalues[3936]),0}, {"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3935]),0}, + NID_setct_AuthResBaggage,4,&(lvalues[3940]),0}, {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0}, + NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0}, {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0}, + NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0}, {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3947]),0}, + &(lvalues[3952]),0}, {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3951]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0}, + &(lvalues[3956]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0}, {"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3959]),0}, + &(lvalues[3964]),0}, {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3963]),0}, + &(lvalues[3968]),0}, {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3967]),0}, + &(lvalues[3972]),0}, {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3971]),0}, + &(lvalues[3976]),0}, {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3975]),0}, + &(lvalues[3980]),0}, {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3979]),0}, + &(lvalues[3984]),0}, {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3983]),0}, + &(lvalues[3988]),0}, {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0}, + NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0}, {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[3991]),0}, + 4,&(lvalues[3996]),0}, {"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[3995]),0}, + NID_setct_AuthRevResData,4,&(lvalues[4000]),0}, {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[3999]),0}, + 4,&(lvalues[4004]),0}, {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[4003]),0}, + &(lvalues[4008]),0}, {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4007]),0}, + &(lvalues[4012]),0}, {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4011]),0}, + &(lvalues[4016]),0}, {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4015]),0}, + &(lvalues[4020]),0}, {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4019]),0}, + 4,&(lvalues[4024]),0}, {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4023]),0}, + 4,&(lvalues[4028]),0}, {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4027]),0}, + &(lvalues[4032]),0}, {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4031]),0}, + &(lvalues[4036]),0}, {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4035]),0}, + &(lvalues[4040]),0}, {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4039]),0}, + 4,&(lvalues[4044]),0}, {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0}, + NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0}, {"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4047]),0}, + NID_setct_CredRevResData,4,&(lvalues[4052]),0}, {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4051]),0}, + &(lvalues[4056]),0}, {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4055]),0}, + &(lvalues[4060]),0}, {"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0}, + NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0}, {"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4063]),0}, + NID_setct_BatchAdminResData,4,&(lvalues[4068]),0}, {"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0}, + NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0}, {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0}, + NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0}, {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4075]),0}, + 4,&(lvalues[4080]),0}, {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4079]),0}, + &(lvalues[4084]),0}, {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4083]),0}, + &(lvalues[4088]),0}, {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4087]),0}, + &(lvalues[4092]),0}, {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4091]),0}, + 4,&(lvalues[4096]),0}, {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4095]),0}, + &(lvalues[4100]),0}, {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0}, + NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0}, {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4103]),0}, + 4,&(lvalues[4108]),0}, {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4107]),0}, + &(lvalues[4112]),0}, {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4111]),0}, + &(lvalues[4116]),0}, {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4115]),0}, + &(lvalues[4120]),0}, {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4119]),0}, + &(lvalues[4124]),0}, {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4123]),0}, + &(lvalues[4128]),0}, {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4127]),0}, + &(lvalues[4132]),0}, {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0}, + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0}, {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4135]),0}, + 4,&(lvalues[4140]),0}, {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4139]),0}, + 4,&(lvalues[4144]),0}, {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0}, + NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0}, {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4147]),0}, + &(lvalues[4152]),0}, {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4151]),0}, + &(lvalues[4156]),0}, {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4155]),0}, + &(lvalues[4160]),0}, {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4159]),0}, + &(lvalues[4164]),0}, {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4163]),0}, + 4,&(lvalues[4168]),0}, {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4167]),0}, + &(lvalues[4172]),0}, {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4171]),0}, + &(lvalues[4176]),0}, {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4175]),0}, + &(lvalues[4180]),0}, {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4179]),0}, + &(lvalues[4184]),0}, {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4183]),0}, + 4,&(lvalues[4188]),0}, {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0}, + NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0}, {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4191]),0}, + 4,&(lvalues[4196]),0}, {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0}, + NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0}, {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0}, + NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0}, {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4203]),0}, + 4,&(lvalues[4208]),0}, {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4207]),0}, + &(lvalues[4212]),0}, {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4211]),0}, + &(lvalues[4216]),0}, {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4215]),0}, + &(lvalues[4220]),0}, {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0}, + NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0}, {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0}, + NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0}, {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0}, + NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0}, {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4231]),0}, + &(lvalues[4236]),0}, {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4235]),0}, + &(lvalues[4240]),0}, {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4239]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0}, + &(lvalues[4244]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0}, {"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4251]),0}, + &(lvalues[4256]),0}, {"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4255]),0}, + &(lvalues[4260]),0}, {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4259]),0}, + &(lvalues[4264]),0}, {"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4263]),0}, + &(lvalues[4268]),0}, {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4267]),0}, + &(lvalues[4272]),0}, {"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4271]),0}, + NID_setCext_cCertRequired,4,&(lvalues[4276]),0}, {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4275]),0}, + &(lvalues[4280]),0}, {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4279]),0}, + &(lvalues[4284]),0}, {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4283]),0}, + &(lvalues[4288]),0}, {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0}, + NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0}, {"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0}, + NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0}, {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4295]),0}, + &(lvalues[4300]),0}, {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4299]),0}, + &(lvalues[4304]),0}, {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0}, + NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0}, {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4311]),0}, + 4,&(lvalues[4316]),0}, {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4315]),0}, + &(lvalues[4320]),0}, {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4319]),0}, + &(lvalues[4324]),0}, {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4323]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0}, + &(lvalues[4328]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0}, {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, - &(lvalues[4333]),0}, + &(lvalues[4338]),0}, {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0}, + NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0}, {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4343]),0}, -{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, &(lvalues[4348]),0}, -{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, +{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, &(lvalues[4353]),0}, +{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, + &(lvalues[4358]),0}, {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4358]),0}, + 6,&(lvalues[4363]),0}, {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4364]),0}, + &(lvalues[4369]),0}, {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4370]),0}, + &(lvalues[4375]),0}, {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4376]),0}, + &(lvalues[4381]),0}, {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4382]),0}, + 6,&(lvalues[4387]),0}, {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4388]),0}, + &(lvalues[4393]),0}, {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4392]),0}, + &(lvalues[4397]),0}, {"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0}, + NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0}, {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4404]),0}, + &(lvalues[4409]),0}, {"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4408]),0}, + NID_set_brand_MasterCard,4,&(lvalues[4413]),0}, {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4412]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, + &(lvalues[4417]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, -{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0}, + NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0}, {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, - &(lvalues[4435]),0}, + &(lvalues[4440]),0}, {"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4436]),0}, + NID_international_organizations,1,&(lvalues[4441]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4437]),0}, + 10,&(lvalues[4442]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4447]),0}, + &(lvalues[4452]),0}, {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, @@ -1851,138 +1862,138 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0}, +{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4470]),0}, + &(lvalues[4475]),0}, {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4478]),0}, + &(lvalues[4483]),0}, {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4486]),0}, + &(lvalues[4491]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4494]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0}, + &(lvalues[4499]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0}, {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4505]),0}, + &(lvalues[4510]),0}, {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4514]),0}, + &(lvalues[4519]),0}, {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4523]),0}, + &(lvalues[4528]),0}, {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4532]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0}, + &(lvalues[4537]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4577]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4581]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0}, + NID_identified_organization,1,&(lvalues[4582]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4586]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0}, {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0}, + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0}, {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0}, + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0}, {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0}, + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0}, {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0}, + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0}, {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0}, + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0}, {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0}, + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0}, {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0}, + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[4995]),0}, + &(lvalues[5000]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[4998]),0}, + NID_inhibit_any_policy,3,&(lvalues[5003]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[5001]),0}, + &(lvalues[5006]),0}, {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5012]),0}, + &(lvalues[5017]),0}, {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5023]),0}, + &(lvalues[5028]),0}, {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5034]),0}, + &(lvalues[5039]),0}, {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5042]),0}, + &(lvalues[5047]),0}, {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5050]),0}, + &(lvalues[5055]),0}, {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5058]),0}, + &(lvalues[5063]),0}, {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5066]),0}, + &(lvalues[5071]),0}, {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5074]),0}, + &(lvalues[5079]),0}, {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, @@ -1990,25 +2001,44 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5082]),0}, + &(lvalues[5087]),0}, {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5090]),0}, + &(lvalues[5095]),0}, {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5098]),0}, + &(lvalues[5103]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5106]),0}, + NID_subject_directory_attributes,3,&(lvalues[5111]),0}, {"issuingDistributionPoint","X509v3 Issuing Distrubution Point", - NID_issuing_distribution_point,3,&(lvalues[5109]),0}, + NID_issuing_distribution_point,3,&(lvalues[5114]),0}, {"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5112]),0}, + NID_certificate_issuer,3,&(lvalues[5117]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"KISA","kisa",NID_kisa,6,&(lvalues[5115]),0}, +{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5121]),0}, -{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5129]),0}, -{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5137]),0}, -{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5145]),0}, +{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0}, +{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0}, +{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0}, +{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0}, +{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0}, +{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0}, +{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, + &(lvalues[5174]),0}, +{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, + &(lvalues[5183]),0}, +{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, + &(lvalues[5192]),0}, +{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0}, +{"id-smime-ct-compressedData","id-smime-ct-compressedData", + NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0}, +{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0}, +{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, + &(lvalues[5230]),0}, +{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, + &(lvalues[5239]),0}, +{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, + &(lvalues[5248]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2089,6 +2119,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[67]),/* "DSA-old" */ &(nid_objs[297]),/* "DVCS" */ &(nid_objs[99]),/* "GN" */ +&(nid_objs[780]),/* "HMAC-MD5" */ +&(nid_objs[781]),/* "HMAC-SHA1" */ &(nid_objs[381]),/* "IANA" */ &(nid_objs[34]),/* "IDEA-CBC" */ &(nid_objs[35]),/* "IDEA-CFB" */ @@ -2227,6 +2259,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[703]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[179]),/* "caIssuers" */ +&(nid_objs[785]),/* "caRepository" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[677]),/* "certicom-arc" */ @@ -2285,6 +2318,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[473]),/* "homeTelephoneNumber" */ &(nid_objs[466]),/* "host" */ &(nid_objs[442]),/* "iA5StringSyntax" */ +&(nid_objs[783]),/* "id-DHBasedMac" */ +&(nid_objs[782]),/* "id-PasswordBasedMAC" */ &(nid_objs[266]),/* "id-aca" */ &(nid_objs[355]),/* "id-aca-accessIdentity" */ &(nid_objs[354]),/* "id-aca-authenticationInfo" */ @@ -2293,6 +2328,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ +&(nid_objs[788]),/* "id-aes128-wrap" */ +&(nid_objs[789]),/* "id-aes192-wrap" */ +&(nid_objs[790]),/* "id-aes256-wrap" */ &(nid_objs[262]),/* "id-alg" */ &(nid_objs[323]),/* "id-alg-des40" */ &(nid_objs[326]),/* "id-alg-dh-pop" */ @@ -2325,6 +2363,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[332]),/* "id-cmc-senderNonce" */ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ +&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ &(nid_objs[408]),/* "id-ecPublicKey" */ &(nid_objs[508]),/* "id-hex-multipart-message" */ &(nid_objs[507]),/* "id-hex-partial-message" */ @@ -2343,6 +2382,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[299]),/* "id-it-signKeyPairTypes" */ &(nid_objs[305]),/* "id-it-subscriptionRequest" */ &(nid_objs[306]),/* "id-it-subscriptionResponse" */ +&(nid_objs[784]),/* "id-it-suppLangTags" */ &(nid_objs[304]),/* "id-it-unsupportedOIDs" */ &(nid_objs[128]),/* "id-kp" */ &(nid_objs[280]),/* "id-mod-attribute-cert" */ @@ -2438,6 +2478,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ &(nid_objs[205]),/* "id-smime-ct-authData" */ +&(nid_objs[786]),/* "id-smime-ct-compressedData" */ &(nid_objs[209]),/* "id-smime-ct-contentInfo" */ &(nid_objs[206]),/* "id-smime-ct-publishCert" */ &(nid_objs[204]),/* "id-smime-ct-receipt" */ @@ -2796,7 +2837,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[365]),/* "Basic OCSP Response" */ &(nid_objs[285]),/* "Biometric Info" */ &(nid_objs[179]),/* "CA Issuers" */ +&(nid_objs[785]),/* "CA Repository" */ &(nid_objs[131]),/* "Code Signing" */ +&(nid_objs[783]),/* "Diffie-Hellman based MAC" */ &(nid_objs[382]),/* "Directory" */ &(nid_objs[392]),/* "Domain" */ &(nid_objs[132]),/* "E-mail Protection" */ @@ -3049,6 +3092,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[509]),/* "generationQualifier" */ &(nid_objs[601]),/* "generic cryptogram" */ &(nid_objs[99]),/* "givenName" */ +&(nid_objs[780]),/* "hmac-md5" */ +&(nid_objs[781]),/* "hmac-sha1" */ &(nid_objs[163]),/* "hmacWithSHA1" */ &(nid_objs[486]),/* "homePostalAddress" */ &(nid_objs[473]),/* "homeTelephoneNumber" */ @@ -3063,6 +3108,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ +&(nid_objs[788]),/* "id-aes128-wrap" */ +&(nid_objs[789]),/* "id-aes192-wrap" */ +&(nid_objs[790]),/* "id-aes256-wrap" */ &(nid_objs[262]),/* "id-alg" */ &(nid_objs[323]),/* "id-alg-des40" */ &(nid_objs[326]),/* "id-alg-dh-pop" */ @@ -3095,6 +3143,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[332]),/* "id-cmc-senderNonce" */ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ +&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ &(nid_objs[408]),/* "id-ecPublicKey" */ &(nid_objs[508]),/* "id-hex-multipart-message" */ &(nid_objs[507]),/* "id-hex-partial-message" */ @@ -3113,6 +3162,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[299]),/* "id-it-signKeyPairTypes" */ &(nid_objs[305]),/* "id-it-subscriptionRequest" */ &(nid_objs[306]),/* "id-it-subscriptionResponse" */ +&(nid_objs[784]),/* "id-it-suppLangTags" */ &(nid_objs[304]),/* "id-it-unsupportedOIDs" */ &(nid_objs[128]),/* "id-kp" */ &(nid_objs[280]),/* "id-mod-attribute-cert" */ @@ -3202,6 +3252,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ &(nid_objs[205]),/* "id-smime-ct-authData" */ +&(nid_objs[786]),/* "id-smime-ct-compressedData" */ &(nid_objs[209]),/* "id-smime-ct-contentInfo" */ &(nid_objs[206]),/* "id-smime-ct-publishCert" */ &(nid_objs[204]),/* "id-smime-ct-receipt" */ @@ -3272,6 +3323,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[18]),/* "organizationalUnitName" */ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ +&(nid_objs[782]),/* "password based MAC" */ &(nid_objs[374]),/* "path" */ &(nid_objs[621]),/* "payment gateway capabilities" */ &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ @@ -3833,7 +3885,6 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ &(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ &(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ @@ -3987,6 +4038,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[310]),/* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ &(nid_objs[311]),/* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ &(nid_objs[312]),/* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +&(nid_objs[784]),/* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ &(nid_objs[313]),/* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ &(nid_objs[314]),/* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ &(nid_objs[323]),/* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ @@ -4036,6 +4088,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ &(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ &(nid_objs[364]),/* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +&(nid_objs[785]),/* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +&(nid_objs[780]),/* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +&(nid_objs[781]),/* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ &(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ &(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ &(nid_objs[438]),/* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ @@ -4044,6 +4099,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[441]),/* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ &(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +&(nid_objs[783]),/* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ &(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ &(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ @@ -4113,14 +4170,17 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ &(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ &(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ &(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ &(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ &(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ &(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ &(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ &(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ &(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ &(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ &(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ &(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ &(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ @@ -4241,6 +4301,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ &(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ &(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ &(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ &(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ &(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ @@ -4277,6 +4339,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ &(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ &(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ &(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ &(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ &(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ diff --git a/crypto/openssl-0.9/crypto/objects/obj_mac.h b/crypto/openssl-0.9/crypto/objects/obj_mac.h index 68b6e31a97..76d5ec9c0b 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_mac.h +++ b/crypto/openssl-0.9/crypto/objects/obj_mac.h @@ -97,6 +97,16 @@ #define NID_identified_organization 676 #define OBJ_identified_organization OBJ_iso,3L +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + #define SN_certicom_arc "certicom-arc" #define NID_certicom_arc 677 #define OBJ_certicom_arc OBJ_identified_organization,132L @@ -498,6 +508,16 @@ #define NID_pbeWithMD5AndCast5_CBC 112 #define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + #define SN_rsadsi "rsadsi" #define LN_rsadsi "RSA Data Security, Inc." #define NID_rsadsi 1 @@ -785,6 +805,14 @@ #define NID_id_smime_ct_DVCSResponseData 211 #define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1513,6 +1541,10 @@ #define NID_id_it_origPKIMessage 312 #define OBJ_id_it_origPKIMessage OBJ_id_it,15L +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L @@ -1748,6 +1780,11 @@ #define NID_ad_dvcs 364 #define OBJ_ad_dvcs OBJ_id_ad,4L +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + #define OBJ_id_pkix_OCSP OBJ_ad_OCSP #define SN_id_pkix_OCSP_basic "basicOCSPResponse" @@ -2323,7 +2360,7 @@ #define SN_zlib_compression "ZLIB" #define LN_zlib_compression "zlib compression" #define NID_zlib_compression 125 -#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L +#define OBJ_zlib_compression OBJ_id_smime_alg,8L #define OBJ_csor 2L,16L,840L,1L,101L,3L @@ -2431,6 +2468,18 @@ #define LN_des_ede3_cfb8 "des-ede3-cfb8" #define NID_des_ede3_cfb8 659 +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + #define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L #define SN_sha256 "SHA256" diff --git a/crypto/openssl-0.9/crypto/ocsp/ocsp.h b/crypto/openssl-0.9/crypto/ocsp/ocsp.h index 8163411c92..a0577a717e 100644 --- a/crypto/openssl-0.9/crypto/ocsp/ocsp.h +++ b/crypto/openssl-0.9/crypto/ocsp/ocsp.h @@ -186,11 +186,11 @@ typedef struct ocsp_resp_bytes_st * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ -typedef struct ocsp_response_st +struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; - } OCSP_RESPONSE; + }; /* ResponderID ::= CHOICE { * byName [1] Name, @@ -198,14 +198,18 @@ typedef struct ocsp_response_st */ #define V_OCSP_RESPID_NAME 0 #define V_OCSP_RESPID_KEY 1 -typedef struct ocsp_responder_id_st +struct ocsp_responder_id_st { int type; union { X509_NAME* byName; ASN1_OCTET_STRING *byKey; } value; - } OCSP_RESPID; + }; + +DECLARE_STACK_OF(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ @@ -397,6 +401,10 @@ typedef struct ocsp_service_locator_st (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); @@ -574,6 +582,7 @@ void ERR_load_OCSP_strings(void); #define OCSP_F_OCSP_REQUEST_VERIFY 116 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 #define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_PARSE_HTTP_LINE1 117 #define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ diff --git a/crypto/openssl-0.9/crypto/ocsp/ocsp_err.c b/crypto/openssl-0.9/crypto/ocsp/ocsp_err.c index ad62364f29..d2f2e79f44 100644 --- a/crypto/openssl-0.9/crypto/ocsp/ocsp_err.c +++ b/crypto/openssl-0.9/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* crypto/ocsp/ocsp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]= {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, +{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, {0,NULL} }; diff --git a/crypto/openssl-0.9/crypto/ocsp/ocsp_ht.c b/crypto/openssl-0.9/crypto/ocsp/ocsp_ht.c index 9213e58ae4..a8e569b74a 100644 --- a/crypto/openssl-0.9/crypto/ocsp/ocsp_ht.c +++ b/crypto/openssl-0.9/crypto/ocsp/ocsp_ht.c @@ -1,9 +1,9 @@ /* ocsp_ht.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2000. + * project 2006. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,106 +68,404 @@ #define strtoul (unsigned long)strtol #endif /* OPENSSL_SYS_SUNOS */ -/* Quick and dirty HTTP OCSP request handler. - * Could make this a bit cleverer by adding - * support for non blocking BIOs and a few - * other refinements. - */ +/* Stateful OCSP request code, supporting non-blocking I/O */ -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) -{ - BIO *mem = NULL; - char tmpbuf[1024]; - OCSP_RESPONSE *resp = NULL; - char *p, *q, *r; - int len, retcode; - static char req_txt[] = -"POST %s HTTP/1.0\r\n\ -Content-Type: application/ocsp-request\r\n\ -Content-Length: %d\r\n\r\n"; - - len = i2d_OCSP_REQUEST(req, NULL); - if(BIO_printf(b, req_txt, path, len) < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; - } - if(i2d_OCSP_REQUEST_bio(b, req) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; +/* Opaque OCSP request status structure */ + +struct ocsp_req_ctx_st { + int state; /* Current I/O state */ + unsigned char *iobuf; /* Line buffer */ + int iobuflen; /* Line buffer length */ + BIO *io; /* BIO to perform I/O with */ + BIO *mem; /* Memory BIO response is built into */ + unsigned long asn1_len; /* ASN1 length of response */ + }; + +#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) +#define OCSP_MAX_LINE_LEN 4096; + +/* OCSP states */ + +/* If set no reading should be performed */ +#define OHS_NOREAD 0x1000 +/* Error condition */ +#define OHS_ERROR (0 | OHS_NOREAD) +/* First line being read */ +#define OHS_FIRSTLINE 1 +/* MIME headers being read */ +#define OHS_HEADERS 2 +/* OCSP initial header (tag + length) being read */ +#define OHS_ASN1_HEADER 3 +/* OCSP content octets being read */ +#define OHS_ASN1_CONTENT 4 +/* Request being sent */ +#define OHS_ASN1_WRITE (6 | OHS_NOREAD) +/* Request being flushed */ +#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) +/* Completed */ +#define OHS_DONE (8 | OHS_NOREAD) + + +static int parse_http_line1(char *line); + +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) + { + if (rctx->mem) + BIO_free(rctx->mem); + if (rctx->iobuf) + OPENSSL_free(rctx->iobuf); + OPENSSL_free(rctx); } - if(!(mem = BIO_new(BIO_s_mem()))) goto err; - /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { - if(len < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); - goto err; + +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline) + { + static char post_hdr[] = "POST %s HTTP/1.0\r\n" + "Content-Type: application/ocsp-request\r\n" + "Content-Length: %d\r\n\r\n"; + + OCSP_REQ_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); + rctx->state = OHS_FIRSTLINE; + rctx->mem = BIO_new(BIO_s_mem()); + rctx->io = io; + if (maxline > 0) + rctx->iobuflen = maxline; + else + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, post_hdr, path, + i2d_OCSP_REQUEST(req, NULL)) <= 0) + { + rctx->state = OHS_ERROR; + return 0; } - BIO_write(mem, tmpbuf, len); - } - if(BIO_gets(mem, tmpbuf, 512) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) + { + rctx->state = OHS_ERROR; + return 0; + } + rctx->state = OHS_ASN1_WRITE; + rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); + + return rctx; } - /* Parse the HTTP response. This will look like this: - * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * (optional) informational message. - */ +/* Parse the HTTP response. This will look like this: + * "HTTP/1.0 200 OK". We need to obtain the numeric code and + * (optional) informational message. + */ + +static int parse_http_line1(char *line) + { + int retcode; + char *p, *q, *r; /* Skip to first white space (passed protocol info) */ - for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + + for(p = line; *p && !isspace((unsigned char)*p); p++) + continue; + if(!*p) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Skip past white space to start of response code */ - while(*p && isspace((unsigned char)*p)) p++; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + while(*p && isspace((unsigned char)*p)) + p++; + + if(!*p) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Find end of response code: first whitespace after start of code */ - for(q = p; *q && !isspace((unsigned char)*q); q++) continue; - if(!*q) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + for(q = p; *q && !isspace((unsigned char)*q); q++) + continue; + + if(!*q) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Set end of response code and start of message */ *q++ = 0; + /* Attempt to parse numeric code */ retcode = strtoul(p, &r, 10); - if(*r) goto err; + + if(*r) + return 0; + /* Skip over any leading white space in message */ - while(*q && isspace((unsigned char)*q)) q++; - if(*q) { - /* Finally zap any trailing white space in message (include CRLF) */ - /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; - } - if(retcode != 200) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - if(!*q) { - ERR_add_error_data(2, "Code=", p); + while(*q && isspace((unsigned char)*q)) + q++; + + if(*q) + { + /* Finally zap any trailing white space in message (include + * CRLF) */ + + /* We know q has a non white space character so this is OK */ + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) + *r = 0; } - else { + if(retcode != 200) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); + if(!*q) + ERR_add_error_data(2, "Code=", p); + else ERR_add_error_data(4, "Code=", p, ",Reason=", q); + return 0; } - goto err; + + + return 1; + } - /* Find blank line marking beginning of content */ - while(BIO_gets(mem, tmpbuf, 512) > 0) + +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) { - for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue; - if(!*p) break; - } - if(*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT); - goto err; + int i, n; + const unsigned char *p; + next_io: + if (!(rctx->state & OHS_NOREAD)) + { + n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + return 0; + } + + /* Write data to memory BIO */ + + if (BIO_write(rctx->mem, rctx->iobuf, n) != n) + return 0; + } + + switch(rctx->state) + { + + case OHS_ASN1_WRITE: + n = BIO_get_mem_data(rctx->mem, &p); + + i = BIO_write(rctx->io, + p + (n - rctx->asn1_len), rctx->asn1_len); + + if (i <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len -= i; + + if (rctx->asn1_len > 0) + goto next_io; + + rctx->state = OHS_ASN1_FLUSH; + + (void)BIO_reset(rctx->mem); + + case OHS_ASN1_FLUSH: + + i = BIO_flush(rctx->io); + + if (i > 0) + { + rctx->state = OHS_FIRSTLINE; + goto next_io; + } + + if (BIO_should_retry(rctx->io)) + return -1; + + rctx->state = OHS_ERROR; + return 0; + + case OHS_ERROR: + return 0; + + case OHS_FIRSTLINE: + case OHS_HEADERS: + + /* Attempt to read a line in */ + + next_line: + /* Due to &%^*$" memory BIO behaviour with BIO_gets we + * have to check there's a complete line in there before + * calling BIO_gets or we'll just get a partial read. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if ((n <= 0) || !memchr(p, '\n', n)) + { + if (n >= rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + goto next_io; + } + n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->mem)) + goto next_io; + rctx->state = OHS_ERROR; + return 0; + } + + /* Don't allow excessive lines */ + if (n == rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* First line */ + if (rctx->state == OHS_FIRSTLINE) + { + if (parse_http_line1((char *)rctx->iobuf)) + { + rctx->state = OHS_HEADERS; + goto next_line; + } + else + { + rctx->state = OHS_ERROR; + return 0; + } + } + else + { + /* Look for blank line: end of headers */ + for (p = rctx->iobuf; *p; p++) + { + if ((*p != '\r') && (*p != '\n')) + break; + } + if (*p) + goto next_line; + + rctx->state = OHS_ASN1_HEADER; + + } + + /* Fall thru */ + + + case OHS_ASN1_HEADER: + /* Now reading ASN1 header: can read at least 6 bytes which + * is more than enough for any valid ASN1 SEQUENCE header + */ + n = BIO_get_mem_data(rctx->mem, &p); + if (n < 6) + goto next_io; + + /* Check it is an ASN1 SEQUENCE */ + if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* Check out length field */ + if (*p & 0x80) + { + n = *p & 0x7F; + /* Not NDEF or excessive length */ + if (!n || (n > 4)) + { + rctx->state = OHS_ERROR; + return 0; + } + p++; + rctx->asn1_len = 0; + for (i = 0; i < n; i++) + { + rctx->asn1_len <<= 8; + rctx->asn1_len |= *p++; + } + + if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) + { + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len += n + 2; + } + else + rctx->asn1_len = *p + 2; + + rctx->state = OHS_ASN1_CONTENT; + + /* Fall thru */ + + case OHS_ASN1_CONTENT: + n = BIO_get_mem_data(rctx->mem, &p); + if (n < (int)rctx->asn1_len) + goto next_io; + + + *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); + if (*presp) + { + rctx->state = OHS_DONE; + return 1; + } + + rctx->state = OHS_ERROR; + return 0; + + break; + + case OHS_DONE: + return 1; + + } + + + + return 0; + + } - if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR); - goto err; + +/* Blocking OCSP request handler: now a special case of non-blocking I/O */ + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) + { + OCSP_RESPONSE *resp = NULL; + OCSP_REQ_CTX *ctx; + int rv; + + ctx = OCSP_sendreq_new(b, path, req, -1); + + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); + } while ((rv == -1) && BIO_should_retry(b)); + + OCSP_REQ_CTX_free(ctx); + + if (rv) + return resp; + + return NULL; } - err: - BIO_free(mem); - return resp; -} diff --git a/crypto/openssl-0.9/crypto/opensslv.h b/crypto/openssl-0.9/crypto/opensslv.h index f76910a6f5..b308894f18 100644 --- a/crypto/openssl-0.9/crypto/opensslv.h +++ b/crypto/openssl-0.9/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090807fL +#define OPENSSL_VERSION_NUMBER 0x0090808fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g-fips 19 Oct 2007" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h-fips 28 May 2008" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g 19 Oct 2007" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h 28 May 2008" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl-0.9/crypto/ossl_typ.h b/crypto/openssl-0.9/crypto/ossl_typ.h index 9c335a1819..345fb1dc4d 100644 --- a/crypto/openssl-0.9/crypto/ossl_typ.h +++ b/crypto/openssl-0.9/crypto/ossl_typ.h @@ -97,6 +97,7 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif @@ -171,4 +172,8 @@ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp); +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/crypto/openssl-0.9/crypto/pem/pem.h b/crypto/openssl-0.9/crypto/pem/pem.h index 4e24cc5b52..670afa670b 100644 --- a/crypto/openssl-0.9/crypto/pem/pem.h +++ b/crypto/openssl-0.9/crypto/pem/pem.h @@ -133,6 +133,7 @@ extern "C" { #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_CMS "CMS" /* Note that this structure is initialised by PEM_SealInit and cleaned up by PEM_SealFinal (at least for now) */ diff --git a/crypto/openssl-0.9/crypto/pem/pem_info.c b/crypto/openssl-0.9/crypto/pem/pem_info.c index 1644dfcaac..3a273f6f70 100644 --- a/crypto/openssl-0.9/crypto/pem/pem_info.c +++ b/crypto/openssl-0.9/crypto/pem/pem_info.c @@ -205,7 +205,7 @@ start: if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) goto err; xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); + pp=&xi->x_pkey->dec_pkey->pkey.dsa; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } diff --git a/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c b/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c index 25566a4c21..17b68992f7 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c +++ b/crypto/openssl-0.9/crypto/pkcs7/pk7_mime.c @@ -377,57 +377,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) } -/* Copy text from one BIO to another making the output CRLF at EOL */ -int SMIME_crlf_copy(BIO *in, BIO *out, int flags) -{ - char eol; - int len; - char linebuf[MAX_SMLEN]; - if(flags & PKCS7_BINARY) { - while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) - BIO_write(out, linebuf, len); - return 1; - } - if(flags & PKCS7_TEXT) - BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = strip_eol(linebuf, &len); - if (len) - BIO_write(out, linebuf, len); - if(eol) BIO_write(out, "\r\n", 2); - } - return 1; -} - -/* Strip off headers if they are text/plain */ -int SMIME_text(BIO *in, BIO *out) -{ - char iobuf[4096]; - int len; - STACK_OF(MIME_HEADER) *headers; - MIME_HEADER *hdr; - - if (!(headers = mime_parse_hdr(in))) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); - return 0; - } - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - if (strcmp (hdr->value, "text/plain")) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) - BIO_write(out, iobuf, len); - return 1; -} - /* Split a multipart/XXX message body into component parts: result is * canonical parts in a STACK of bios */ diff --git a/crypto/openssl-0.9/crypto/rand/rand_nw.c b/crypto/openssl-0.9/crypto/rand/rand_nw.c index ba57812788..f177ffbe82 100644 --- a/crypto/openssl-0.9/crypto/rand/rand_nw.c +++ b/crypto/openssl-0.9/crypto/rand/rand_nw.c @@ -117,9 +117,15 @@ #if defined(NETWARE_LIBC) #include +#else +#include #endif -extern long RunningProcess; +extern int GetProcessSwitchCount(void); +#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) +extern void *RunningProcess; /* declare here same as found in newer NDKs */ +extern unsigned long GetSuperHighResolutionTimer(void); +#endif /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed */ @@ -142,7 +148,8 @@ int RAND_poll(void) l = GetProcessSwitchCount(); RAND_add(&l,sizeof(l),1); - l=RunningProcess; + /* need to cast the void* to unsigned long here */ + l = (unsigned long)RunningProcess; RAND_add(&l,sizeof(l),1); for( i=2; i 0) { diff --git a/crypto/openssl-0.9/crypto/rc4/rc4_skey.c b/crypto/openssl-0.9/crypto/rc4/rc4_skey.c index b22c40b0bd..46b77ec321 100644 --- a/crypto/openssl-0.9/crypto/rc4/rc4_skey.c +++ b/crypto/openssl-0.9/crypto/rc4/rc4_skey.c @@ -119,14 +119,15 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * implementations suffer from significant performance * losses then, e.g. PIII exhibits >2x deterioration, * and so does Opteron. In order to assure optimal - * all-round performance, let us [try to] detect P4 at - * run-time by checking upon HTT bit in CPU capability + * all-round performance, we detect P4 at run-time by + * checking upon reserved bit 20 in CPU capability * vector and set up compressed key schedule, which is * recognized by correspondingly updated assembler - * module... + * module... Bit 20 is set up by OPENSSL_ia32_cpuid. + * * */ - if (OPENSSL_ia32cap_P & (1<<28)) { + if (OPENSSL_ia32cap_P & (1<<20)) { unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; diff --git a/crypto/openssl-0.9/crypto/ripemd/rmd_dgst.c b/crypto/openssl-0.9/crypto/ripemd/rmd_dgst.c index 9608a8fd0e..61626284b8 100644 --- a/crypto/openssl-0.9/crypto/ripemd/rmd_dgst.c +++ b/crypto/openssl-0.9/crypto/ripemd/rmd_dgst.c @@ -82,207 +82,6 @@ int RIPEMD160_Init(RIPEMD160_CTX *c) return 1; } -#ifndef ripemd160_block_host_order -#ifdef X -#undef X -#endif -#define X(i) XX[i] -void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, size_t num) - { - const RIPEMD160_LONG *XX=p; - register unsigned MD32_REG_T A,B,C,D,E; - register unsigned MD32_REG_T a,b,c,d,e; - - for (;num--;XX+=HASH_LBLOCK) - { - - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP1(A,B,C,D,E,WL00,SL00); - RIP1(E,A,B,C,D,WL01,SL01); - RIP1(D,E,A,B,C,WL02,SL02); - RIP1(C,D,E,A,B,WL03,SL03); - RIP1(B,C,D,E,A,WL04,SL04); - RIP1(A,B,C,D,E,WL05,SL05); - RIP1(E,A,B,C,D,WL06,SL06); - RIP1(D,E,A,B,C,WL07,SL07); - RIP1(C,D,E,A,B,WL08,SL08); - RIP1(B,C,D,E,A,WL09,SL09); - RIP1(A,B,C,D,E,WL10,SL10); - RIP1(E,A,B,C,D,WL11,SL11); - RIP1(D,E,A,B,C,WL12,SL12); - RIP1(C,D,E,A,B,WL13,SL13); - RIP1(B,C,D,E,A,WL14,SL14); - RIP1(A,B,C,D,E,WL15,SL15); - - RIP2(E,A,B,C,D,WL16,SL16,KL1); - RIP2(D,E,A,B,C,WL17,SL17,KL1); - RIP2(C,D,E,A,B,WL18,SL18,KL1); - RIP2(B,C,D,E,A,WL19,SL19,KL1); - RIP2(A,B,C,D,E,WL20,SL20,KL1); - RIP2(E,A,B,C,D,WL21,SL21,KL1); - RIP2(D,E,A,B,C,WL22,SL22,KL1); - RIP2(C,D,E,A,B,WL23,SL23,KL1); - RIP2(B,C,D,E,A,WL24,SL24,KL1); - RIP2(A,B,C,D,E,WL25,SL25,KL1); - RIP2(E,A,B,C,D,WL26,SL26,KL1); - RIP2(D,E,A,B,C,WL27,SL27,KL1); - RIP2(C,D,E,A,B,WL28,SL28,KL1); - RIP2(B,C,D,E,A,WL29,SL29,KL1); - RIP2(A,B,C,D,E,WL30,SL30,KL1); - RIP2(E,A,B,C,D,WL31,SL31,KL1); - - RIP3(D,E,A,B,C,WL32,SL32,KL2); - RIP3(C,D,E,A,B,WL33,SL33,KL2); - RIP3(B,C,D,E,A,WL34,SL34,KL2); - RIP3(A,B,C,D,E,WL35,SL35,KL2); - RIP3(E,A,B,C,D,WL36,SL36,KL2); - RIP3(D,E,A,B,C,WL37,SL37,KL2); - RIP3(C,D,E,A,B,WL38,SL38,KL2); - RIP3(B,C,D,E,A,WL39,SL39,KL2); - RIP3(A,B,C,D,E,WL40,SL40,KL2); - RIP3(E,A,B,C,D,WL41,SL41,KL2); - RIP3(D,E,A,B,C,WL42,SL42,KL2); - RIP3(C,D,E,A,B,WL43,SL43,KL2); - RIP3(B,C,D,E,A,WL44,SL44,KL2); - RIP3(A,B,C,D,E,WL45,SL45,KL2); - RIP3(E,A,B,C,D,WL46,SL46,KL2); - RIP3(D,E,A,B,C,WL47,SL47,KL2); - - RIP4(C,D,E,A,B,WL48,SL48,KL3); - RIP4(B,C,D,E,A,WL49,SL49,KL3); - RIP4(A,B,C,D,E,WL50,SL50,KL3); - RIP4(E,A,B,C,D,WL51,SL51,KL3); - RIP4(D,E,A,B,C,WL52,SL52,KL3); - RIP4(C,D,E,A,B,WL53,SL53,KL3); - RIP4(B,C,D,E,A,WL54,SL54,KL3); - RIP4(A,B,C,D,E,WL55,SL55,KL3); - RIP4(E,A,B,C,D,WL56,SL56,KL3); - RIP4(D,E,A,B,C,WL57,SL57,KL3); - RIP4(C,D,E,A,B,WL58,SL58,KL3); - RIP4(B,C,D,E,A,WL59,SL59,KL3); - RIP4(A,B,C,D,E,WL60,SL60,KL3); - RIP4(E,A,B,C,D,WL61,SL61,KL3); - RIP4(D,E,A,B,C,WL62,SL62,KL3); - RIP4(C,D,E,A,B,WL63,SL63,KL3); - - RIP5(B,C,D,E,A,WL64,SL64,KL4); - RIP5(A,B,C,D,E,WL65,SL65,KL4); - RIP5(E,A,B,C,D,WL66,SL66,KL4); - RIP5(D,E,A,B,C,WL67,SL67,KL4); - RIP5(C,D,E,A,B,WL68,SL68,KL4); - RIP5(B,C,D,E,A,WL69,SL69,KL4); - RIP5(A,B,C,D,E,WL70,SL70,KL4); - RIP5(E,A,B,C,D,WL71,SL71,KL4); - RIP5(D,E,A,B,C,WL72,SL72,KL4); - RIP5(C,D,E,A,B,WL73,SL73,KL4); - RIP5(B,C,D,E,A,WL74,SL74,KL4); - RIP5(A,B,C,D,E,WL75,SL75,KL4); - RIP5(E,A,B,C,D,WL76,SL76,KL4); - RIP5(D,E,A,B,C,WL77,SL77,KL4); - RIP5(C,D,E,A,B,WL78,SL78,KL4); - RIP5(B,C,D,E,A,WL79,SL79,KL4); - - a=A; b=B; c=C; d=D; e=E; - /* Do other half */ - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP5(A,B,C,D,E,WR00,SR00,KR0); - RIP5(E,A,B,C,D,WR01,SR01,KR0); - RIP5(D,E,A,B,C,WR02,SR02,KR0); - RIP5(C,D,E,A,B,WR03,SR03,KR0); - RIP5(B,C,D,E,A,WR04,SR04,KR0); - RIP5(A,B,C,D,E,WR05,SR05,KR0); - RIP5(E,A,B,C,D,WR06,SR06,KR0); - RIP5(D,E,A,B,C,WR07,SR07,KR0); - RIP5(C,D,E,A,B,WR08,SR08,KR0); - RIP5(B,C,D,E,A,WR09,SR09,KR0); - RIP5(A,B,C,D,E,WR10,SR10,KR0); - RIP5(E,A,B,C,D,WR11,SR11,KR0); - RIP5(D,E,A,B,C,WR12,SR12,KR0); - RIP5(C,D,E,A,B,WR13,SR13,KR0); - RIP5(B,C,D,E,A,WR14,SR14,KR0); - RIP5(A,B,C,D,E,WR15,SR15,KR0); - - RIP4(E,A,B,C,D,WR16,SR16,KR1); - RIP4(D,E,A,B,C,WR17,SR17,KR1); - RIP4(C,D,E,A,B,WR18,SR18,KR1); - RIP4(B,C,D,E,A,WR19,SR19,KR1); - RIP4(A,B,C,D,E,WR20,SR20,KR1); - RIP4(E,A,B,C,D,WR21,SR21,KR1); - RIP4(D,E,A,B,C,WR22,SR22,KR1); - RIP4(C,D,E,A,B,WR23,SR23,KR1); - RIP4(B,C,D,E,A,WR24,SR24,KR1); - RIP4(A,B,C,D,E,WR25,SR25,KR1); - RIP4(E,A,B,C,D,WR26,SR26,KR1); - RIP4(D,E,A,B,C,WR27,SR27,KR1); - RIP4(C,D,E,A,B,WR28,SR28,KR1); - RIP4(B,C,D,E,A,WR29,SR29,KR1); - RIP4(A,B,C,D,E,WR30,SR30,KR1); - RIP4(E,A,B,C,D,WR31,SR31,KR1); - - RIP3(D,E,A,B,C,WR32,SR32,KR2); - RIP3(C,D,E,A,B,WR33,SR33,KR2); - RIP3(B,C,D,E,A,WR34,SR34,KR2); - RIP3(A,B,C,D,E,WR35,SR35,KR2); - RIP3(E,A,B,C,D,WR36,SR36,KR2); - RIP3(D,E,A,B,C,WR37,SR37,KR2); - RIP3(C,D,E,A,B,WR38,SR38,KR2); - RIP3(B,C,D,E,A,WR39,SR39,KR2); - RIP3(A,B,C,D,E,WR40,SR40,KR2); - RIP3(E,A,B,C,D,WR41,SR41,KR2); - RIP3(D,E,A,B,C,WR42,SR42,KR2); - RIP3(C,D,E,A,B,WR43,SR43,KR2); - RIP3(B,C,D,E,A,WR44,SR44,KR2); - RIP3(A,B,C,D,E,WR45,SR45,KR2); - RIP3(E,A,B,C,D,WR46,SR46,KR2); - RIP3(D,E,A,B,C,WR47,SR47,KR2); - - RIP2(C,D,E,A,B,WR48,SR48,KR3); - RIP2(B,C,D,E,A,WR49,SR49,KR3); - RIP2(A,B,C,D,E,WR50,SR50,KR3); - RIP2(E,A,B,C,D,WR51,SR51,KR3); - RIP2(D,E,A,B,C,WR52,SR52,KR3); - RIP2(C,D,E,A,B,WR53,SR53,KR3); - RIP2(B,C,D,E,A,WR54,SR54,KR3); - RIP2(A,B,C,D,E,WR55,SR55,KR3); - RIP2(E,A,B,C,D,WR56,SR56,KR3); - RIP2(D,E,A,B,C,WR57,SR57,KR3); - RIP2(C,D,E,A,B,WR58,SR58,KR3); - RIP2(B,C,D,E,A,WR59,SR59,KR3); - RIP2(A,B,C,D,E,WR60,SR60,KR3); - RIP2(E,A,B,C,D,WR61,SR61,KR3); - RIP2(D,E,A,B,C,WR62,SR62,KR3); - RIP2(C,D,E,A,B,WR63,SR63,KR3); - - RIP1(B,C,D,E,A,WR64,SR64); - RIP1(A,B,C,D,E,WR65,SR65); - RIP1(E,A,B,C,D,WR66,SR66); - RIP1(D,E,A,B,C,WR67,SR67); - RIP1(C,D,E,A,B,WR68,SR68); - RIP1(B,C,D,E,A,WR69,SR69); - RIP1(A,B,C,D,E,WR70,SR70); - RIP1(E,A,B,C,D,WR71,SR71); - RIP1(D,E,A,B,C,WR72,SR72); - RIP1(C,D,E,A,B,WR73,SR73); - RIP1(B,C,D,E,A,WR74,SR74); - RIP1(A,B,C,D,E,WR75,SR75); - RIP1(E,A,B,C,D,WR76,SR76); - RIP1(D,E,A,B,C,WR77,SR77); - RIP1(C,D,E,A,B,WR78,SR78); - RIP1(B,C,D,E,A,WR79,SR79); - - D =ctx->B+c+D; - ctx->B=ctx->C+d+E; - ctx->C=ctx->D+e+A; - ctx->D=ctx->E+a+B; - ctx->E=ctx->A+b+C; - ctx->A=D; - - } - } -#endif - #ifndef ripemd160_block_data_order #ifdef X #undef X diff --git a/crypto/openssl-0.9/crypto/ripemd/rmd_locl.h b/crypto/openssl-0.9/crypto/ripemd/rmd_locl.h index b52d786165..f14b346e66 100644 --- a/crypto/openssl-0.9/crypto/ripemd/rmd_locl.h +++ b/crypto/openssl-0.9/crypto/ripemd/rmd_locl.h @@ -72,32 +72,20 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define ripemd160_block_host_order ripemd160_block_asm_host_order -# endif +# define ripemd160_block_data_order ripemd160_block_asm_data_order # endif #endif -void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,size_t num); void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define ripemd160_block_data_order ripemd160_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG RIPEMD160_LONG -#define HASH_LONG_LOG2 RIPEMD160_LONG_LOG2 #define HASH_CTX RIPEMD160_CTX #define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_LBLOCK RIPEMD160_LBLOCK #define HASH_UPDATE RIPEMD160_Update #define HASH_TRANSFORM RIPEMD160_Transform #define HASH_FINAL RIPEMD160_Final -#define HASH_BLOCK_HOST_ORDER ripemd160_block_host_order #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->A; HOST_l2c(ll,(s)); \ @@ -106,9 +94,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); ll=(c)->D; HOST_l2c(ll,(s)); \ ll=(c)->E; HOST_l2c(ll,(s)); \ } while (0) -#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#endif #include "md32_common.h" diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_eay.c b/crypto/openssl-0.9/crypto/rsa/rsa_eay.c index 9e79374e68..ffadaab9a4 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_eay.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_eay.c @@ -151,13 +151,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) } /* Usage example; - * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); */ -#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ - if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ - !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ +#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ + if ((pre_cond) && ((method_mod) == NULL) && \ + !BN_MONT_CTX_set_locked(&(method_mod), \ CRYPTO_LOCK_RSA, \ - (rsa)->m, (ctx))) \ + (m), (ctx))) \ err_instr static int RSA_eay_public_encrypt(int flen, const unsigned char *from, @@ -227,13 +227,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, if (BN_bin2bn(buf,num,f) == NULL) goto err; if (BN_ucmp(f, rsa->n) >= 0) - { + { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -436,9 +436,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else - d = rsa->d; + d= rsa->d; - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -559,7 +559,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, else d = rsa->d; - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -669,7 +669,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -717,7 +717,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; - int bn_flags; int ret=0; BN_CTX_start(ctx); @@ -725,31 +724,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); - /* Make sure mod_inverse in montgomerey intialization use correct - * BN_FLG_CONSTTIME flag. - */ - bn_flags = rsa->p->flags; - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - rsa->p->flags |= BN_FLG_CONSTTIME; - } - MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - /* We restore bn_flags back */ - rsa->p->flags = bn_flags; + { + BIGNUM local_p, local_q; + BIGNUM *p = NULL, *q = NULL; - /* Make sure mod_inverse in montgomerey intialization use correct - * BN_FLG_CONSTTIME flag. - */ - bn_flags = rsa->q->flags; - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - rsa->q->flags |= BN_FLG_CONSTTIME; - } - MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - /* We restore bn_flags back */ - rsa->q->flags = bn_flags; + /* Make sure BN_mod_inverse in Montgomery intialization uses the + * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) + */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + BN_init(&local_p); + p = &local_p; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); + + BN_init(&local_q); + q = &local_q; + BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); + } + else + { + p = rsa->p; + q = rsa->q; + } + + MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + } - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_oaep.c b/crypto/openssl-0.9/crypto/rsa/rsa_oaep.c index 45d6f6ef8a..3652677a99 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_oaep.c @@ -96,6 +96,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *maskeddb; int lzero; unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *padded_from; int bad = 0; if (--num < 2 * SHA_DIGEST_LENGTH + 1) @@ -106,8 +107,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, lzero = num - flen; if (lzero < 0) { - /* lzero == -1 */ - /* signalling this error immediately after detection might allow * for side-channel attacks (e.g. timing if 'plen' is huge * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal @@ -115,20 +114,28 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, * so we use a 'bad' flag */ bad = 1; lzero = 0; + flen = num; /* don't overflow the memcpy to padded_from */ } - maskeddb = from - lzero + SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen); + db = OPENSSL_malloc(dblen + num); if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); return -1; } + /* Always do this zero-padding copy (even when lzero == 0) + * to avoid leaking timing info about the value of lzero. */ + padded_from = db + dblen; + memset(padded_from, 0, lzero); + memcpy(padded_from + lzero, from, flen); + + maskeddb = padded_from + SHA_DIGEST_LENGTH; + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = lzero; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= from[i - lzero]; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= padded_from[i]; MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); for (i = 0; i < dblen; i++) @@ -143,13 +150,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; - if (db[i] != 0x01 || i++ >= dblen) + if (i == dblen || db[i] != 0x01) goto decoding_err; else { /* everything looks OK */ - mlen = dblen - i; + mlen = dblen - ++i; if (tlen < mlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); diff --git a/crypto/openssl-0.9/crypto/sha/sha256.c b/crypto/openssl-0.9/crypto/sha/sha256.c index 05ae9445db..867f90cc97 100644 --- a/crypto/openssl-0.9/crypto/sha/sha256.c +++ b/crypto/openssl-0.9/crypto/sha/sha256.c @@ -69,17 +69,11 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) int SHA224_Final (unsigned char *md, SHA256_CTX *c) { return SHA256_Final (md,c); } -#ifndef SHA_LONG_LOG2 -#define SHA_LONG_LOG2 2 /* default to 32 bits */ -#endif - #define DATA_ORDER_IS_BIG_ENDIAN #define HASH_LONG SHA_LONG -#define HASH_LONG_LOG2 SHA_LONG_LOG2 #define HASH_CTX SHA256_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_LBLOCK SHA_LBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." * default: case below covers for it. It's not clear however if it's @@ -90,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) */ #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - unsigned int n; \ + unsigned int xn; \ switch ((c)->md_len) \ { case SHA224_DIGEST_LENGTH: \ - for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ break; \ case SHA256_DIGEST_LENGTH: \ - for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ break; \ default: \ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ return 0; \ - for (n=0;n<(c)->md_len/4;n++) \ - { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xn<(c)->md_len/4;xn++) \ + { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ break; \ } \ } while (0) @@ -112,16 +106,15 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) #define HASH_UPDATE SHA256_Update #define HASH_TRANSFORM SHA256_Transform #define HASH_FINAL SHA256_Final -#define HASH_BLOCK_HOST_ORDER sha256_block_host_order #define HASH_BLOCK_DATA_ORDER sha256_block_data_order -void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num); +#ifndef SHA256_ASM +static +#endif void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); #include "md32_common.h" -#ifdef SHA256_ASM -void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host); -#else +#ifndef SHA256_ASM static const SHA_LONG K256[64] = { 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, @@ -155,10 +148,10 @@ static const SHA_LONG K256[64] = { #ifdef OPENSSL_SMALL_FOOTPRINT -static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) { unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; - SHA_LONG X[16]; + SHA_LONG X[16],l; int i; const unsigned char *data=in; @@ -167,33 +160,13 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - if (host) - { - const SHA_LONG *W=(const SHA_LONG *)data; - - for (i=0;i<16;i++) - { - T1 = X[i] = W[i]; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - data += SHA256_CBLOCK; - } - else + for (i=0;i<16;i++) { - SHA_LONG l; - - for (i=0;i<16;i++) - { - HOST_c2l(data,l); T1 = X[i] = l; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } + HOST_c2l(data,l); T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; } for (;i<64;i++) @@ -227,19 +200,20 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) { unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; SHA_LONG X[16]; int i; const unsigned char *data=in; + const union { long one; char little; } is_endian = {1}; while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - if (host) + if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) { const SHA_LONG *W=(const SHA_LONG *)data; @@ -305,15 +279,4 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) #endif #endif /* SHA256_ASM */ -/* - * Idea is to trade couple of cycles for some space. On IA-32 we save - * about 4K in "big footprint" case. In "small footprint" case any gain - * is appreciated:-) - */ -void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num) -{ sha256_block (ctx,in,num,1); } - -void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) -{ sha256_block (ctx,in,num,0); } - #endif /* OPENSSL_NO_SHA256 */ diff --git a/crypto/openssl-0.9/crypto/sha/sha512.c b/crypto/openssl-0.9/crypto/sha/sha512.c index 39d18b8fb4..987fc07c99 100644 --- a/crypto/openssl-0.9/crypto/sha/sha512.c +++ b/crypto/openssl-0.9/crypto/sha/sha512.c @@ -52,7 +52,10 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; -#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(SHA512_ASM) #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif @@ -89,7 +92,7 @@ int SHA512_Init (SHA512_CTX *c) #ifndef SHA512_ASM static #endif -void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); +void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final (unsigned char *md, SHA512_CTX *c) { @@ -100,7 +103,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) n++; if (n > (sizeof(c->u)-16)) memset (p+n,0,sizeof(c->u)-n), n=0, - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); memset (p+n,0,sizeof(c->u)-16-n); #ifdef B_ENDIAN @@ -125,7 +128,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); #endif - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); if (md==0) return 0; @@ -197,7 +200,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) else { memcpy (p+c->num,data,n), c->num = 0; len-=n, data+=n; - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); } } @@ -207,12 +210,12 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if ((size_t)data%sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy (p,data,sizeof(c->u)), - sha512_block (c,p,1), + sha512_block_data_order (c,p,1), len -= sizeof(c->u), data += sizeof(c->u); else #endif - sha512_block (c,data,len/sizeof(c->u)), + sha512_block_data_order (c,data,len/sizeof(c->u)), data += len, len %= sizeof(c->u), data -= len; @@ -227,7 +230,7 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) { return SHA512_Update (c,data,len); } void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) -{ sha512_block (c,data,1); } +{ sha512_block_data_order (c,data,1); } unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) { @@ -301,40 +304,78 @@ static const SHA_LONG64 K512[80] = { #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__x86_64) || defined(__x86_64__) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ - asm ("bswapq %0" \ - : "=r"(ret) \ - : "0"(ret)); ret; }) -# endif -# endif -#endif - -#ifndef PULL64 -#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -#endif - -#ifndef PEDANTIC -# if defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# define ROTR(a,n) _rotr64((a),n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) # define ROTR(a,n) ({ unsigned long ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ : "cc"); ret; }) -# elif defined(_ARCH_PPC) && defined(__64BIT__) +# if !defined(B_ENDIAN) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# endif +# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +# if defined(I386_ONLY) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ + "roll $16,%%eax; roll $16,%%edx; "\ + "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ + : "=a"(lo),"=d"(hi) \ + : "0"(lo),"1"(hi) : "cc"); \ + ((SHA_LONG64)hi)<<32|lo; }) +# else +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) +# endif +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) # define ROTR(a,n) ({ unsigned long ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) # endif +# elif defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# define ROTR(a,n) _rotr64((a),n) +# endif +# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(I386_ONLY) + static SHA_LONG64 __fastcall __pull64be(const void *x) + { _asm mov edx, [ecx + 0] + _asm mov eax, [ecx + 4] + _asm xchg dh,dl + _asm xchg ah,al + _asm rol edx,16 + _asm rol eax,16 + _asm xchg dh,dl + _asm xchg ah,al + } +# else + static SHA_LONG64 __fastcall __pull64be(const void *x) + { _asm mov edx, [ecx + 0] + _asm mov eax, [ecx + 4] + _asm bswap edx + _asm bswap eax + } +# endif +# define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) +# endif +# endif # endif #endif +#ifndef PULL64 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +#endif + #ifndef ROTR #define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) #endif @@ -357,7 +398,7 @@ static const SHA_LONG64 K512[80] = { #ifdef OPENSSL_SMALL_FOOTPRINT -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; @@ -418,7 +459,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; diff --git a/crypto/openssl-0.9/crypto/sha/sha_locl.h b/crypto/openssl-0.9/crypto/sha/sha_locl.h index 6281313a45..e37e5726e3 100644 --- a/crypto/openssl-0.9/crypto/sha/sha_locl.h +++ b/crypto/openssl-0.9/crypto/sha/sha_locl.h @@ -62,17 +62,11 @@ #include #include -#ifndef SHA_LONG_LOG2 -#define SHA_LONG_LOG2 2 /* default to 32 bits */ -#endif - #define DATA_ORDER_IS_BIG_ENDIAN #define HASH_LONG SHA_LONG -#define HASH_LONG_LOG2 SHA_LONG_LOG2 #define HASH_CTX SHA_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_LBLOCK SHA_LBLOCK #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->h0; HOST_l2c(ll,(s)); \ @@ -88,12 +82,10 @@ # define HASH_TRANSFORM SHA_Transform # define HASH_FINAL SHA_Final # define HASH_INIT SHA_Init -# define HASH_BLOCK_HOST_ORDER sha_block_host_order # define HASH_BLOCK_DATA_ORDER sha_block_data_order # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - void sha_block_host_order (SHA_CTX *c, const void *p,size_t num); - void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); +static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); #elif defined(SHA_1) @@ -101,7 +93,6 @@ # define HASH_TRANSFORM SHA1_Transform # define HASH_FINAL SHA1_Final # define HASH_INIT SHA1_Init -# define HASH_BLOCK_HOST_ORDER sha1_block_host_order # define HASH_BLOCK_DATA_ORDER sha1_block_data_order # if defined(__MWERKS__) && defined(__MC68K__) /* Metrowerks for Motorola fails otherwise:-( */ @@ -114,24 +105,10 @@ ) # endif -# ifdef SHA1_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order -# endif -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# endif -# endif - void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num); - void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); +#ifndef SHA1_ASM +static +#endif +void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #else # error "Either SHA_0 or SHA_1 must be defined." @@ -229,133 +206,8 @@ int HASH_INIT (SHA_CTX *c) # define X(i) XX[i] #endif -#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) - { - const SHA_LONG *W=d; - register unsigned MD32_REG_T A,B,C,D,E,T; -#ifndef MD32_XARRAY - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; -#else - SHA_LONG XX[16]; -#endif - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); - BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); - BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); - BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); - BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); - BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); - BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); - BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); - BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); - BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); - BODY_00_15(10,C,D,E,T,A,B,W[10]); - BODY_00_15(11,B,C,D,E,T,A,W[11]); - BODY_00_15(12,A,B,C,D,E,T,W[12]); - BODY_00_15(13,T,A,B,C,D,E,W[13]); - BODY_00_15(14,E,T,A,B,C,D,W[14]); - BODY_00_15(15,D,E,T,A,B,C,W[15]); - - BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); - BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); - BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); - BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); - - BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); - BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); - BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); - BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); - BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); - BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); - BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); - BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); - BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); - BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); - BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); - BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); - - BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); - BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); - BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); - BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); - BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); - BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); - BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); - BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); - - BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); - BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); - BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); - BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); - BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); - BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); - BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); - BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); - BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); - BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); - BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); - BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); - BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); - BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); - BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); - BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); - - BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); - BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); - BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); - BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); - BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); - BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); - BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); - BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); - BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); - BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); - BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); - BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); - BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); - BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); - BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); - BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); - BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); - BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); - BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); - BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); - - c->h0=(c->h0+E)&0xffffffffL; - c->h1=(c->h1+T)&0xffffffffL; - c->h2=(c->h2+A)&0xffffffffL; - c->h3=(c->h3+B)&0xffffffffL; - c->h4=(c->h4+C)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - W+=SHA_LBLOCK; - } - } -#endif - -#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +#if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E,T,l; @@ -373,25 +225,53 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) E=c->h4; for (;;) - { + { + const union { long one; char little; } is_endian = {1}; - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; - BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; - BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; - BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; - BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; - BODY_00_15(14,E,T,A,B,C,D,X(14)); - BODY_00_15(15,D,E,T,A,B,C,X(15)); + if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + X( 0) = W[0]; X( 1) = W[ 1]; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; + BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; + BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; + BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; + BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + + data += SHA_CBLOCK; + } + else + { + HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + } BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); @@ -476,7 +356,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) D=c->h3; E=c->h4; - } + } } #endif @@ -511,54 +391,8 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) E=D, D=C, C=ROTATE(B,30), B=A; \ A=ROTATE(A,5)+T+xa; } while(0) -#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) - { - const SHA_LONG *W=d; - register unsigned MD32_REG_T A,B,C,D,E,T; - int i; - SHA_LONG X[16]; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - for (i=0;i<16;i++) - { X[i]=W[i]; BODY_00_15(X[i]); } - for (i=0;i<4;i++) - { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } - for (;i<24;i++) - { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } - for (i=0;i<20;i++) - { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - for (i=4;i<24;i++) - { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - - c->h0=(c->h0+A)&0xffffffffL; - c->h1=(c->h1+B)&0xffffffffL; - c->h2=(c->h2+C)&0xffffffffL; - c->h3=(c->h3+D)&0xffffffffL; - c->h4=(c->h4+E)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - W+=SHA_LBLOCK; - } - } -#endif - -#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +#if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E,T,l; diff --git a/crypto/openssl-0.9/crypto/stack/safestack.h b/crypto/openssl-0.9/crypto/stack/safestack.h index 53df649ecf..78cc485e6d 100644 --- a/crypto/openssl-0.9/crypto/stack/safestack.h +++ b/crypto/openssl-0.9/crypto/stack/safestack.h @@ -175,7 +175,7 @@ STACK_OF(type) \ #define SKM_sk_push(type, st,val) \ sk_push(st, (char *)val) #define SKM_sk_unshift(type, st,val) \ - sk_unshift(st, val) + sk_unshift(st, (char *)val) #define SKM_sk_find(type, st,val) \ sk_find(st, (char *)val) #define SKM_sk_delete(type, st,i) \ @@ -414,6 +414,94 @@ STACK_OF(type) \ #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) +#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) + +#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) + +#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) + +#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) + #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) @@ -612,6 +700,28 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) @@ -964,6 +1074,28 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) diff --git a/crypto/openssl-0.9/crypto/symhacks.h b/crypto/openssl-0.9/crypto/symhacks.h index 7e3602d2ea..64528ad5c2 100644 --- a/crypto/openssl-0.9/crypto/symhacks.h +++ b/crypto/openssl-0.9/crypto/symhacks.h @@ -342,6 +342,20 @@ #undef STORE_method_get_unlock_store_function #define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn +/* Hack some long CMS names */ +#undef CMS_RecipientInfo_ktri_get0_algs +#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +#undef CMS_RecipientInfo_ktri_get0_signer_id +#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +#undef CMS_OtherRevocationInfoFormat_it +#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +#undef CMS_KeyAgreeRecipientIdentifier_it +#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +#undef CMS_OriginatorIdentifierOrKey_it +#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +#undef cms_SignerIdentifier_get0_signer_id +#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id + #endif /* defined OPENSSL_SYS_VMS */ @@ -381,3 +395,6 @@ #endif /* ! defined HEADER_VMS_IDHACKS_H */ +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create diff --git a/crypto/openssl-0.9/crypto/x509/x509.h b/crypto/openssl-0.9/crypto/x509/x509.h index 16a954f709..e71b5257e5 100644 --- a/crypto/openssl-0.9/crypto/x509/x509.h +++ b/crypto/openssl-0.9/crypto/x509/x509.h @@ -146,9 +146,10 @@ struct X509_algor_st ASN1_TYPE *parameter; } /* X509_ALGOR */; -DECLARE_STACK_OF(X509_ALGOR) DECLARE_ASN1_SET_OF(X509_ALGOR) +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + typedef struct X509_val_st { ASN1_TIME *notBefore; @@ -203,6 +204,8 @@ typedef struct X509_extension_st ASN1_OCTET_STRING *value; } X509_EXTENSION; +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + DECLARE_STACK_OF(X509_EXTENSION) DECLARE_ASN1_SET_OF(X509_EXTENSION) @@ -862,6 +865,10 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor); + X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -883,6 +890,7 @@ X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) @@ -918,6 +926,7 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) @@ -1191,6 +1200,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type, const unsigned char *bytes, int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, diff --git a/crypto/openssl-0.9/crypto/x509/x509_att.c b/crypto/openssl-0.9/crypto/x509/x509_att.c index 65968c4944..511b49d589 100644 --- a/crypto/openssl-0.9/crypto/x509/x509_att.c +++ b/crypto/openssl-0.9/crypto/x509/x509_att.c @@ -67,8 +67,7 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { - if (!x) return 0; - return(sk_X509_ATTRIBUTE_num(x)); + return sk_X509_ATTRIBUTE_num(x); } int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, @@ -193,6 +192,22 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, return ret; } +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + ASN1_OBJECT *obj, int lastpos, int type) +{ + int i; + X509_ATTRIBUTE *at; + i = X509at_get_attr_by_OBJ(x, obj, lastpos); + if (i == -1) + return NULL; + if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) + return NULL; + at = X509at_get_attr(x, i); + if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) + return NULL; + return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); +} + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len) { @@ -270,8 +285,8 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) { ASN1_TYPE *ttmp; - ASN1_STRING *stmp; - int atype; + ASN1_STRING *stmp = NULL; + int atype = 0; if (!attr) return 0; if(attrtype & MBSTRING_FLAG) { stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, @@ -281,16 +296,22 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat return 0; } atype = stmp->type; - } else { + } else if (len != -1){ if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; if(!ASN1_STRING_set(stmp, data, len)) goto err; atype = attrtype; } if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; if(!(ttmp = ASN1_TYPE_new())) goto err; + if (len == -1) + { + if (!ASN1_TYPE_set1(ttmp, attrtype, data)) + goto err; + } + else + ASN1_TYPE_set(ttmp, atype, stmp); if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; attr->single = 0; - ASN1_TYPE_set(ttmp, atype, stmp); return 1; err: X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); diff --git a/crypto/openssl-0.9/crypto/x509v3/v3_utl.c b/crypto/openssl-0.9/crypto/x509v3/v3_utl.c index 3dba0557b8..ac171ca940 100644 --- a/crypto/openssl-0.9/crypto/x509v3/v3_utl.c +++ b/crypto/openssl-0.9/crypto/x509v3/v3_utl.c @@ -473,6 +473,30 @@ STACK *X509_get1_email(X509 *x) return ret; } +STACK *X509_get1_ocsp(X509 *x) +{ + AUTHORITY_INFO_ACCESS *info; + STACK *ret = NULL; + int i; + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + if (!info) + return NULL; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) + { + ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); + if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) + { + if (ad->location->type == GEN_URI) + { + if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) + break; + } + } + } + AUTHORITY_INFO_ACCESS_free(info); + return ret; +} + STACK *X509_REQ_get1_email(X509_REQ *x) { GENERAL_NAMES *gens; diff --git a/crypto/openssl-0.9/crypto/x509v3/x509v3.h b/crypto/openssl-0.9/crypto/x509v3/x509v3.h index 91d2fb5b8b..db2b0482c1 100644 --- a/crypto/openssl-0.9/crypto/x509v3/x509v3.h +++ b/crypto/openssl-0.9/crypto/x509v3/x509v3.h @@ -617,6 +617,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +STACK *X509_get1_ocsp(X509 *x); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); diff --git a/crypto/openssl-0.9/e_os.h b/crypto/openssl-0.9/e_os.h index 5068d1bd74..acc6a15eb7 100644 --- a/crypto/openssl-0.9/e_os.h +++ b/crypto/openssl-0.9/e_os.h @@ -186,9 +186,15 @@ extern "C" { #define get_last_socket_error() errno #define clear_socket_error() errno=0 #define closesocket(s) close(s) +#define ioctlsocket(a,b,c) ioctl(a,b,c) +#if defined(NETWARE_LIBC) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) #else +#define readsocket(s,b,n) recv((s),(char*)(b),(n),0) +#define writesocket(s,b,n) send((s),(char*)(b),(n),0) +#endif +#else #define get_last_socket_error() WSAGetLastError() #define clear_socket_error() WSASetLastError(0) #define readsocket(s,b,n) recv((s),(b),(n),0) @@ -277,6 +283,14 @@ static unsigned int _strlen31(const char *str) } # endif # include +# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) + /* compensate for bug is VC6 ctype.h */ +# undef isspace +# undef isdigit +# undef isalnum +# undef isupper +# undef isxdigit +# endif # endif # include # include @@ -371,6 +385,12 @@ static unsigned int _strlen31(const char *str) # undef DEVRANDOM # ifdef NETWARE_CLIB # define getpid GetThreadID + extern int GetThreadID(void); +/* # include */ + extern int kbhit(void); + extern void delay(unsigned milliseconds); +# else +# include # endif # define NO_SYSLOG # define _setmode setmode @@ -471,7 +491,11 @@ extern HINSTANCE _hInstance; # include # include # include -# include +# if defined(NETWARE_CLIB) +# include +# else +# include +# endif # define INVALID_SOCKET (int)(~0) # else # include @@ -613,16 +637,12 @@ extern char *sys_errlist[]; extern int sys_nerr; #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) # define strcasecmp stricmp # define strncasecmp strnicmp -#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -# define strcasecmp stricmp -# define strncasecmp strnicmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); - int strncasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ +#elif defined(OPENSSL_SYS_NETWARE) +# include +# if defined(NETWARE_CLIB) +# define strcasecmp stricmp +# define strncasecmp strnicmp +# endif /* NETWARE_CLIB */ #endif #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) diff --git a/crypto/openssl-0.9/engines/e_4758cca_err.h b/crypto/openssl-0.9/engines/e_4758cca_err.h index 3d4276be91..26087edbfa 100644 --- a/crypto/openssl-0.9/engines/e_4758cca_err.h +++ b/crypto/openssl-0.9/engines/e_4758cca_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CCA4758_ERR_H #define HEADER_CCA4758_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_aep.c b/crypto/openssl-0.9/engines/e_aep.c index 7307ddfafb..ffdc354cdc 100644 --- a/crypto/openssl-0.9/engines/e_aep.c +++ b/crypto/openssl-0.9/engines/e_aep.c @@ -65,6 +65,11 @@ typedef int pid_t; #endif +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +#define getpid GetThreadID +extern int GetThreadID(void); +#endif + #include #include #include diff --git a/crypto/openssl-0.9/engines/e_aep_err.h b/crypto/openssl-0.9/engines/e_aep_err.h index 8fe4cf921f..35b2e74260 100644 --- a/crypto/openssl-0.9/engines/e_aep_err.h +++ b/crypto/openssl-0.9/engines/e_aep_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_AEPHK_ERR_H #define HEADER_AEPHK_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_atalla_err.h b/crypto/openssl-0.9/engines/e_atalla_err.h index cdac052d8c..36e09bf42f 100644 --- a/crypto/openssl-0.9/engines/e_atalla_err.h +++ b/crypto/openssl-0.9/engines/e_atalla_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_ATALLA_ERR_H #define HEADER_ATALLA_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_chil_err.h b/crypto/openssl-0.9/engines/e_chil_err.h index 482086e3b5..051854950a 100644 --- a/crypto/openssl-0.9/engines/e_chil_err.h +++ b/crypto/openssl-0.9/engines/e_chil_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_HWCRHK_ERR_H #define HEADER_HWCRHK_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_cswift_err.h b/crypto/openssl-0.9/engines/e_cswift_err.h index 9072cbe616..69c2a9f874 100644 --- a/crypto/openssl-0.9/engines/e_cswift_err.h +++ b/crypto/openssl-0.9/engines/e_cswift_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CSWIFT_ERR_H #define HEADER_CSWIFT_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_gmp.c b/crypto/openssl-0.9/engines/e_gmp.c index 39da65f74b..e62e6fcd07 100644 --- a/crypto/openssl-0.9/engines/e_gmp.c +++ b/crypto/openssl-0.9/engines/e_gmp.c @@ -57,10 +57,10 @@ */ /* This engine is not (currently) compiled in by default. Do enable it, - * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and + * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and * headers must reside in one of the paths searched by the compiler/linker, * otherwise paths must be specified - eg. try configuring with - * "-DOPENSSL_USE_GMP -I -L -lgmp". YMMV. */ + * "enable-gmp -I -L -lgmp". YMMV. */ /* As for what this does - it's a largely unoptimised implementation of an * ENGINE that uses the GMP library to perform RSA private key operations. To @@ -85,9 +85,11 @@ #include #include #include +#include +#include #ifndef OPENSSL_NO_HW -#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) +#ifndef OPENSSL_NO_GMP #include @@ -251,27 +253,61 @@ static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) return to_return; } -/* HACK - use text I/O functions in openssl and GMP to handle conversions. This - * is vile. */ + +/* Most often limb sizes will be the same. If not, we use hex conversion + * which is neat, but extremely inefficient. */ static int bn2gmp(const BIGNUM *bn, mpz_t g) { - int toret; - char *tmpchar = BN_bn2hex(bn); - if(!tmpchar) return 0; - toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); - OPENSSL_free(tmpchar); - return toret; + bn_check_top(bn); + if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) && + (BN_BITS2 == GMP_NUMB_BITS)) + { + /* The common case */ + if(!_mpz_realloc (g, bn->top)) + return 0; + memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0])); + g->_mp_size = bn->top; + if(bn->neg) + g->_mp_size = -g->_mp_size; + return 1; + } + else + { + int toret; + char *tmpchar = BN_bn2hex(bn); + if(!tmpchar) return 0; + toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); + OPENSSL_free(tmpchar); + return toret; + } } static int gmp2bn(mpz_t g, BIGNUM *bn) { - int toret; - char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); - if(!tmpchar) return 0; - mpz_get_str(tmpchar, 16, g); - toret = BN_hex2bn(&bn, tmpchar); - OPENSSL_free(tmpchar); - return toret; + if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) && + (BN_BITS2 == GMP_NUMB_BITS)) + { + /* The common case */ + int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size; + BN_zero(bn); + if(bn_expand2 (bn, s) == NULL) + return 0; + bn->top = s; + memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0])); + bn_correct_top(bn); + bn->neg = g->_mp_size >= 0 ? 0 : 1; + return 1; + } + else + { + int toret; + char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); + if(!tmpchar) return 0; + mpz_get_str(tmpchar, 16, g); + toret = BN_hex2bn(&bn, tmpchar); + OPENSSL_free(tmpchar); + return toret; + } } #ifndef OPENSSL_NO_RSA @@ -417,7 +453,7 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT +#ifndef ENGINE_NO_DYNAMIC_SUPPORT static int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_e_gmp_id) != 0)) @@ -430,6 +466,6 @@ IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ -#endif /* !OPENSSL_NO_HW_GMP */ +#endif /* !OPENSSL_NO_GMP */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/openssl-0.9/engines/e_gmp_err.h b/crypto/openssl-0.9/engines/e_gmp_err.h index cf46f0ec74..dd05dfd800 100644 --- a/crypto/openssl-0.9/engines/e_gmp_err.h +++ b/crypto/openssl-0.9/engines/e_gmp_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_GMP_ERR_H #define HEADER_GMP_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_nuron_err.h b/crypto/openssl-0.9/engines/e_nuron_err.h index a56bfdf303..219babbb45 100644 --- a/crypto/openssl-0.9/engines/e_nuron_err.h +++ b/crypto/openssl-0.9/engines/e_nuron_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_NURON_ERR_H #define HEADER_NURON_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_sureware_err.h b/crypto/openssl-0.9/engines/e_sureware_err.h index 82af229bec..ec8ed0c59b 100644 --- a/crypto/openssl-0.9/engines/e_sureware_err.h +++ b/crypto/openssl-0.9/engines/e_sureware_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_SUREWARE_ERR_H #define HEADER_SUREWARE_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/engines/e_ubsec_err.h b/crypto/openssl-0.9/engines/e_ubsec_err.h index 3229eca5cf..b10b2387f2 100644 --- a/crypto/openssl-0.9/engines/e_ubsec_err.h +++ b/crypto/openssl-0.9/engines/e_ubsec_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_UBSEC_ERR_H #define HEADER_UBSEC_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/openssl-0.9/ssl/kssl.c b/crypto/openssl-0.9/ssl/kssl.c index 1064282730..6da75e6416 100644 --- a/crypto/openssl-0.9/ssl/kssl.c +++ b/crypto/openssl-0.9/ssl/kssl.c @@ -2196,7 +2196,7 @@ krb5_error_code kssl_build_principal_2( #else /* !OPENSSL_NO_KRB5 */ #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) -static int dummy=(int)&dummy; +static void *dummy=&dummy; #endif #endif /* !OPENSSL_NO_KRB5 */ diff --git a/crypto/openssl-0.9/ssl/s23_clnt.c b/crypto/openssl-0.9/ssl/s23_clnt.c index a596e7b2ec..c45a8e0a04 100644 --- a/crypto/openssl-0.9/ssl/s23_clnt.c +++ b/crypto/openssl-0.9/ssl/s23_clnt.c @@ -230,6 +230,8 @@ static int ssl23_client_hello(SSL *s) if (s->tlsext_hostname != NULL) ssl2_compat = 0; + if (s->tlsext_status_type != -1) + ssl2_compat = 0; } #endif diff --git a/crypto/openssl-0.9/ssl/s3_clnt.c b/crypto/openssl-0.9/ssl/s3_clnt.c index 4d4d63a6f1..f6864cdc50 100644 --- a/crypto/openssl-0.9/ssl/s3_clnt.c +++ b/crypto/openssl-0.9/ssl/s3_clnt.c @@ -273,7 +273,10 @@ int ssl3_connect(SSL *s) if (ret == 2) { s->hit = 1; - s->state=SSL3_ST_CR_FINISHED_A; + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_CR_SESSION_TICKET_A; + else + s->state=SSL3_ST_CR_FINISHED_A; s->init_num=0; break; } @@ -283,10 +286,24 @@ int ssl3_connect(SSL *s) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_CR_CERT_STATUS_A; + else + s->state=SSL3_ST_CR_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_CR_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_CR_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -450,6 +467,14 @@ int ssl3_connect(SSL *s) s->state=SSL3_ST_CR_FINISHED_A; s->init_num=0; break; + + case SSL3_ST_CR_CERT_STATUS_A: + case SSL3_ST_CR_CERT_STATUS_B: + ret=ssl3_get_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_KEY_EXCH_A; + s->init_num=0; + break; #endif case SSL3_ST_CR_FINISHED_A: @@ -1688,7 +1713,7 @@ int ssl3_get_new_session_ticket(SSL *s) if (ticklen + 6 != n) { al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); goto f_err; } if (s->session->tlsext_tick) @@ -1699,7 +1724,7 @@ int ssl3_get_new_session_ticket(SSL *s) s->session->tlsext_tick = OPENSSL_malloc(ticklen); if (!s->session->tlsext_tick) { - SSLerr(SSL_F_SSL3_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); goto err; } memcpy(s->session->tlsext_tick, p, ticklen); @@ -1712,6 +1737,75 @@ f_err: err: return(-1); } + +int ssl3_get_cert_status(SSL *s) + { + int ok, al; + unsigned long resplen; + long n; + const unsigned char *p; + + n=s->method->ssl_get_message(s, + SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, + SSL3_MT_CERTIFICATE_STATUS, + 16384, + &ok); + + if (!ok) return((int)n); + if (n < 4) + { + /* need at least status type + length */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + p = (unsigned char *)s->init_msg; + if (*p++ != TLSEXT_STATUSTYPE_ocsp) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); + goto f_err; + } + n2l3(p, resplen); + if (resplen + 4 != n) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = BUF_memdup(p, resplen); + if (!s->tlsext_ocsp_resp) + { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); + goto f_err; + } + s->tlsext_ocsp_resplen = resplen; + if (s->ctx->tlsext_status_cb) + { + int ret; + ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (ret == 0) + { + al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); + goto f_err; + } + if (ret < 0) + { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); + goto f_err; + } + } + return 1; +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return(-1); + } #endif int ssl3_get_server_done(SSL *s) @@ -1967,6 +2061,13 @@ int ssl3_send_client_key_exchange(SSL *s) { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else @@ -2592,7 +2693,11 @@ static int ssl3_check_finished(SSL *s) { int ok; long n; - if (!s->session->tlsext_tick) + /* If we have no ticket or session ID is non-zero length (a match of + * a non-zero session length would never reach here) it cannot be a + * resumed session. + */ + if (!s->session->tlsext_tick || s->session->session_id_length) return 1; /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ diff --git a/crypto/openssl-0.9/ssl/s3_lib.c b/crypto/openssl-0.9/ssl/s3_lib.c index 95e893737c..bdbcd44f27 100644 --- a/crypto/openssl-0.9/ssl/s3_lib.c +++ b/crypto/openssl-0.9/ssl/s3_lib.c @@ -1936,6 +1936,44 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) s->tlsext_debug_arg=parg; ret = 1; break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + s->tlsext_status_type=larg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: + *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + ret = 1; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: + s->tlsext_ocsp_exts = parg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: + *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + ret = 1; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: + s->tlsext_ocsp_ids = parg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: + *(unsigned char **)parg = s->tlsext_ocsp_resp; + return s->tlsext_ocsp_resplen; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = parg; + s->tlsext_ocsp_resplen = larg; + ret = 1; + break; + #endif /* !OPENSSL_NO_TLSEXT */ default: break; @@ -2156,6 +2194,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } return 1; } + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: + ctx->tlsext_status_arg=parg; + return 1; + break; + #endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: @@ -2206,6 +2250,18 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: + ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; + break; + + case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: + ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, + unsigned char *, + EVP_CIPHER_CTX *, + HMAC_CTX *, int))fp; + break; + #endif default: return(0); diff --git a/crypto/openssl-0.9/ssl/s3_srvr.c b/crypto/openssl-0.9/ssl/s3_srvr.c index 6dba5c1977..903522ab59 100644 --- a/crypto/openssl-0.9/ssl/s3_srvr.c +++ b/crypto/openssl-0.9/ssl/s3_srvr.c @@ -290,9 +290,18 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_B: ret=ssl3_send_server_hello(s); if (ret <= 0) goto end; - +#ifndef OPENSSL_NO_TLSEXT if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; + { + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_SW_SESSION_TICKET_A; + else + s->state=SSL3_ST_SW_CHANGE_A; + } +#else + if (s->hit) + s->state=SSL3_ST_SW_CHANGE_A; +#endif else s->state=SSL3_ST_SW_CERT_A; s->init_num=0; @@ -306,10 +315,24 @@ int ssl3_accept(SSL *s) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_SW_CERT_STATUS_A; + else + s->state=SSL3_ST_SW_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_SW_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_SW_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -512,6 +535,14 @@ int ssl3_accept(SSL *s) s->init_num=0; break; + case SSL3_ST_SW_CERT_STATUS_A: + case SSL3_ST_SW_CERT_STATUS_B: + ret=ssl3_send_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_KEY_EXCH_A; + s->init_num=0; + break; + #endif case SSL3_ST_SW_CHANGE_A: @@ -1093,8 +1124,16 @@ int ssl3_send_server_hello(SSL *s) * session-id if we want it to be single use. * Currently I will not implement the '0' length session-id * 12-Jan-98 - I'll now support the '0' length stuff. + * + * We also have an additional case where stateless session + * resumption is successful: we always send back the old + * session id. In this case s->hit is non zero: this can + * only happen if stateless session resumption is succesful + * if session caching is disabled so existing functionality + * is unaffected. */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) + if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit) s->session->session_id_length=0; sl=s->session->session_id_length; @@ -2664,6 +2703,8 @@ int ssl3_send_newsession_ticket(SSL *s) unsigned int hlen; EVP_CIPHER_CTX ctx; HMAC_CTX hctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char key_name[16]; /* get session encoding length */ slen = i2d_SSL_SESSION(s->session, NULL); @@ -2694,29 +2735,47 @@ int ssl3_send_newsession_ticket(SSL *s) *(p++)=SSL3_MT_NEWSESSION_TICKET; /* Skip message length for now */ p += 3; + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + /* Initialize HMAC and cipher contexts. If callback present + * it does all the work otherwise use generated values + * from parent ctx. + */ + if (s->ctx->tlsext_ticket_key_cb) + { + if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + &hctx, 1) < 0) + { + OPENSSL_free(senc); + return -1; + } + } + else + { + RAND_pseudo_bytes(iv, 16); + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + s->ctx->tlsext_tick_aes_key, iv); + HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL); + memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); + } l2n(s->session->tlsext_tick_lifetime_hint, p); /* Skip ticket length for now */ p += 2; /* Output key name */ macstart = p; - memcpy(p, s->ctx->tlsext_tick_key_name, 16); + memcpy(p, key_name, 16); p += 16; - /* Generate and output IV */ - RAND_pseudo_bytes(p, 16); - EVP_CIPHER_CTX_init(&ctx); + /* output IV */ + memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); + p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - s->ctx->tlsext_tick_aes_key, p); - p += 16; EVP_EncryptUpdate(&ctx, p, &len, senc, slen); p += len; EVP_EncryptFinal(&ctx, p, &len); p += len; EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_init(&hctx); - HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); HMAC_Update(&hctx, macstart, p - macstart); HMAC_Final(&hctx, p, &hlen); HMAC_CTX_cleanup(&hctx); @@ -2740,4 +2799,39 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } + +int ssl3_send_cert_status(SSL *s) + { + if (s->state == SSL3_ST_SW_CERT_STATUS_A) + { + unsigned char *p; + /* Grow buffer if need be: the length calculation is as + * follows 1 (message type) + 3 (message length) + + * 1 (ocsp response type) + 3 (ocsp response length) + * + (ocsp response) + */ + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + return -1; + + p=(unsigned char *)s->init_buf->data; + + /* do the header */ + *(p++)=SSL3_MT_CERTIFICATE_STATUS; + /* message length */ + l2n3(s->tlsext_ocsp_resplen + 4, p); + /* status type */ + *(p++)= s->tlsext_status_type; + /* length of OCSP response */ + l2n3(s->tlsext_ocsp_resplen, p); + /* actual response */ + memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); + /* number of bytes to write */ + s->init_num = 8 + s->tlsext_ocsp_resplen; + s->state=SSL3_ST_SW_CERT_STATUS_B; + s->init_off = 0; + } + + /* SSL3_ST_SW_CERT_STATUS_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } #endif diff --git a/crypto/openssl-0.9/ssl/ssl.h b/crypto/openssl-0.9/ssl/ssl.h index ed811195a5..6df921f3c1 100644 --- a/crypto/openssl-0.9/ssl/ssl.h +++ b/crypto/openssl-0.9/ssl/ssl.h @@ -187,6 +187,7 @@ #include #endif #include +#include #include #include @@ -767,6 +768,16 @@ struct ssl_ctx_st unsigned char tlsext_tick_key_name[16]; unsigned char tlsext_tick_hmac_key[16]; unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb)(SSL *ssl, void *arg); + void *tlsext_status_arg; #endif }; @@ -1002,6 +1013,18 @@ struct ssl_st 1 : prepare 2, allow last ack just after in server callback. 2 : don't call servername callback, no ack in server hello */ + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ @@ -1157,6 +1180,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1224,6 +1248,18 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 + +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif #define SSL_session_reused(ssl) \ @@ -1669,6 +1705,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_ENC 134 #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_STATUS 288 #define SSL_F_SSL3_GET_CERT_VERIFY 136 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 #define SSL_F_SSL3_GET_CLIENT_HELLO 138 @@ -1853,6 +1890,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_STATUS_RESPONSE 316 #define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 #define SSL_R_INVALID_TRUST 279 #define SSL_R_KEY_ARG_TOO_LONG 284 @@ -2009,6 +2047,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_MESSAGE_TYPE 262 diff --git a/crypto/openssl-0.9/ssl/ssl3.h b/crypto/openssl-0.9/ssl/ssl3.h index f484df3f65..4b1e2e9834 100644 --- a/crypto/openssl-0.9/ssl/ssl3.h +++ b/crypto/openssl-0.9/ssl/ssl3.h @@ -483,6 +483,8 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) /* server */ /* extra state */ @@ -526,6 +528,8 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 @@ -538,6 +542,7 @@ typedef struct ssl3_state_st #define SSL3_MT_CERTIFICATE_VERIFY 15 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 diff --git a/crypto/openssl-0.9/ssl/ssl_asn1.c b/crypto/openssl-0.9/ssl/ssl_asn1.c index 8d9fb6d7d3..6e14f4d834 100644 --- a/crypto/openssl-0.9/ssl/ssl_asn1.c +++ b/crypto/openssl-0.9/ssl/ssl_asn1.c @@ -200,12 +200,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick.type=V_ASN1_OCTET_STRING; a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; /* If we have a ticket set session ID to empty because - * it will be bogus. + * it will be bogus. If liftime hint is -1 treat as a special + * case because the session is being used as a container */ - if (in->tlsext_ticklen) + if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) a.session_id.length=0; } - if (in->tlsext_tick_lifetime_hint != 0) + if (in->tlsext_tick_lifetime_hint > 0) { a.tlsext_tick_lifetime.length=LSIZE2; a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; @@ -235,7 +236,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); #ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -268,7 +269,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -464,8 +465,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } + else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; else - ret->tlsext_tick_lifetime_hint=0; + ret->tlsext_tick_lifetime_hint = 0; os.length=0; os.data=NULL; M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); diff --git a/crypto/openssl-0.9/ssl/ssl_err.c b/crypto/openssl-0.9/ssl/ssl_err.c index 62f06d5f10..50779c1632 100644 --- a/crypto/openssl-0.9/ssl/ssl_err.c +++ b/crypto/openssl-0.9/ssl/ssl_err.c @@ -141,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, +{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, @@ -328,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, +{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, @@ -484,6 +486,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, +{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, diff --git a/crypto/openssl-0.9/ssl/ssl_lib.c b/crypto/openssl-0.9/ssl/ssl_lib.c index 73707aab9b..065411aea8 100644 --- a/crypto/openssl-0.9/ssl/ssl_lib.c +++ b/crypto/openssl-0.9/ssl/ssl_lib.c @@ -126,6 +126,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_DH #include #endif @@ -311,6 +312,12 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; + s->tlsext_status_type = -1; + s->tlsext_status_expected = 0; + s->tlsext_ocsp_ids = NULL; + s->tlsext_ocsp_exts = NULL; + s->tlsext_ocsp_resp = NULL; + s->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->initial_ctx=ctx; #endif @@ -501,6 +508,13 @@ void SSL_free(SSL *s) if (s->ctx) SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_TLSEXT if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); + if (s->tlsext_ocsp_exts) + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + X509_EXTENSION_free); + if (s->tlsext_ocsp_ids) + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); #endif if (s->client_CA != NULL) sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); @@ -1494,6 +1508,9 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) ret->options |= SSL_OP_NO_TICKET; + ret->tlsext_status_cb = 0; + ret->tlsext_status_arg = NULL; + #endif return(ret); diff --git a/crypto/openssl-0.9/ssl/ssl_locl.h b/crypto/openssl-0.9/ssl/ssl_locl.h index e9fba49c53..de94c0d0c7 100644 --- a/crypto/openssl-0.9/ssl/ssl_locl.h +++ b/crypto/openssl-0.9/ssl/ssl_locl.h @@ -777,6 +777,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); +int ssl3_send_cert_status(SSL *s); int ssl3_get_finished(SSL *s,int state_a,int state_b); int ssl3_setup_key_block(SSL *s); int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); @@ -870,6 +871,7 @@ int ssl3_client_hello(SSL *s); int ssl3_get_server_hello(SSL *s); int ssl3_get_certificate_request(SSL *s); int ssl3_get_new_session_ticket(SSL *s); +int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); int ssl3_send_client_certificate(SSL *s); diff --git a/crypto/openssl-0.9/ssl/ssl_rsa.c b/crypto/openssl-0.9/ssl/ssl_rsa.c index fc42dfa1ec..27113eba50 100644 --- a/crypto/openssl-0.9/ssl/ssl_rsa.c +++ b/crypto/openssl-0.9/ssl/ssl_rsa.c @@ -708,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) int ret=0; X509 *x=NULL; + ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { diff --git a/crypto/openssl-0.9/ssl/ssl_stat.c b/crypto/openssl-0.9/ssl/ssl_stat.c index b16d253081..73b02509d4 100644 --- a/crypto/openssl-0.9/ssl/ssl_stat.c +++ b/crypto/openssl-0.9/ssl/ssl_stat.c @@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; +case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; +case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; @@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; +case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; +case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; diff --git a/crypto/openssl-0.9/ssl/t1_lib.c b/crypto/openssl-0.9/ssl/t1_lib.c index 7690ed6570..35f04afa4a 100644 --- a/crypto/openssl-0.9/ssl/t1_lib.c +++ b/crypto/openssl-0.9/ssl/t1_lib.c @@ -60,6 +60,7 @@ #include #include #include +#include #include "ssl_locl.h" const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; @@ -190,6 +191,54 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } } + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) + { + int i; + long extlen, idlen, itmp; + OCSP_RESPID *id; + + idlen = 0; + for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) + { + id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + itmp = i2d_OCSP_RESPID(id, NULL); + if (itmp <= 0) + return NULL; + idlen += itmp + 2; + } + + if (s->tlsext_ocsp_exts) + { + extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); + if (extlen < 0) + return NULL; + } + else + extlen = 0; + + if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; + s2n(TLSEXT_TYPE_status_request, ret); + if (extlen + idlen > 0xFFF0) + return NULL; + s2n(extlen + idlen + 5, ret); + *(ret++) = TLSEXT_STATUSTYPE_ocsp; + s2n(idlen, ret); + for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) + { + /* save position of id len */ + unsigned char *q = ret; + id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + /* skip over id len */ + ret += 2; + itmp = i2d_OCSP_RESPID(id, &ret); + /* write id len */ + s2n(itmp, q); + } + s2n(extlen, ret); + if (extlen > 0) + i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); + } + if ((extdatalen = ret-p-2)== 0) return p; @@ -220,7 +269,14 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha s2n(TLSEXT_TYPE_session_ticket,ret); s2n(0,ret); } - + + if (s->tlsext_status_expected) + { + if ((long)(limit - ret - 4) < 0) return NULL; + s2n(TLSEXT_TYPE_status_request,ret); + s2n(0,ret); + } + if ((extdatalen = ret-p-2)== 0) return p; @@ -235,6 +291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in unsigned short len; unsigned char *data = *p; s->servername_done = 0; + s->tlsext_status_type = -1; if (data >= (d+n-2)) return 1; @@ -324,6 +381,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { OPENSSL_free(s->session->tlsext_hostname); + s->session->tlsext_hostname = NULL; *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } @@ -349,6 +407,106 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } } + else if (type == TLSEXT_TYPE_status_request + && s->ctx->tlsext_status_cb) + { + + if (size < 5) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + s->tlsext_status_type = *data++; + size--; + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) + { + const unsigned char *sdata; + int dsize; + /* Read in responder_id_list */ + n2s(data,dsize); + size -= 2; + if (dsize > size ) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + while (dsize > 0) + { + OCSP_RESPID *id; + int idsize; + if (dsize < 4) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + n2s(data, idsize); + dsize -= 2 + idsize; + if (dsize < 0) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + sdata = data; + data += idsize; + id = d2i_OCSP_RESPID(NULL, + &sdata, idsize); + if (!id) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (data != sdata) + { + OCSP_RESPID_free(id); + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (!s->tlsext_ocsp_ids + && !(s->tlsext_ocsp_ids = + sk_OCSP_RESPID_new_null())) + { + OCSP_RESPID_free(id); + *al = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!sk_OCSP_RESPID_push( + s->tlsext_ocsp_ids, id)) + { + OCSP_RESPID_free(id); + *al = SSL_AD_INTERNAL_ERROR; + return 0; + } + } + + /* Read in request_extensions */ + n2s(data,dsize); + size -= 2; + if (dsize > size) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + sdata = data; + if (dsize > 0) + { + s->tlsext_ocsp_exts = + d2i_X509_EXTENSIONS(NULL, + &sdata, dsize); + if (!s->tlsext_ocsp_exts + || (data + dsize != sdata)) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } + } + /* We don't know what to do with any other type + * so ignore it. + */ + else + s->tlsext_status_type = -1; + } /* session ticket processed earlier */ data+=size; @@ -403,6 +561,19 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } s->tlsext_ticket_expected = 1; } + else if (type == TLSEXT_TYPE_status_request) + { + /* MUST be empty and only sent if we've requested + * a status request message. + */ + if ((s->tlsext_status_type == -1) || (size > 0)) + { + *al = TLS1_AD_UNSUPPORTED_EXTENSION; + return 0; + } + /* Set flag to expect CertificateStatus message */ + s->tlsext_status_expected = 1; + } data+=size; } @@ -448,6 +619,37 @@ int ssl_check_clienthello_tlsext(SSL *s) else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); + /* If status request then ask callback what to do. + * Note: this must be called after servername callbacks in case + * the certificate has changed. + */ + if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) + { + int r; + r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + switch (r) + { + /* We don't want to send a status request response */ + case SSL_TLSEXT_ERR_NOACK: + s->tlsext_status_expected = 0; + break; + /* status request response should be sent */ + case SSL_TLSEXT_ERR_OK: + if (s->tlsext_ocsp_resp) + s->tlsext_status_expected = 1; + else + s->tlsext_status_expected = 0; + break; + /* something bad happened */ + case SSL_TLSEXT_ERR_ALERT_FATAL: + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + al = SSL_AD_INTERNAL_ERROR; + goto err; + } + } + else + s->tlsext_status_expected = 0; + err: switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -475,6 +677,35 @@ int ssl_check_serverhello_tlsext(SSL *s) else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); + /* If we've requested certificate status and we wont get one + * tell the callback + */ + if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) + && s->ctx->tlsext_status_cb) + { + int r; + /* Set resp to NULL, resplen to -1 so callback knows + * there is no response. + */ + if (s->tlsext_ocsp_resp) + { + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = NULL; + } + s->tlsext_ocsp_resplen = -1; + r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (r == 0) + { + al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + } + if (r < 0) + { + al = SSL_AD_INTERNAL_ERROR; + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + } + } + switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -558,39 +789,53 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, SSL_SESSION *sess; unsigned char *sdec; const unsigned char *p; - int slen, mlen; + int slen, mlen, renew_ticket = 0; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX hctx; EVP_CIPHER_CTX ctx; + /* Need at least keyname + iv + some encrypted data */ + if (eticklen < 48) + goto tickerr; + /* Initialize session ticket encryption and HMAC contexts */ + HMAC_CTX_init(&hctx); + EVP_CIPHER_CTX_init(&ctx); + if (s->ctx->tlsext_ticket_key_cb) + { + unsigned char *nctick = (unsigned char *)etick; + int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, + &ctx, &hctx, 0); + if (rv < 0) + return -1; + if (rv == 0) + goto tickerr; + if (rv == 2) + renew_ticket = 1; + } + else + { + /* Check key name matches */ + if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) + goto tickerr; + HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + s->ctx->tlsext_tick_aes_key, etick + 16); + } /* Attempt to process session ticket, first conduct sanity and * integrity checks on ticket. */ - mlen = EVP_MD_size(tlsext_tick_md()); + mlen = HMAC_size(&hctx); eticklen -= mlen; - /* Need at least keyname + iv + some encrypted data */ - if (eticklen < 48) - goto tickerr; - /* Check key name matches */ - if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) - goto tickerr; /* Check HMAC of encrypted ticket */ - HMAC_CTX_init(&hctx); - HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); HMAC_Update(&hctx, etick, eticklen); HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); if (memcmp(tick_hmac, etick + eticklen, mlen)) goto tickerr; - /* Set p to start of IV */ - p = etick + 16; - EVP_CIPHER_CTX_init(&ctx); /* Attempt to decrypt session data */ - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - s->ctx->tlsext_tick_aes_key, p); /* Move p after IV to start of encrypted ticket, update length */ - p += 16; - eticklen -= 32; + p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); + eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); if (!sdec) { @@ -617,7 +862,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, memcpy(sess->session_id, sess_id, sesslen); sess->session_id_length = sesslen; *psess = sess; - s->tlsext_ticket_expected = 0; + s->tlsext_ticket_expected = renew_ticket; return 1; } /* If session decrypt failure indicate a cache miss and set state to diff --git a/crypto/openssl-0.9/ssl/tls1.h b/crypto/openssl-0.9/ssl/tls1.h index 00399f9886..2d1d293e1a 100644 --- a/crypto/openssl-0.9/ssl/tls1.h +++ b/crypto/openssl-0.9/ssl/tls1.h @@ -117,6 +117,8 @@ extern "C" { /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC 3546 */ +#define TLSEXT_STATUSTYPE_ocsp 1 #ifndef OPENSSL_NO_TLSEXT @@ -134,12 +136,33 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) #define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) +#define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +#define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_ALERT_WARNING 1 -#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ @@ -149,6 +172,16 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) + +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + #endif /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt -- 2.41.0