Import OpenSSL 0.9.8a
authorSimon Schubert <corecode@dragonflybsd.org>
Sat, 3 Dec 2005 13:48:16 +0000 (13:48 +0000)
committerSimon Schubert <corecode@dragonflybsd.org>
Sat, 3 Dec 2005 13:48:16 +0000 (13:48 +0000)
155 files changed:
crypto/openssl-0.9/CHANGES
crypto/openssl-0.9/FAQ
crypto/openssl-0.9/NEWS
crypto/openssl-0.9/PROBLEMS
crypto/openssl-0.9/README
crypto/openssl-0.9/apps/CA.pl
crypto/openssl-0.9/apps/apps.c
crypto/openssl-0.9/apps/ca.c
crypto/openssl-0.9/apps/dh.c
crypto/openssl-0.9/apps/dhparam.c
crypto/openssl-0.9/apps/dsa.c
crypto/openssl-0.9/apps/dsaparam.c
crypto/openssl-0.9/apps/gendh.c
crypto/openssl-0.9/apps/gendsa.c
crypto/openssl-0.9/apps/genrsa.c
crypto/openssl-0.9/apps/openssl.cnf
crypto/openssl-0.9/apps/prime.c
crypto/openssl-0.9/apps/req.c
crypto/openssl-0.9/apps/rsa.c
crypto/openssl-0.9/apps/rsautl.c
crypto/openssl-0.9/apps/s_client.c
crypto/openssl-0.9/apps/s_server.c
crypto/openssl-0.9/apps/smime.c
crypto/openssl-0.9/apps/speed.c
crypto/openssl-0.9/apps/x509.c
crypto/openssl-0.9/crypto/aes/aes_locl.h
crypto/openssl-0.9/crypto/asn1/a_bitstr.c
crypto/openssl-0.9/crypto/asn1/a_strex.c
crypto/openssl-0.9/crypto/asn1/asn1.h
crypto/openssl-0.9/crypto/asn1/asn1_err.c
crypto/openssl-0.9/crypto/asn1/asn1_par.c
crypto/openssl-0.9/crypto/asn1/t_pkey.c
crypto/openssl-0.9/crypto/asn1/t_req.c
crypto/openssl-0.9/crypto/asn1/t_spki.c
crypto/openssl-0.9/crypto/asn1/tasn_enc.c
crypto/openssl-0.9/crypto/asn1/tasn_new.c
crypto/openssl-0.9/crypto/asn1/x_pubkey.c
crypto/openssl-0.9/crypto/bf/bf_enc.c
crypto/openssl-0.9/crypto/bio/bss_file.c
crypto/openssl-0.9/crypto/bn/bn.h
crypto/openssl-0.9/crypto/bn/bn_asm.c
crypto/openssl-0.9/crypto/bn/bn_const.c [new file with mode: 0755]
crypto/openssl-0.9/crypto/bn/bn_div.c
crypto/openssl-0.9/crypto/bn/bn_gcd.c
crypto/openssl-0.9/crypto/bn/bn_lcl.h
crypto/openssl-0.9/crypto/bn/bn_mont.c
crypto/openssl-0.9/crypto/bn/bn_recp.c
crypto/openssl-0.9/crypto/bn/bn_sqr.c
crypto/openssl-0.9/crypto/bn/bn_sqrt.c
crypto/openssl-0.9/crypto/bn/bn_word.c
crypto/openssl-0.9/crypto/conf/conf_def.c
crypto/openssl-0.9/crypto/cryptlib.c
crypto/openssl-0.9/crypto/des/cfb_enc.c
crypto/openssl-0.9/crypto/des/des_old.h
crypto/openssl-0.9/crypto/dh/dh.h
crypto/openssl-0.9/crypto/dh/dh_check.c
crypto/openssl-0.9/crypto/dh/dh_err.c
crypto/openssl-0.9/crypto/dh/dh_key.c
crypto/openssl-0.9/crypto/dsa/dsa_lib.c
crypto/openssl-0.9/crypto/dso/dso_null.c
crypto/openssl-0.9/crypto/engine/eng_list.c
crypto/openssl-0.9/crypto/engine/eng_openssl.c
crypto/openssl-0.9/crypto/engine/eng_padlock.c
crypto/openssl-0.9/crypto/engine/engine.h
crypto/openssl-0.9/crypto/engine/tb_dsa.c
crypto/openssl-0.9/crypto/evp/e_null.c
crypto/openssl-0.9/crypto/evp/e_rc4.c
crypto/openssl-0.9/crypto/evp/e_xcbc_d.c
crypto/openssl-0.9/crypto/evp/evp_enc.c
crypto/openssl-0.9/crypto/evp/evp_pkey.c
crypto/openssl-0.9/crypto/evp/m_dss.c
crypto/openssl-0.9/crypto/evp/m_dss1.c
crypto/openssl-0.9/crypto/evp/m_md2.c
crypto/openssl-0.9/crypto/evp/m_md4.c
crypto/openssl-0.9/crypto/evp/m_md5.c
crypto/openssl-0.9/crypto/evp/m_ripemd.c
crypto/openssl-0.9/crypto/evp/m_sha.c
crypto/openssl-0.9/crypto/evp/m_sha1.c
crypto/openssl-0.9/crypto/evp/p5_crpt.c
crypto/openssl-0.9/crypto/evp/p5_crpt2.c
crypto/openssl-0.9/crypto/evp/p_lib.c
crypto/openssl-0.9/crypto/md32_common.h
crypto/openssl-0.9/crypto/objects/obj_dat.h
crypto/openssl-0.9/crypto/objects/obj_mac.h
crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c
crypto/openssl-0.9/crypto/opensslv.h
crypto/openssl-0.9/crypto/pem/pem_all.c
crypto/openssl-0.9/crypto/pem/pem_info.c
crypto/openssl-0.9/crypto/pem/pem_seal.c
crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c
crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c
crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c
crypto/openssl-0.9/crypto/pkcs7/pkcs7.h
crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c
crypto/openssl-0.9/crypto/rand/rand_unix.c
crypto/openssl-0.9/crypto/rc2/rc2_skey.c
crypto/openssl-0.9/crypto/rsa/rsa_depr.c
crypto/openssl-0.9/crypto/rsa/rsa_eay.c
crypto/openssl-0.9/crypto/rsa/rsa_pss.c
crypto/openssl-0.9/crypto/sha/sha_locl.h
crypto/openssl-0.9/crypto/txt_db/txt_db.c
crypto/openssl-0.9/crypto/ui/ui_lib.c
crypto/openssl-0.9/crypto/ui/ui_locl.h
crypto/openssl-0.9/crypto/ui/ui_openssl.c
crypto/openssl-0.9/crypto/x509/x509_att.c
crypto/openssl-0.9/crypto/x509/x509_v3.c
crypto/openssl-0.9/crypto/x509/x509_vfy.h
crypto/openssl-0.9/crypto/x509/x509_vpm.c
crypto/openssl-0.9/crypto/x509/x_all.c
crypto/openssl-0.9/crypto/x509v3/v3_alt.c
crypto/openssl-0.9/crypto/x509v3/v3_cpols.c
crypto/openssl-0.9/crypto/x509v3/v3_utl.c
crypto/openssl-0.9/e_os.h
crypto/openssl-0.9/e_os2.h
crypto/openssl-0.9/engines/e_4758cca.c
crypto/openssl-0.9/engines/e_aep.c
crypto/openssl-0.9/engines/e_atalla.c
crypto/openssl-0.9/engines/e_chil.c
crypto/openssl-0.9/engines/e_cswift.c
crypto/openssl-0.9/engines/e_nuron.c
crypto/openssl-0.9/engines/e_sureware.c
crypto/openssl-0.9/engines/e_ubsec.c
crypto/openssl-0.9/ssl/d1_both.c
crypto/openssl-0.9/ssl/d1_clnt.c
crypto/openssl-0.9/ssl/d1_lib.c
crypto/openssl-0.9/ssl/d1_meth.c
crypto/openssl-0.9/ssl/d1_srvr.c
crypto/openssl-0.9/ssl/s23_clnt.c
crypto/openssl-0.9/ssl/s23_lib.c
crypto/openssl-0.9/ssl/s23_meth.c
crypto/openssl-0.9/ssl/s23_srvr.c
crypto/openssl-0.9/ssl/s2_clnt.c
crypto/openssl-0.9/ssl/s2_lib.c
crypto/openssl-0.9/ssl/s2_meth.c
crypto/openssl-0.9/ssl/s2_srvr.c
crypto/openssl-0.9/ssl/s3_clnt.c
crypto/openssl-0.9/ssl/s3_enc.c
crypto/openssl-0.9/ssl/s3_lib.c
crypto/openssl-0.9/ssl/s3_meth.c
crypto/openssl-0.9/ssl/s3_pkt.c
crypto/openssl-0.9/ssl/s3_srvr.c
crypto/openssl-0.9/ssl/ssl.h
crypto/openssl-0.9/ssl/ssl3.h
crypto/openssl-0.9/ssl/ssl_algs.c
crypto/openssl-0.9/ssl/ssl_cert.c
crypto/openssl-0.9/ssl/ssl_ciph.c
crypto/openssl-0.9/ssl/ssl_lib.c
crypto/openssl-0.9/ssl/ssl_locl.h
crypto/openssl-0.9/ssl/ssl_txt.c
crypto/openssl-0.9/ssl/t1_clnt.c
crypto/openssl-0.9/ssl/t1_enc.c
crypto/openssl-0.9/ssl/t1_lib.c
crypto/openssl-0.9/ssl/t1_meth.c
crypto/openssl-0.9/ssl/t1_srvr.c
crypto/openssl-0.9/tools/c_rehash

index 47133b1..a84cebf 100644 (file)
@@ -2,6 +2,43 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CAN-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
  Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
 
   *) Add libcrypto.pc and libssl.pc for those who feel they need them.
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
 
   *) Minimal support for X9.31 signatures and PSS padding modes. This is
      mainly for FIPS compliance and not fully integrated at this stage.
 
  Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
 
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Fixes for newer kerberos headers. NB: the casts are needed because
      the 'length' field is signed on one version and unsigned on another
      with no (?) obvious way to tell the difference, without these VC++
index 82d8a6f..0755cb2 100644 (file)
@@ -72,7 +72,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8 was released on July 5th, 2005.
+OpenSSL 0.9.8a was released on October 11th, 2005.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
index f205b05..4fb708b 100644 (file)
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+
+      o Fix potential SSL 2.0 rollback, CAN-2005-2969
+      o Extended Windows CE support
+
   Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
 
       o Major work on the BIGNUM library for higher efficiency and to
index c46d7e5..ed3c174 100644 (file)
@@ -180,3 +180,18 @@ target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
 Unfortunately, the 'no-engines' configuration option currently doesn't
 work properly.  Use 'no-hw' and you'll will at least get no hardware
 support.  We'll see how we fix that on OpenSSL versions past 0.9.8.
+
+* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
+  if elder GNU binutils were deployed to link shared libcrypto.so.
+
+As subject suggests the failure is caused by a bug in elder binutils,
+either as or ld, and was observed on FreeBSD and Linux. There are two
+options. First is naturally to upgrade binutils, the second one - to
+reconfigure with additional no-sse2 [or 386] option passed to ./config.
+
+* If configured with ./config no-dso, toolkit still gets linked with -ldl,
+  which most notably poses a problem when linking with dietlibc.
+
+We don't have framework to associate -ldl with no-dso, therefore the only
+way is to edit Makefile right after ./config no-dso and remove -ldl from
+EX_LIBS line.
index 74cb76a..2d1236a 100644 (file)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8 05 Jul 2005
+ OpenSSL 0.9.8a 11 Oct 2005
 
  Copyright (c) 1998-2005 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
index 4408756..8ef8ac1 100644 (file)
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes
index 248c65a..613c3ba 100644 (file)
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 #include <openssl/bn.h>
 
 #define NON_MAIN
index 2571728..210b5e1 100644 (file)
@@ -969,7 +969,6 @@ bad:
                        if (verbose) BIO_printf(bio_err,
                                "Done. %d entries marked as expired\n",i); 
                        }
-                       goto err;
                }
 
        /*****************************************************************/
index cd01fed..c4d891e 100644 (file)
@@ -57,6 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
index e3cabcf..04bd57c 100644 (file)
  *
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
index b6f0ed3..a5ec5d7 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
index 14e79f9..c301e81 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_DSA */
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
index 69baa50..4749786 100644 (file)
@@ -57,6 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
index 6d2ed06..828e27f 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
index f0bb30c..4f62cfd 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
index 04710f8..9e59020 100644 (file)
@@ -188,7 +188,7 @@ nsComment                   = "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
index 36bbe08..af2fed1 100644 (file)
@@ -115,7 +115,7 @@ int MAIN(int argc, char **argv)
 
     BN_print(bio_out,bn);
     BIO_printf(bio_out," is %sprime\n",
-              BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
+              BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
 
     BN_free(bn);
     BIO_free_all(bio_out);
index 511be7d..f58e65e 100644 (file)
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 #define SECTION                "req"
 
@@ -724,7 +731,9 @@ bad:
 
        if (newreq && (pkey == NULL))
                {
+#ifndef OPENSSL_NO_RSA
                BN_GENCB cb;
+#endif
                char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                if (randfile == NULL)
                        ERR_clear_error();
index ee65720..d5cb7b7 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
index a629ff5..4638909 100644 (file)
@@ -56,6 +56,7 @@
  *
  */
 
+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 
 #include "apps.h"
index b22f319..cfee531 100644 (file)
@@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
        SSL_CIPHER *c;
        X509_NAME *xn;
        int j,i;
+#ifndef OPENSSL_NO_COMP
        const COMP_METHOD *comp, *expansion;
+#endif
 
        if (full)
                {
@@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                                                         EVP_PKEY_bits(pktmp));
                EVP_PKEY_free(pktmp);
        }
+#ifndef OPENSSL_NO_COMP
        comp=SSL_get_current_compression(s);
        expansion=SSL_get_current_expansion(s);
        BIO_printf(bio,"Compression: %s\n",
                comp ? SSL_COMP_get_name(comp) : "NONE");
        BIO_printf(bio,"Expansion: %s\n",
                expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)
index afc27e1..0d6727c 100644 (file)
@@ -153,6 +153,12 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
 #include "s_apps.h"
 #include "timeouts.h"
 
@@ -530,7 +536,9 @@ int MAIN(int argc, char *argv[])
        char *CApath=NULL,*CAfile=NULL;
        unsigned char *context = NULL;
        char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
        char *named_curve = NULL;
+#endif
        int badop=0,bugs=0;
        int ret=1;
        int off=0;
@@ -824,21 +832,24 @@ bad:
        if (s_key_file == NULL)
                s_key_file = s_cert_file;
 
-       s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
-                      "server certificate private key file");
-       if (!s_key)
+       if (nocert == 0)
                {
-               ERR_print_errors(bio_err);
-               goto end;
-               }
+               s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+                      "server certificate private key file");
+               if (!s_key)
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
 
-       s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
+               s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
                        NULL, e, "server certificate file");
 
-       if (!s_cert)
-               {
-               ERR_print_errors(bio_err);
-               goto end;
+               if (!s_cert)
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
                }
 
        if (s_dcert_file)
index 253cca7..250fd69 100644 (file)
@@ -384,9 +384,9 @@ int MAIN(int argc, char **argv)
                }
        else if (operation == SMIME_DECRYPT)
                {
-               if (!recipfile)
+               if (!recipfile && !keyfile)
                        {
-                       BIO_printf(bio_err, "No recipient certificate and key specified\n");
+                       BIO_printf(bio_err, "No recipient certificate or key specified\n");
                        badarg = 1;
                        }
                }
index 8f2aac5..474f20c 100644 (file)
@@ -286,9 +286,17 @@ static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
 static double dsa_results[DSA_NUM][2];
+#ifndef OPENSSL_NO_ECDSA
 static double ecdsa_results[EC_NUM][2];
+#endif
+#ifndef OPENSSL_NO_ECDH
 static double ecdh_results[EC_NUM][1];
+#endif
 
+#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+#endif
 
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -448,6 +456,7 @@ static double Time_F(int s)
 #endif /* if defined(OPENSSL_SYS_NETWARE) */
 
 
+#ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        {
@@ -459,8 +468,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        return SHA1(in, inlen, out);
 #else
        return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
        }
+#endif /* OPENSSL_NO_ECDH */
 
 
 int MAIN(int, char **);
@@ -695,8 +705,12 @@ int MAIN(int argc, char **argv)
 
        int rsa_doit[RSA_NUM];
        int dsa_doit[DSA_NUM];
+#ifndef OPENSSL_NO_ECDSA
        int ecdsa_doit[EC_NUM];
+#endif
+#ifndef OPENSSL_NO_ECDH
         int ecdh_doit[EC_NUM];
+#endif
        int doit[ALGOR_NUM];
        int pr_header=0;
        const EVP_CIPHER *evp_cipher=NULL;
index 393d0d1..5f61eb5 100644 (file)
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #undef PROG
 #define PROG x509_main
index 183805a..054b442 100644 (file)
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
index f621426..0fb9ce0 100644 (file)
@@ -183,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
        iv= ~v;
        if (!value) v=0;
 
+       if (a == NULL)
+               return 0;
+
        a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
 
-       if (a == NULL) return(0);
        if ((a->length < (w+1)) || (a->data == NULL))
                {
                if (!value) return(1); /* Don't need to set */
index cc6a25d..45fe4bd 100644 (file)
@@ -223,7 +223,7 @@ static int do_buf(unsigned char *buf, int buflen,
 
 static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
 {
-       const static char hexdig[] = "0123456789ABCDEF";
+       static const char hexdig[] = "0123456789ABCDEF";
        unsigned char *p, *q;
        char hextmp[2];
        if(arg) {
@@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
  * otherwise it is the number of bytes per character
  */
 
-const static signed char tag2nbyte[] = {
+static const signed char tag2nbyte[] = {
        -1, -1, -1, -1, -1,     /* 0-4 */
        -1, -1, -1, -1, -1,     /* 5-9 */
        -1, -1, 0, -1,          /* 10-13 */
index dadcae8..2819678 100644 (file)
@@ -1058,6 +1058,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_MBSTRING_NCOPY                      122
 #define ASN1_F_ASN1_OBJECT_NEW                          123
 #define ASN1_F_ASN1_PACK_STRING                                 124
+#define ASN1_F_ASN1_PCTX_NEW                            205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                       125
 #define ASN1_F_ASN1_SEQ_PACK                            126
 #define ASN1_F_ASN1_SEQ_UNPACK                          127
index b9df21c..bef2519 100644 (file)
@@ -111,6 +111,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),     "ASN1_OBJECT_new"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),    "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),       "ASN1_PCTX_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),  "ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),       "ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),     "ASN1_seq_unpack"},
index df247f3..37aa6b4 100644 (file)
@@ -419,7 +419,7 @@ end:
 
 const char *ASN1_tag2str(int tag)
 {
-       const static char *tag2str[] = {
+       static const char *tag2str[] = {
         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
index 7dd4ae3..f882161 100644 (file)
 
 static int print(BIO *fp,const char *str, const BIGNUM *num,
                unsigned char *buf,int off);
+#ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
                size_t len, int off);
+#endif
 #ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
@@ -196,6 +198,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
 
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
+       else
+               {
+               DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+               goto err;
+               }
        if (x->q)
                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
                        buf_len = i;
@@ -601,6 +608,7 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
        return(1);
        }
 
+#ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
                size_t len, int off)
        {
@@ -638,6 +646,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
 
        return 1;
        }
+#endif
 
 #ifndef OPENSSL_NO_DH
 #ifndef OPENSSL_NO_FP_API
@@ -666,6 +675,11 @@ int DHparams_print(BIO *bp, const DH *x)
 
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
+       else
+               {
+               reason = ERR_R_PASSED_NULL_PARAMETER;
+               goto err;
+               }
        if (x->g)
                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
                        buf_len = i;
@@ -719,11 +733,16 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 int DSAparams_print(BIO *bp, const DSA *x)
        {
        unsigned char *m=NULL;
-       int reason=ERR_R_BUF_LIB,ret=0;
+       int ret=0;
        size_t buf_len=0,i;
 
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
+       else
+               {
+               DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+               goto err;
+               }
        if (x->q)
                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
                        buf_len = i;
@@ -733,7 +752,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
        if (m == NULL)
                {
-               reason=ERR_R_MALLOC_FAILURE;
+               DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
@@ -746,7 +765,6 @@ int DSAparams_print(BIO *bp, const DSA *x)
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
-       DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
        return(ret);
        }
 
index 204ca10..c779a9b 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
index 23ab3b9..c2a5797 100644 (file)
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 #include <openssl/bn.h>
 
 /* Print out an SPKI */
index cef398e..0f950db 100644 (file)
@@ -59,6 +59,7 @@
 
 #include <stddef.h>
 #include <string.h>
+#include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
index 9216342..531dad3 100644 (file)
@@ -326,11 +326,13 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        ASN1_TYPE *typ;
        int utype;
-       const ASN1_PRIMITIVE_FUNCS *pf;
-       pf = it->funcs;
 
-       if (pf && pf->prim_new)
-               return pf->prim_new(pval, it);
+       if (it && it->funcs)
+               {
+               const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+               if (pf->prim_new)
+                       return pf->prim_new(pval, it);
+               }
 
        if (!it || (it->itype == ASN1_ITYPE_MSTRING))
                utype = -1;
@@ -374,10 +376,9 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        int utype;
-       const ASN1_PRIMITIVE_FUNCS *pf;
-       pf = it->funcs;
-       if (pf)
+       if (it && it->funcs)
                {
+               const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
                if (pf->prim_clear)
                        pf->prim_clear(pval, it);
                else 
index 50faa4a..91c2756 100644 (file)
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
index b380acf..2d21d09 100644 (file)
@@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key)
        {
 #ifndef BF_PTR2
        register BF_LONG l,r;
-    const register BF_LONG *p,*s;
+       register const BF_LONG *p,*s;
 
        p=key->P;
        s= &(key->S[0]);
@@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key)
        {
 #ifndef BF_PTR2
        register BF_LONG l,r;
-    const register BF_LONG *p,*s;
+       register const BF_LONG *p,*s;
 
        p=key->P;
        s= &(key->S[0]);
index ccc7415..ad4b301 100644 (file)
@@ -396,7 +396,10 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
        int ret=0;
 
        buf[0]='\0';
-       fgets(buf,size,(FILE *)bp->ptr);
+       if (bp->flags&BIO_FLAGS_UPLINK)
+               UP_fgets(buf,size,bp->ptr);
+       else
+               fgets(buf,size,(FILE *)bp->ptr);
        if (buf[0] != '\0')
                ret=strlen(buf);
        return(ret);
index 670584a..03ebd50 100644 (file)
@@ -699,9 +699,11 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 #define bn_check_top(a) \
        do { \
                const BIGNUM *_bnum2 = (a); \
-               assert((_bnum2->top == 0) || \
+               if (_bnum2 != NULL) { \
+                       assert((_bnum2->top == 0) || \
                                (_bnum2->d[_bnum2->top - 1] != 0)); \
-               bn_pollute(_bnum2); \
+                       bn_pollute(_bnum2); \
+               } \
        } while(0)
 
 #define bn_fix_top(a)          bn_check_top(a)
@@ -732,6 +734,18 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
 BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 
+/* Primes from RFC 2409 */
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 
 /* BEGIN ERROR CODES */
index 1997808..99bc2de 100644 (file)
@@ -459,6 +459,34 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
 
+#elif defined(BN_UMULT_LOHI)
+
+#define mul_add_c(a,b,c0,c1,c2)        {       \
+       BN_ULONG ta=(a),tb=(b);         \
+       BN_UMULT_LOHI(t1,t2,ta,tb);     \
+       c0 += t1; t2 += (c0<t1)?1:0;    \
+       c1 += t2; c2 += (c1<t2)?1:0;    \
+       }
+
+#define mul_add_c2(a,b,c0,c1,c2) {     \
+       BN_ULONG ta=(a),tb=(b),t0;      \
+       BN_UMULT_LOHI(t0,t1,ta,tb);     \
+       t2 = t1+t1; c2 += (t2<t1)?1:0;  \
+       t1 = t0+t0; t2 += (t1<t0)?1:0;  \
+       c0 += t1; t2 += (c0<t1)?1:0;    \
+       c1 += t2; c2 += (c1<t2)?1:0;    \
+       }
+
+#define sqr_add_c(a,i,c0,c1,c2)        {       \
+       BN_ULONG ta=(a)[i];             \
+       BN_UMULT_LOHI(t1,t2,ta,ta);     \
+       c0 += t1; t2 += (c0<t1)?1:0;    \
+       c1 += t2; c2 += (c1<t2)?1:0;    \
+       }
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)     \
+       mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
 #elif defined(BN_UMULT_HIGH)
 
 #define mul_add_c(a,b,c0,c1,c2)        {       \
diff --git a/crypto/openssl-0.9/crypto/bn/bn_const.c b/crypto/openssl-0.9/crypto/bn/bn_const.c
new file mode 100755 (executable)
index 0000000..eb60a25
--- /dev/null
@@ -0,0 +1,402 @@
+/* crypto/bn/knownprimes.c */
+/* Insert boilerplate */
+
+#include "bn.h"
+
+/* "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
+       {
+       static const unsigned char RFC2409_PRIME_768[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
+       }
+
+/* "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
+       {
+       static const unsigned char RFC2409_PRIME_1024[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
+       }
+
+/* "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_1536[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
+       }
+
+/* "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_2048[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+               0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+               0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+               0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+               0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+               0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
+               0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
+       }
+
+/* "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_3072[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+               0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+               0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+               0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+               0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+               0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+               0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+               0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+               0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+               0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+               0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+               0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+               0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+               0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+               0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+               0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+               0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
+       }
+
+/* "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_4096[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+               0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+               0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+               0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+               0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+               0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+               0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+               0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+               0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+               0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+               0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+               0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+               0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+               0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+               0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+               0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+               0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+               0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+               0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+               0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+               0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+               0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+               0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+               0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+               0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+               0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+               0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
+       }
+
+/* "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_6144[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+               0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+               0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+               0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+               0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+               0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+               0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+               0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+               0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+               0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+               0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+               0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+               0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+               0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+               0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+               0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+               0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+               0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+               0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+               0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+               0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+               0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+               0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+               0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+               0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+               0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+               0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+               0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+               0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+               0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+               0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+               0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+               0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+               0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+               0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+               0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+               0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+               0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+               0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+               0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+               0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+               0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+               0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+               0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+               0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+               0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+               0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+               0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+               0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
+       }
+
+/* "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
+       {
+       static const unsigned char RFC3526_PRIME_8192[]={
+               0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+               0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+               0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+               0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+               0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+               0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+               0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+               0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+               0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+               0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+               0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+               0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+               0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+               0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+               0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+               0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+               0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+               0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+               0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+               0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+               0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+               0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+               0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+               0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+               0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+               0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+               0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+               0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+               0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+               0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+               0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+               0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+               0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+               0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+               0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+               0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+               0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+               0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+               0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+               0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+               0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+               0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+               0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+               0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+               0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+               0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+               0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+               0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+               0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+               0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+               0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+               0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+               0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+               0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+               0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+               0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+               0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+               0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+               0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+               0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+               0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+               0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+               0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+               0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+               0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
+               0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
+               0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
+               0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+               0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
+               0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
+               0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
+               0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+               0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
+               0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
+               0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
+               0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+               0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
+               0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
+               0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
+               0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+               0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
+               0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
+               0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
+               0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+               0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
+               0xFF,0xFF,0xFF,0xFF,
+               };
+       return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
+       }
+
index 3b43929..2857f44 100644 (file)
@@ -185,10 +185,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        BN_ULONG d0,d1;
        int num_n,div_n;
 
-       if (dv)
-               bn_check_top(dv);
-       if (rm)
-               bn_check_top(rm);
+       bn_check_top(dv);
+       bn_check_top(rm);
        bn_check_top(num);
        bn_check_top(divisor);
 
@@ -394,8 +392,7 @@ X) -> 0x%08X\n",
        BN_CTX_end(ctx);
        return(1);
 err:
-       if (rm)
-               bn_check_top(rm);
+       bn_check_top(rm);
        BN_CTX_end(ctx);
        return(0);
        }
index 0248753..f02e6fc 100644 (file)
@@ -488,7 +488,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 err:
        if ((ret == NULL) && (in == NULL)) BN_free(R);
        BN_CTX_end(ctx);
-       if (ret)
-               bn_check_top(ret);
+       bn_check_top(ret);
        return(ret);
        }
index 1c680fc..ad4ca7f 100644 (file)
@@ -270,6 +270,15 @@ extern "C" {
                : "a"(a),"g"(b)         \
                : "cc");
 #  endif
+# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+#  if defined(_MSC_VER) && _MSC_VER>=1400
+    unsigned __int64 __umulh   (unsigned __int64 a,unsigned __int64 b);
+    unsigned __int64 _umul128  (unsigned __int64 a,unsigned __int64 b,
+                                unsigned __int64 *h);
+#   pragma intrinsic(__umulh,_umul128)
+#   define BN_UMULT_HIGH(a,b)          __umulh((a),(b))
+#   define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
+#  endif
 # endif                /* cpu */
 #endif         /* OPENSSL_NO_ASM */
 
@@ -313,6 +322,33 @@ extern "C" {
        (r1)=Hw(t); \
        }
 
+#elif defined(BN_UMULT_LOHI)
+#define mul_add(r,a,w,c) {             \
+       BN_ULONG high,low,ret,tmp=(a);  \
+       ret =  (r);                     \
+       BN_UMULT_LOHI(low,high,w,tmp);  \
+       ret += (c);                     \
+       (c) =  (ret<(c))?1:0;           \
+       (c) += high;                    \
+       ret += low;                     \
+       (c) += (ret<low)?1:0;           \
+       (r) =  ret;                     \
+       }
+
+#define mul(r,a,w,c)   {               \
+       BN_ULONG high,low,ret,ta=(a);   \
+       BN_UMULT_LOHI(low,high,w,ta);   \
+       ret =  low + (c);               \
+       (c) =  high;                    \
+       (c) += (ret<low)?1:0;           \
+       (r) =  ret;                     \
+       }
+
+#define sqr(r0,r1,a)   {               \
+       BN_ULONG tmp=(a);               \
+       BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
+       }
+
 #elif defined(BN_UMULT_HIGH)
 #define mul_add(r,a,w,c) {             \
        BN_ULONG high,low,ret,tmp=(a);  \
index 6bcc9ad..82af91f 100644 (file)
@@ -292,7 +292,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                buf[0]=mod->d[0]; /* tmod = N mod word size */
                buf[1]=0;
                tmod.d=buf;
-               tmod.top=1;
+               tmod.top = buf[0] != 0 ? 1 : 0;
                tmod.dmax=2;
                tmod.neg=0;
                                                        /* Ri = R^-1 mod N*/
index 10fe869..2e8efb8 100644 (file)
@@ -204,8 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        ret=1;
 err:
        BN_CTX_end(ctx);
-       if(dv) bn_check_top(dv);
-       if(rem) bn_check_top(rem);
+       bn_check_top(dv);
+       bn_check_top(rem);
        return(ret);
        } 
 
index 3b4b3f0..270d0cd 100644 (file)
@@ -148,8 +148,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
        if (rr != r) BN_copy(r,rr);
        ret = 1;
  err:
-       if(rr) bn_check_top(rr);
-       if(tmp) bn_check_top(tmp);
+       bn_check_top(rr);
+       bn_check_top(tmp);
        BN_CTX_end(ctx);
        return(ret);
        }
index c1eb7f6..6beaf9e 100644 (file)
@@ -83,7 +83,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                                goto end;
                        if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
                                {
-                               BN_free(ret);
+                               if (ret != in)
+                                       BN_free(ret);
                                return NULL;
                                }
                        bn_check_top(ret);
@@ -102,7 +103,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                        goto end;
                if (!BN_set_word(ret, BN_is_one(a)))
                        {
-                       BN_free(ret);
+                       if (ret != in)
+                               BN_free(ret);
                        return NULL;
                        }
                bn_check_top(ret);
index 1bcb37e..ee7b87c 100644 (file)
@@ -69,6 +69,9 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 #endif
        int i;
 
+       if (w == 0)
+               return (BN_ULONG)-1;
+
        bn_check_top(a);
        w&=BN_MASK2;
        for (i=a->top-1; i>=0; i--)
@@ -94,7 +97,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
 
        if (!w)
                /* actually this an error (division by zero) */
-               return 0;
+               return (BN_ULONG)-1;
        if (a->top == 0)
                return 0;
 
@@ -102,7 +105,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
        j = BN_BITS2 - BN_num_bits_word(w);
        w <<= j;
        if (!BN_lshift(a, a, j))
-               return 0;
+               return (BN_ULONG)-1;
 
        for (i=a->top-1; i>=0; i--)
                {
@@ -175,7 +178,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
        /* degenerate case: w is zero */
        if (!w) return 1;
        /* degenerate case: a is zero */
-       if(BN_is_zero(a)) return BN_set_word(a,w);
+       if(BN_is_zero(a))
+               {
+               i = BN_set_word(a,w);
+               if (i != 0)
+                       BN_set_negative(a, 1);
+               return i;
+               }
        /* handle 'a' when negative */
        if (a->neg)
                {
index 996a099..8083a00 100644 (file)
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                                e++;
                                }
                        /* So at this point we have
-                        * ns which is the start of the name string which is
+                        * np which is the start of the name string which is
                         *   '\0' terminated. 
-                        * cs which is the start of the section string which is
+                        * cp which is the start of the section string which is
                         *   '\0' terminated.
                         * e is the 'next point after'.
-                        * r and s are the chars replaced by the '\0'
-                        * rp and sp is where 'r' and 's' came from.
+                        * r and rr are the chars replaced by the '\0'
+                        * rp and rrp is where 'r' and 'rr' came from.
                         */
                        p=_CONF_get_string(conf,cp,np);
                        if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                           points at.  /RL */
                        len -= e-from;
                        from=e;
+
+                       /* In case there were no braces or parenthesis around
+                          the variable reference, we have to put back the
+                          character that was replaced with a '\0'.  /RL */
+                       *rp = r;
                        }
                else
                        buf->data[to++]= *(from++);
index 2133237..315559c 100644 (file)
@@ -661,12 +661,15 @@ int OPENSSL_isservice(void)
 #endif
     else                               return 0;
 }
+#else
+int OPENSSL_isservice(void) { return 0; }
 #endif
 
 void OPENSSL_showfatal (const char *fmta,...)
 { va_list ap;
   TCHAR buf[256];
   const TCHAR *fmt;
+#ifdef STD_ERROR_HANDLE        /* what a dirty trick! */
   HANDLE h;
 
     if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
@@ -677,9 +680,10 @@ void OPENSSL_showfatal (const char *fmta,...)
        va_end (ap);
        return;
     }
+#endif
 
     if (sizeof(TCHAR)==sizeof(char))
-       fmt=fmta;
+       fmt=(const TCHAR *)fmta;
     else do
     { int    keepgoing;
       size_t len_0=strlen(fmta)+1,i;
@@ -730,21 +734,7 @@ void OPENSSL_showfatal (const char *fmta,...)
     }
     else
 #endif
-    {  MSGBOXPARAMS         m;
-
-       m.cbSize             = sizeof(m);
-       m.hwndOwner          = NULL;
-       m.lpszCaption        = _T("OpenSSL: FATAL");
-       m.dwStyle            = MB_OK;
-       m.hInstance          = NULL;
-       m.lpszIcon           = IDI_ERROR;
-       m.dwContextHelpId    = 0;
-       m.lpfnMsgBoxCallback = NULL;
-       m.dwLanguageId       = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
-       m.lpszText           = buf;
-
-       MessageBoxIndirect (&m);
-    }
+       MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
 }
 #else
 void OPENSSL_showfatal (const char *fmta,...)
index 6738e7c..720f29a 100644 (file)
@@ -125,7 +125,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
 #endif
                                if (rem==0)
-                                       memcpy(ovec,ovec+num,8);
+                                       memmove(ovec,ovec+num,8);
                                else
                                        for(i=0 ; i < 8 ; ++i)
                                                ovec[i]=ovec[i+num]<<rem |
@@ -168,7 +168,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
 #endif
                                if (rem==0)
-                                       memcpy (ovec,ovec+num,8);
+                                       memmove(ovec,ovec+num,8);
                                else
                                        for(i=0 ; i < 8 ; ++i)
                                                ovec[i]=ovec[i+num]<<rem |
index 9f43992..1b0620c 100644 (file)
 extern "C" {
 #endif
 
+#ifdef _
+#undef _
+#endif
+
 typedef unsigned char _ossl_old_des_cblock[8];
 typedef struct _ossl_old_des_ks_struct
        {
index d1559fd..7871882 100644 (file)
@@ -145,6 +145,10 @@ struct dh_st
 #define DH_UNABLE_TO_CHECK_GENERATOR   0x04
 #define DH_NOT_SUITABLE_GENERATOR      0x08
 
+/* DH_check_pub_key error codes */
+#define DH_CHECK_PUBKEY_TOO_SMALL      0x01
+#define DH_CHECK_PUBKEY_TOO_LARGE      0x02
+
 /* primes p where (p-1)/2 is prime too are called "safe"; we define
    this for backward compatibility: */
 #define DH_CHECK_P_NOT_STRONG_PRIME    DH_CHECK_P_NOT_SAFE_PRIME
@@ -183,6 +187,7 @@ DH *        DH_generate_parameters(int prime_len,int generator,
 int    DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
 
 int    DH_check(const DH *dh,int *codes);
+int    DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
 int    DH_generate_key(DH *dh);
 int    DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 DH *   d2i_DHparams(DH **a,const unsigned char **pp, long length);
@@ -216,6 +221,7 @@ void ERR_load_DH_strings(void);
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                              101
 #define DH_R_NO_PRIVATE_VALUE                           100
+#define DH_R_INVALID_PUBKEY                             102
 
 #ifdef  __cplusplus
 }
index bfc9c3a..058aec7 100644 (file)
@@ -118,3 +118,25 @@ err:
        if (q != NULL) BN_free(q);
        return(ok);
        }
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+       {
+       int ok=0;
+       BIGNUM *q=NULL;
+
+       *ret=0;
+       q=BN_new();
+       if (q == NULL) goto err;
+       BN_set_word(q,1);
+       if (BN_cmp(pub_key,q) <= 0)
+               *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+       BN_copy(q,dh->p);
+       BN_sub_word(q,1);
+       if (BN_cmp(pub_key,q) >= 0)
+               *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+       ok = 1;
+err:
+       if (q != NULL) BN_free(q);
+       return(ok);
+       }
index edce2c7..ea67fb7 100644 (file)
@@ -84,6 +84,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
        {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
+{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {0,NULL}
        };
 
index 39eefe3..cc17c88 100644 (file)
@@ -177,6 +177,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        BN_MONT_CTX *mont=NULL;
        BIGNUM *tmp;
        int ret= -1;
+        int check_result;
 
        ctx = BN_CTX_new();
        if (ctx == NULL) goto err;
@@ -202,6 +203,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                        goto err;
                }
 
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+               {
+               DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+               goto err;
+               }
+
        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                {
                DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
index 3a78082..b982579 100644 (file)
@@ -66,7 +66,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
index fa13a7c..4972984 100644 (file)
@@ -75,6 +75,8 @@ static DSO_METHOD dso_meth_null = {
        NULL, /* unbind_func */
 #endif
        NULL, /* ctrl */
+       NULL, /* dso_name_converter */
+       NULL, /* dso_merger */
        NULL, /* init */
        NULL  /* finish */
        };
index f337e0f..bd51194 100644 (file)
@@ -394,19 +394,23 @@ ENGINE *ENGINE_by_id(const char *id)
 #else
        /* EEK! Experimental code starts */
        if(iterator) return iterator;
+       /* Prevent infinite recusrion if we're looking for the dynamic engine. */
+       if (strcmp(id, "dynamic"))
+               {
 #ifdef OPENSSL_SYS_VMS
-       if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
 #else
-       if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
 #endif
-       iterator = ENGINE_by_id("dynamic");
-       if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-                       !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-                       !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
-                               load_dir, 0) ||
-                       !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-               goto notfound;
-       return iterator;
+               iterator = ENGINE_by_id("dynamic");
+               if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+                               !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+                               !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+                                       load_dir, 0) ||
+                               !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+                               goto notfound;
+               return iterator;
+               }
 notfound:
        ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
        ERR_add_error_data(2, "id=", id);
index dd16d3b..7c139ae 100644 (file)
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 /* This testing gunk is implemented (and explained) lower down. It also assumes
  * the application explicitly calls "ENGINE_load_openssl()" because this is no
@@ -251,6 +257,7 @@ static const EVP_CIPHER test_r4_cipher=
        sizeof(TEST_RC4_KEY),
        NULL,
        NULL,
+       NULL,
        NULL
        };
 static const EVP_CIPHER test_r4_40_cipher=
@@ -264,6 +271,7 @@ static const EVP_CIPHER test_r4_40_cipher=
        sizeof(TEST_RC4_KEY),
        NULL, 
        NULL,
+       NULL,
        NULL
        };
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
index cc9f9dc..4e1eae3 100644 (file)
@@ -75,6 +75,7 @@
 #include <openssl/aes.h>
 #endif
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_PADLOCK
index 4ce8f4c..c94fb28 100644 (file)
 extern "C" {
 #endif
 
-/* Fixups for missing algorithms */
-#ifdef OPENSSL_NO_RSA
-typedef void RSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DSA
-typedef void DSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DH
-typedef void DH_METHOD;
-#endif
-#ifdef OPENSSL_NO_ECDH
-typedef void ECDH_METHOD;
-#endif
-#ifdef OPENSSL_NO_ECDSA
-typedef void ECDSA_METHOD;
-#endif
-
 /* These flags are used to control combinations of algorithm (methods)
  * by bitwise "OR"ing. */
 #define ENGINE_METHOD_RSA              (unsigned int)0x0001
index d326a5f..e4674f5 100644 (file)
@@ -92,7 +92,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
        {
        if(e->dsa_meth)
                return engine_table_register(&dsa_table,
-                               engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+                               engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
        return 1;
        }
 
index 698a8e3..5205259 100644 (file)
@@ -76,6 +76,7 @@ static const EVP_CIPHER n_cipher=
        0,
        NULL,
        NULL,
+       NULL,
        NULL
        };
 
index eadd8d4..67af850 100644 (file)
@@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher=
        sizeof(EVP_RC4_KEY),
        NULL,
        NULL,
+       NULL,
        NULL
        };
 
@@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher=
        sizeof(EVP_RC4_KEY),
        NULL, 
        NULL,
+       NULL,
        NULL
        };
 
index cb82815..8832da2 100644 (file)
@@ -91,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher=
        sizeof(DESX_CBC_KEY),
        EVP_CIPHER_set_asn1_iv,
        EVP_CIPHER_get_asn1_iv,
+       NULL,
        NULL
        };
 
index e845632..22cb613 100644 (file)
@@ -449,7 +449,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        }
                OPENSSL_assert(b <= sizeof ctx->final);
                n=ctx->final[b-1];
-               if (n > (int)b)
+               if (n == 0 || n > (int)b)
                        {
                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
                        return(0);
index b71555e..0147f3e 100644 (file)
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_DSA
index 020f19c..a948c77 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #ifndef OPENSSL_NO_SHA
+
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
index a20056f..c12e139 100644 (file)
@@ -64,7 +64,9 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
index 1eae4ed..5ce849f 100644 (file)
@@ -65,7 +65,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md2.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return MD2_Init(ctx->md_data); }
index 0fb84b6..1e0b7c5 100644 (file)
@@ -65,7 +65,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md4.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return MD4_Init(ctx->md_data); }
index 21288ee..63c1421 100644 (file)
@@ -65,7 +65,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return MD5_Init(ctx->md_data); }
index 087ad2d..a1d60ee 100644 (file)
@@ -65,7 +65,9 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return RIPEMD160_Init(ctx->md_data); }
index e995c12..acccc8f 100644 (file)
@@ -64,7 +64,9 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA_Init(ctx->md_data); }
index daf6db6..4679b1c 100644 (file)
@@ -64,7 +64,9 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
index c0dfb7d..48d5001 100644 (file)
@@ -114,9 +114,14 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        const unsigned char *pbuf;
 
        /* Extract useful info from parameter */
+       if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+           param->value.sequence == NULL) {
+               EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+               return 0;
+       }
+
        pbuf = param->value.sequence->data;
-       if (!param || (param->type != V_ASN1_SEQUENCE) ||
-          !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+       if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
index f2e143d..f11cb70 100644 (file)
@@ -156,10 +156,15 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        const EVP_CIPHER *cipher;
        PBKDF2PARAM *kdf = NULL;
 
+       if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+           param->value.sequence == NULL) {
+               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+               return 0;
+       }
+
        pbuf = param->value.sequence->data;
        plen = param->value.sequence->length;
-       if(!param || (param->type != V_ASN1_SEQUENCE) ||
-                                  !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+       if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
index 04b57e8..22155ec 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
index f1c48b5..0e625a8 100644 (file)
 
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+      (defined(__x86_64) || defined(__x86_64__))
     /*
      * This gives ~30-40% performance improvement in SHA-256 compiled
      * with gcc [on P4]. Well, first macro to be frank. We can pull
index 998ac99..db4400c 100644 (file)
@@ -330,9 +330,9 @@ static unsigned char lvalues[5002]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbqp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbqp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbgp_routerIdentifier */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
@@ -824,21 +824,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
 {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
 {"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},
 {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
+{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},
+{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},
 {"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
+{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},
+{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},
+{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},
 {"SHA","sha",NID_sha,5,&(lvalues[226]),0},
 {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
        &(lvalues[231]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
+{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},
 {"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
 {"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
+{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},
 {"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
 {"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
        &(lvalues[257]),0},
@@ -862,10 +862,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        NID_netscape_cert_extension,8,&(lvalues[345]),0},
 {"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
        &(lvalues[353]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
+{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},
+{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},
+{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},
+{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
 {"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
 {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
        &(lvalues[366]),0},
@@ -892,7 +892,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
 {"nsCertSequence","Netscape Certificate Sequence",
        NID_netscape_cert_sequence,9,&(lvalues[480]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
+{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},
 {"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
 {"subjectKeyIdentifier","X509v3 Subject Key Identifier",
        NID_subject_key_identifier,3,&(lvalues[491]),0},
@@ -911,17 +911,17 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"authorityKeyIdentifier","X509v3 Authority Key Identifier",
        NID_authority_key_identifier,3,&(lvalues[515]),0},
 {"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
+{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},
+{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},
+{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},
 {"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
 {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},
 {"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
 {"SN","surname",NID_surname,3,&(lvalues[538]),0},
 {"initials","initials",NID_initials,3,&(lvalues[541]),0},
-{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL,0},
 {"crlDistributionPoints","X509v3 CRL Distribution Points",
        NID_crl_distribution_points,3,&(lvalues[544]),0},
 {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
@@ -929,23 +929,23 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"title","title",NID_title,3,&(lvalues[555]),0},
 {"description","description",NID_description,3,&(lvalues[558]),0},
 {"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},
+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},
+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},
 {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
 {"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},
 {"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
 {"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
 {"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
-{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL,0},
 {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
        &(lvalues[603]),0},
 {"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},
+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
 {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
 {"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
 {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
@@ -1009,7 +1009,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
        &(lvalues[966]),0},
-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
 {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
        &(lvalues[974]),0},
 {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
@@ -1219,12 +1219,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[2092]),0},
 {"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
 {"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
        &(lvalues[2116]),0},
-{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
-       NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbqp-routerIdentifier","sbqp-routerIdentifier",
-       NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
+       NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
+{"sbgp-routerIdentifier","sbgp-routerIdentifier",
+       NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
 {"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
 {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
        &(lvalues[2148]),0},
@@ -1330,7 +1330,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[2588]),0},
 {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
        8,&(lvalues[2596]),0},
-{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL,0},
 {"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
 {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
        NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
@@ -1562,7 +1562,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"generationQualifier","generationQualifier",NID_generationQualifier,
        3,&(lvalues[3877]),0},
 {"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
-{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL,0},
 {"id-set","Secure Electronic Transactions",NID_id_set,2,
        &(lvalues[3883]),0},
 {"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
@@ -1821,16 +1821,16 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        10,&(lvalues[4437]),0},
 {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
        &(lvalues[4447]),0},
-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL},
-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL},
-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL},
-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL},
-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL},
-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL},
-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL},
-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL},
-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL},
-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL},
+{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
+{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
+{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
+{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0},
+{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0},
+{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0},
+{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0},
+{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
+{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
+{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
 {"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0},
 {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0},
 {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0},
@@ -1943,8 +1943,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[4995]),0},
 {"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
        NID_inhibit_any_policy,3,&(lvalues[4998]),0},
-{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL},
-{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL},
+{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
+{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2485,9 +2485,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[ 1]),/* "rsadsi" */
 &(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[704]),/* "secp112r1" */
 &(nid_objs[705]),/* "secp112r2" */
@@ -3240,9 +3240,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[124]),/* "run length compression" */
 &(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[704]),/* "secp112r1" */
 &(nid_objs[705]),/* "secp112r2" */
@@ -3820,9 +3820,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
 &(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
 &(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
 &(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
 &(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
 &(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
index 7cdd694..e4d63e5 100644 (file)
 #define NID_aaControls         289
 #define OBJ_aaControls         OBJ_id_pe,6L
 
-#define SN_sbqp_ipAddrBlock            "sbqp-ipAddrBlock"
-#define NID_sbqp_ipAddrBlock           290
-#define OBJ_sbqp_ipAddrBlock           OBJ_id_pe,7L
+#define SN_sbgp_ipAddrBlock            "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock           290
+#define OBJ_sbgp_ipAddrBlock           OBJ_id_pe,7L
 
-#define SN_sbqp_autonomousSysNum               "sbqp-autonomousSysNum"
-#define NID_sbqp_autonomousSysNum              291
-#define OBJ_sbqp_autonomousSysNum              OBJ_id_pe,8L
+#define SN_sbgp_autonomousSysNum               "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum              291
+#define OBJ_sbgp_autonomousSysNum              OBJ_id_pe,8L
 
-#define SN_sbqp_routerIdentifier               "sbqp-routerIdentifier"
-#define NID_sbqp_routerIdentifier              292
-#define OBJ_sbqp_routerIdentifier              OBJ_id_pe,9L
+#define SN_sbgp_routerIdentifier               "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier              292
+#define OBJ_sbgp_routerIdentifier              OBJ_id_pe,9L
 
 #define SN_ac_proxying         "ac-proxying"
 #define NID_ac_proxying                397
index 9b3e6dd..17bab5f 100644 (file)
@@ -101,6 +101,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
        {
        GENERAL_NAME *gen;
        gen = GENERAL_NAME_new();
+       if (gen == NULL)
+               return 0;
        if (!X509_NAME_set(&gen->d.directoryName, nm))
                {
                GENERAL_NAME_free(gen);
index fed5edb..e056bff 100644 (file)
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x0090800fL
+#define OPENSSL_VERSION_NUMBER 0x0090801fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 0.9.8-fips 05 Jul 2005"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 0.9.8a-fips 11 Oct 2005"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 0.9.8 05 Jul 2005"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 0.9.8a 11 Oct 2005"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
index a9ac52d..66cbc7e 100644 (file)
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 #ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
index 489e71a..1644dfc 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #ifndef OPENSSL_NO_FP_API
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
index 0458093..4e554e5 100644 (file)
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>       /* for OPENSSL_NO_RSA */
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
index bbc13e5..3ad33c4 100644 (file)
@@ -94,9 +94,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
        /* Extract useful info from parameter */
+       if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+           param->value.sequence == NULL) {
+               PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
+               return 0;
+       }
+
        pbuf = param->value.sequence->data;
-       if (!param || (param->type != V_ASN1_SEQUENCE) ||
-          !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+       if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
                return 0;
        }
index f0f80a7..a4bbba0 100644 (file)
@@ -62,6 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <openssl/err.h>
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                         void *value);
@@ -307,6 +308,17 @@ err:
        return(out);
        }
 
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+       {
+       int ret;
+       ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                               pcert->cert_info->issuer);
+       if (ret)
+               return ret;
+       return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+                                       ri->issuer_and_serial->serial);
+       }
+
 /* int */
 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        {
@@ -417,18 +429,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 * (if any)
                 */
 
-               for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-                       ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                       if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                                       pcert->cert_info->issuer) &&
-                            !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                                       ri->issuer_and_serial->serial)) break;
-                       ri=NULL;
-               }
-               if (ri == NULL) {
-                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-                       goto err;
+               if (pcert) {
+                       for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                               ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                               if (!pkcs7_cmp_ri(ri, pcert))
+                                       break;
+                               ri=NULL;
+                       }
+                       if (ri == NULL) {
+                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                     PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                               goto err;
+                       }
                }
 
                jj=EVP_PKEY_size(pkey);
@@ -439,12 +451,40 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        goto err;
                        }
 
-               jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
-                       M_ASN1_STRING_length(ri->enc_key), pkey);
-               if (jj <= 0)
+               /* If we haven't got a certificate try each ri in turn */
+
+               if (pcert == NULL)
                        {
-                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
-                       goto err;
+                       for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                               {
+                               ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                               jj=EVP_PKEY_decrypt(tmp,
+                                       M_ASN1_STRING_data(ri->enc_key),
+                                       M_ASN1_STRING_length(ri->enc_key),
+                                               pkey);
+                               if (jj > 0)
+                                       break;
+                               ERR_clear_error();
+                               ri = NULL;
+                               }
+                       if (ri == NULL)
+                               {
+                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                     PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
+                               goto err;
+                               }
+                       }
+               else
+                       {
+                       jj=EVP_PKEY_decrypt(tmp,
+                               M_ASN1_STRING_data(ri->enc_key),
+                               M_ASN1_STRING_length(ri->enc_key), pkey);
+                       if (jj <= 0)
+                               {
+                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                                               ERR_R_EVP_LIB);
+                               goto err;
+                               }
                        }
 
                evp_ctx=NULL;
index b6146d7..1f4a0a1 100644 (file)
@@ -441,7 +441,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                return 0;
        }
 
-       if(!X509_check_private_key(cert, pkey)) {
+       if(cert && !X509_check_private_key(cert, pkey)) {
                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
                                PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                return 0;
index 952f379..cc092d2 100644 (file)
@@ -432,6 +432,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE               136
 #define PKCS7_R_NO_MULTIPART_BOUNDARY                   137
 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE        115
+#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY                146
 #define PKCS7_R_NO_SIGNATURES_ON_DATA                   123
 #define PKCS7_R_NO_SIGNERS                              142
 #define PKCS7_R_NO_SIG_CONTENT_TYPE                     138
index 309664d..4cd2934 100644 (file)
@@ -124,6 +124,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
+{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
 {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
 {ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
index 14837a7..5d031d9 100644 (file)
@@ -155,7 +155,8 @@ int RAND_poll(void)
 #ifdef DEVRANDOM
        static const char *randomfiles[] = { DEVRANDOM };
        struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
-       int fd,i;
+       int fd;
+       size_t i;
 #endif
 #ifdef DEVRANDOM_EGD
        static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -185,7 +186,8 @@ int RAND_poll(void)
                        {
                        struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
                                                              each file. */
-                       int r,j;
+                       int r;
+                       size_t j;
                        fd_set fset;
                        struct stat *st=&randomstats[i];
 
index cab3080..4953642 100644 (file)
@@ -84,6 +84,10 @@ static unsigned char key_table[256]={
        0xfe,0x7f,0xc1,0xad,
        };
 
+#if defined(_MSC_VER) && defined(_ARM_)
+#pragma optimize("g",off)
+#endif
+
 /* It has come to my attention that there are 2 versions of the RC2
  * key schedule.  One which is normal, and anther which has a hook to
  * use a reduced key length.
@@ -136,3 +140,6 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
                *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
        }
 
+#if defined(_MSC_VER)
+#pragma optimize("",on)
+#endif
index 73fa6ee..c5582b9 100644 (file)
@@ -80,7 +80,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
 
        /* The problem is when building with 8, 16, or 32 BN_ULONG,
         * unsigned long can be larger */
-       for (i=0; i<sizeof(unsigned long)*8; i++)
+       for (i=0; i<(int)sizeof(unsigned long)*8; i++)
                {
                if (e_value & (1UL<<i))
                        BN_set_bit(e,i);
index 620ac55..56da944 100644 (file)
@@ -283,9 +283,9 @@ static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
        else
                {
                int ret;
-               CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+               CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
                ret = BN_BLINDING_convert_ex(f, r, b, ctx);
-               CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+               CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
                return ret;
                }
 }
@@ -298,9 +298,9 @@ static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
        else
                {
                int ret;
-               CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+               CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
                ret = BN_BLINDING_invert_ex(f, r, b, ctx);
-               CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
+               CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
                return ret;
                }
 }
index 2815628..e19d18c 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
+static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
+
+#if defined(_MSC_VER) && defined(_ARM_)
+#pragma optimize("g", off)
+#endif
 
 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                        const EVP_MD *Hash, const unsigned char *EM, int sLen)
@@ -259,3 +263,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        return ret;
 
        }
+
+#if defined(_MSC_VER)
+#pragma optimize("",on)
+#endif
index 4ce2db9..6281313 100644 (file)
 # endif
 
 # ifdef SHA1_ASM
-#  if !defined(B_ENDIAN)
-#   if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#   if !defined(B_ENDIAN)
 #    define sha1_block_host_order              sha1_block_asm_host_order
 #    define DONT_IMPLEMENT_BLOCK_HOST_ORDER
 #    define sha1_block_data_order              sha1_block_asm_data_order
 #    define DONT_IMPLEMENT_BLOCK_DATA_ORDER
 #    define HASH_BLOCK_DATA_ORDER_ALIGNED      sha1_block_asm_data_order
-#   elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-#    define sha1_block_host_order              sha1_block_asm_host_order
-#    define DONT_IMPLEMENT_BLOCK_HOST_ORDER
-#    define sha1_block_data_order              sha1_block_asm_data_order
-#    define DONT_IMPLEMENT_BLOCK_DATA_ORDER
 #   endif
+#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#   define sha1_block_host_order               sha1_block_asm_host_order
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order               sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
 #  endif
 # endif
   void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
index b3a7a42..e9e503e 100644 (file)
@@ -179,10 +179,13 @@ err:
 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
                if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
 #endif
-               if (ret->data != NULL) sk_free(ret->data);
-               if (ret->index != NULL) OPENSSL_free(ret->index);
-               if (ret->qual != NULL) OPENSSL_free(ret->qual);
-               if (ret != NULL) OPENSSL_free(ret);
+               if (ret != NULL)
+                       {
+                       if (ret->data != NULL) sk_free(ret->data);
+                       if (ret->index != NULL) OPENSSL_free(ret->index);
+                       if (ret->qual != NULL) OPENSSL_free(ret->qual);
+                       if (ret != NULL) OPENSSL_free(ret);
+                       }
                return(NULL);
                }
        else
index 1a8f3ce..7ab249c 100644 (file)
@@ -620,8 +620,10 @@ UI_METHOD *UI_create_method(char *name)
        UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
 
        if (ui_method)
+               {
                memset(ui_method, 0, sizeof(*ui_method));
-       ui_method->name = BUF_strdup(name);
+               ui_method->name = BUF_strdup(name);
+               }
        return ui_method;
        }
 
index 68cc543..aa4a556 100644 (file)
 #include <openssl/ui.h>
 #include <openssl/crypto.h>
 
+#ifdef _
+#undef _
+#endif
+
 struct ui_method_st
        {
        char *name;
index 7c80f5f..1f23a45 100644 (file)
@@ -578,7 +578,9 @@ static int close_console(UI *ui)
 /* Internal functions to handle signals and act on them */
 static void pushsig(void)
        {
+#ifndef OPENSSL_SYS_WIN32
        int i;
+#endif
 #ifdef SIGACTION
        struct sigaction sa;
 
@@ -586,6 +588,14 @@ static void pushsig(void)
        sa.sa_handler=recsig;
 #endif
 
+#ifdef OPENSSL_SYS_WIN32
+       savsig[SIGABRT]=signal(SIGABRT,recsig);
+       savsig[SIGFPE]=signal(SIGFPE,recsig);
+       savsig[SIGILL]=signal(SIGILL,recsig);
+       savsig[SIGINT]=signal(SIGINT,recsig);
+       savsig[SIGSEGV]=signal(SIGSEGV,recsig);
+       savsig[SIGTERM]=signal(SIGTERM,recsig);
+#else
        for (i=1; i<NX509_SIG; i++)
                {
 #ifdef SIGUSR1
@@ -606,6 +616,7 @@ static void pushsig(void)
                savsig[i]=signal(i,recsig);
 #endif
                }
+#endif
 
 #ifdef SIGWINCH
        signal(SIGWINCH,SIG_DFL);
@@ -614,8 +625,15 @@ static void pushsig(void)
 
 static void popsig(void)
        {
+#ifdef OPENSSL_SYS_WIN32
+       signal(SIGABRT,savsig[SIGABRT]);
+       signal(SIGFPE,savsig[SIGFPE]);
+       signal(SIGILL,savsig[SIGILL]);
+       signal(SIGINT,savsig[SIGINT]);
+       signal(SIGSEGV,savsig[SIGSEGV]);
+       signal(SIGTERM,savsig[SIGTERM]);
+#else
        int i;
-
        for (i=1; i<NX509_SIG; i++)
                {
 #ifdef SIGUSR1
@@ -632,6 +650,7 @@ static void popsig(void)
                signal(i,savsig[i]);
 #endif
                }
+#endif
        }
 
 static void recsig(int i)
index bd1fdec..65968c4 100644 (file)
@@ -125,7 +125,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
        X509_ATTRIBUTE *new_attr=NULL;
        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
 
-       if ((x != NULL) && (*x == NULL))
+       if (x == NULL)
+               {
+               X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+               goto err2;
+               } 
+
+       if (*x == NULL)
                {
                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
                        goto err;
@@ -137,7 +143,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
                goto err2;
        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
                goto err;
-       if ((x != NULL) && (*x == NULL))
+       if (*x == NULL)
                *x=sk;
        return(sk);
 err:
index 67b1796..42e6f0a 100644 (file)
@@ -147,7 +147,13 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
        int n;
        STACK_OF(X509_EXTENSION) *sk=NULL;
 
-       if ((x != NULL) && (*x == NULL))
+       if (x == NULL)
+               {
+               X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
+               goto err2;
+               }
+
+       if (*x == NULL)
                {
                if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
                        goto err;
@@ -163,7 +169,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
                goto err2;
        if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
                goto err;
-       if ((x != NULL) && (*x == NULL))
+       if (*x == NULL)
                *x=sk;
        return(sk);
 err:
index 85bd640..3f16330 100644 (file)
@@ -478,6 +478,9 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                const X509_VERIFY_PARAM *from);
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                       unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
index 087e878..82cff88 100644 (file)
@@ -211,6 +211,17 @@ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
        return 1;
        }
 
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
+       {
+       param->flags &= ~flags;
+       return 1;
+       }
+
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
+       {
+       return param->flags;
+       }
+
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
        {
        return X509_PURPOSE_set(&param->purpose, purpose);
index 84ec5d5..9039caa 100644 (file)
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 int X509_verify(X509 *a, EVP_PKEY *r)
        {
index e3a19bf..b38b3db 100644 (file)
@@ -341,7 +341,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        X509_NAME_ENTRY *ne;
        GENERAL_NAME *gen = NULL;
        int i;
-       if(ctx->flags == CTX_TEST) return 1;
+       if(ctx != NULL && ctx->flags == CTX_TEST)
+               return 1;
        if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
                X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
                goto err;
index 9784b14..e5b8c5a 100644 (file)
@@ -139,7 +139,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i, ia5org;
        pols = sk_POLICYINFO_new_null();
+       if (pols == NULL) {
+               X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
        vals =  X509V3_parse_list(value);
+       if (vals == NULL) {
+               X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+               goto err;
+       }
        ia5org = 0;
        for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
                cnf = sk_CONF_VALUE_value(vals, i);
@@ -178,6 +186,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
        return pols;
        err:
+       sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
        return NULL;
 }
index 191cfef..7911c4b 100644 (file)
@@ -826,13 +826,13 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                                break;
                                }
 #ifndef CHARSET_EBCDIC
-                       if (*p == '+')
+               if (*type == '+')
 #else
-                       if (*p == os_toascii['+'])
+               if (*type == os_toascii['+'])
 #endif
                        {
                        mval = -1;
-                       p++;
+                       type++;
                        }
                else
                        mval = 0;
index 965d1aa..5068d1b 100644 (file)
@@ -245,7 +245,7 @@ extern "C" {
 #  define NO_DIRENT
 
 #  ifdef WINDOWS
-#    ifndef _WIN32_WINNT
+#    if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
        /*
        * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
        * Most notably we ought to check for availability of each specific
@@ -565,6 +565,9 @@ extern HINSTANCE _hInstance;
 extern char *sys_errlist[]; extern int sys_nerr;
 # define strerror(errnum) \
        (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+  /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
+#include "crypto/o_str.h"
+# define memcmp OPENSSL_memcmp
 #endif
 
 #ifndef OPENSSL_EXIT
index 5cceb85..1cbdf5b 100644 (file)
@@ -84,16 +84,6 @@ extern "C" {
 
 /* ---------------------- Microsoft operating systems ---------------------- */
 
-/* The 16 bit environments are pretty straightforward */
-#if defined(OPENSSL_SYSNAME_WIN16) || defined(OPENSSL_SYSNAME_MSDOS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MSDOS
-#endif
-#if defined(OPENSSL_SYSNAME_WIN16)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN16
-#endif
-
 /* For 32 bit environment, there seems to be the CygWin environment and then
    all the others that try to do the same thing Microsoft does... */
 #if defined(OPENSSL_SYSNAME_UWIN)
@@ -120,7 +110,7 @@ extern "C" {
 #endif
 
 /* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
 # undef OPENSSL_SYS_UNIX
 # define OPENSSL_SYS_WINDOWS
 # ifndef OPENSSL_SYS_MSDOS
@@ -211,9 +201,6 @@ extern "C" {
 
 
 /* Specials for I/O an exit */
-#ifdef OPENSSL_SYS_WIN16
-# define OPENSSL_NO_FP_API
-#endif
 #ifdef OPENSSL_SYS_MSDOS
 # define OPENSSL_UNISTD_IO <io.h>
 # define OPENSSL_DECLARE_EXIT extern void exit(int);
index 7d850a8..0f1dae7 100644 (file)
@@ -61,7 +61,9 @@
 #include <openssl/objects.h>
 #include <openssl/engine.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -109,8 +111,10 @@ static int getModulusAndExponent(const unsigned char *token, long *exponentLengt
 static int cca_get_random_bytes(unsigned char*, int );
 static int cca_random_status(void);
 
+#ifndef OPENSSL_NO_RSA
 static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
                int idx,long argl, void *argp);
+#endif
 
 /* Function pointers for CCA verbs */
 /*---------------------------------*/
@@ -154,7 +158,9 @@ static const char* n_pkaDecrypt = CSNDPKD;
 #endif
 static const char* n_randomNumberGenerate = CSNBRNG;
 
+#ifndef OPENSSL_NO_RSA
 static int hndidx = -1;
+#endif
 static DSO *dso = NULL;
 
 /* openssl engine initialization structures */
@@ -221,8 +227,10 @@ static int bind_helper(ENGINE *e)
                        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
                        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
                        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+#ifndef OPENSSL_NO_RSA
                        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
                        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+#endif
                        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
                return 0;
        /* Ensure the error handling is set up */
@@ -304,8 +312,10 @@ static int ibm_4758_cca_init(ENGINE *e)
                }
 #endif
 
+#ifndef OPENSSL_NO_RSA
        hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
                NULL, NULL, cca_ex_free);
+#endif
 
        return 1;
 err:
@@ -313,13 +323,15 @@ err:
                DSO_free(dso);
        dso = NULL;
 
+#ifndef OPENSSL_NO_RSA
        keyRecordRead = (F_KEYRECORDREAD)0;
-       randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
        digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
        pkaEncrypt = (F_PKAENCRYPT)0;
        pkaDecrypt = (F_PKADECRYPT)0;
+#endif
+       randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
        return 0;
        }
 
@@ -339,6 +351,7 @@ static int ibm_4758_cca_finish(ENGINE *e)
                return 0;
                }
        dso = NULL;
+#ifndef OPENSSL_NO_RSA
        keyRecordRead = (F_KEYRECORDREAD)0;
        randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
@@ -346,6 +359,8 @@ static int ibm_4758_cca_finish(ENGINE *e)
        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
        pkaEncrypt = (F_PKAENCRYPT)0;
        pkaDecrypt = (F_PKADECRYPT)0;
+#endif
+       randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
        return 1;
        }
 
@@ -951,12 +966,14 @@ static int cca_get_random_bytes(unsigned char* buf, int num)
        return 1;
        }
 
+#ifndef OPENSSL_NO_RSA
 static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
                long argl, void *argp)
        {
        if (item)
                OPENSSL_free(item);
        }
+#endif
 
 /* Goo to handle building as a dynamic engine */
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 
index c175a18..7307ddf 100644 (file)
@@ -69,9 +69,15 @@ typedef int pid_t;
 #include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/buffer.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -98,12 +104,14 @@ static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
 static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
 
 /* BIGNUM stuff */
+#ifndef OPENSSL_NO_RSA
 static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        const BIGNUM *m, BN_CTX *ctx);
 
 static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,
        const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
        const BIGNUM *iqmp, BN_CTX *ctx);
+#endif
 
 /* RSA stuff */
 #ifndef OPENSSL_NO_RSA
@@ -111,8 +119,10 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
 #endif
 
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
+#ifndef OPENSSL_NO_RSA
 static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
 
 /* DSA stuff */
 #ifndef OPENSSL_NO_DSA
@@ -630,6 +640,7 @@ static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        return to_return;
        }
        
+#ifndef OPENSSL_NO_RSA
 static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        const BIGNUM *q, const BIGNUM *dmp1,
        const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
@@ -666,6 +677,7 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  err:
        return rv;
        }
+#endif
        
 
 #ifdef AEPRAND
@@ -821,12 +833,14 @@ static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
        }
 #endif
 
+#ifndef OPENSSL_NO_RSA
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
        return aep_mod_exp(r, a, p, m, ctx);
        }
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
index 8e11048..fabaa86 100644 (file)
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -91,10 +97,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 #ifndef OPENSSL_NO_RSA
 /* RSA stuff */
 static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
 
 #ifndef OPENSSL_NO_DSA
 /* DSA stuff */
@@ -563,12 +569,14 @@ static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
        }
 #endif
 
+#ifndef OPENSSL_NO_RSA
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
        return atalla_mod_exp(r, a, p, m, ctx);
        }
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
index 2ef96f9..26108ca 100644 (file)
 #include <openssl/engine.h>
 #include <openssl/ui.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -108,9 +112,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 /* RSA stuff */
 static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
 #endif
+#ifndef OPENSSL_NO_RSA
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* DH stuff */
@@ -129,8 +135,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
+#ifndef OPENSSL_NO_RSA
 static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
        int ind,long argl, void *argp);
+#endif
 
 /* Interaction stuff */
 static int hwcrhk_insert_card(const char *prompt_info,
@@ -763,8 +771,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 #if !defined(OPENSSL_NO_RSA)
        char tempbuf[1024];
        HWCryptoHook_ErrMsgBuf rmsg;
-#endif
        HWCryptoHook_PassphraseContext ppctx;
+#endif
 
 #if !defined(OPENSSL_NO_RSA)
        rmsg.buf = tempbuf;
@@ -1072,12 +1080,14 @@ err:
        }
 #endif
 
+#ifndef OPENSSL_NO_RSA
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
        return hwcrhk_mod_exp(r, a, p, m, ctx);
        }
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
@@ -1136,7 +1146,7 @@ static int hwcrhk_rand_status(void)
        }
 
 /* This cleans up an RSA KM key, called when ex_data is freed */
-
+#ifndef OPENSSL_NO_RSA
 static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
        int ind,long argl, void *argp)
 {
@@ -1161,6 +1171,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
                 }
 #endif
 }
+#endif
 
 /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
  * these just wrap the POSIX functions and add some logging.
index 56a1967..d5f1d4e 100644 (file)
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 
@@ -98,22 +104,26 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+#ifndef OPENSSL_NO_RSA
 static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
+#endif
 
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
                const BIGNUM *iqmp, BN_CTX *ctx);
+#endif
 
 #ifndef OPENSSL_NO_RSA
 /* RSA stuff */
 static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
 
 #ifndef OPENSSL_NO_DSA
 /* DSA stuff */
@@ -570,6 +580,7 @@ err:
        }
 
 
+#ifndef OPENSSL_NO_RSA
 int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
 {
        int mod;
@@ -591,7 +602,9 @@ int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
 
        return 1;
 }
+#endif
 
+#ifndef OPENSSL_NO_RSA
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *q, const BIGNUM *dmp1,
@@ -723,6 +736,7 @@ err:
                release_context(hac);
        return to_return;
        }
+#endif
  
 #ifndef OPENSSL_NO_RSA
 static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
@@ -760,7 +774,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx
 err:
        return to_return;
        }
-#endif
 
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -788,6 +801,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
        return cswift_mod_exp(r, a, p, m, ctx);
        }
+#endif /* OPENSSL_NO_RSA */
 
 #ifndef OPENSSL_NO_DSA
 static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
@@ -1048,7 +1062,7 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
        /* limitation of cswift with values not a multiple of 32                */
        /************************************************************************/
 
-       while(num >= sizeof(buf32))
+       while(num >= (int)sizeof(buf32))
        {
                largenum.value = buf;
                largenum.nbytes = sizeof(buf32);
index f6875d1..4c2537c 100644 (file)
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -242,11 +248,13 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
 #endif
 
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
+#ifndef OPENSSL_NO_RSA
 static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                              const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
        return nuron_mod_exp(r, a, p, m, ctx);
        }
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
index 66ffaf2..424b82f 100644 (file)
 #include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
@@ -82,10 +88,12 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        const BIGNUM *m, BN_CTX *ctx);
 
 /* RSA stuff */
+#ifndef OPENSSL_NO_RSA
 static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
                        RSA *rsa,int padding);
 static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
                            RSA *rsa,int padding);
+#endif
 
 /* RAND stuff */
 static int surewarehk_rand_bytes(unsigned char *buf, int num);
index f0e4f73..8b6c98b 100644 (file)
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
index 92661a9..b746a50 100644 (file)
@@ -1229,7 +1229,7 @@ dtls1_min_mtu(void)
 static unsigned int 
 dtls1_guess_mtu(unsigned int curr_mtu)
        {
-       int i;
+       size_t i;
 
        if ( curr_mtu == 0 )
                return g_probable_mtu[0] ;
index 0f840f4..f10b34b 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
 static SSL_METHOD *dtls1_get_client_method(int ver);
 static int dtls1_get_hello_verify(SSL *s);
@@ -133,28 +136,10 @@ static SSL_METHOD *dtls1_get_client_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *DTLSv1_client_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD DTLSv1_client_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&DTLSv1_client_data,(char *)dtlsv1_base_method(),
-                               sizeof(SSL_METHOD));
-                       DTLSv1_client_data.ssl_connect=dtls1_connect;
-                       DTLSv1_client_data.get_ssl_method=dtls1_get_client_method;
-                       init=0;
-                       }
-               
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&DTLSv1_client_data);
-       }
+IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
+                       ssl_undefined_function,
+                       dtls1_connect,
+                       dtls1_get_client_method)
 
 int dtls1_connect(SSL *s)
        {
@@ -386,11 +371,15 @@ int dtls1_connect(SSL *s)
                        s->init_num=0;
 
                        s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                       s->session->compress_meth=0;
+#else
                        if (s->s3->tmp.new_compression == NULL)
                                s->session->compress_meth=0;
                        else
                                s->session->compress_meth=
                                        s->s3->tmp.new_compression->id;
+#endif
                        if (!s->method->ssl3_enc->setup_key_block(s))
                                {
                                ret= -1;
@@ -538,7 +527,7 @@ int dtls1_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-       int i,j;
+       unsigned int i,j;
        unsigned long Time,l;
        SSL_COMP *comp;
 
index 458ce54..7830811 100644 (file)
@@ -63,9 +63,7 @@
 
 const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT;
 
-static long dtls1_default_timeout(void);
-
-static SSL3_ENC_METHOD DTLSv1_enc_data={
+SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
        tls1_mac,
        tls1_setup_key_block,
@@ -79,49 +77,17 @@ static SSL3_ENC_METHOD DTLSv1_enc_data={
        tls1_alert_code,
        };
 
-static SSL_METHOD DTLSv1_data= {
-       DTLS1_VERSION,
-       dtls1_new,
-       dtls1_clear,
-       dtls1_free,
-       ssl_undefined_function,
-       ssl_undefined_function,
-       ssl3_read,
-       ssl3_peek,
-       ssl3_write,
-       ssl3_shutdown,
-       ssl3_renegotiate,
-       ssl3_renegotiate_check,
-       dtls1_get_message,
-       dtls1_read_bytes,
-       dtls1_write_app_data_bytes,
-       dtls1_dispatch_alert,
-       ssl3_ctrl,
-       ssl3_ctx_ctrl,
-       ssl3_get_cipher_by_char,
-       ssl3_put_cipher_by_char,
-       ssl3_pending,
-       ssl3_num_ciphers,
-       ssl3_get_cipher,
-       ssl_bad_method,
-       dtls1_default_timeout,
-       &DTLSv1_enc_data,
-       ssl_undefined_void_function,
-       ssl3_callback_ctrl,
-       ssl3_ctx_callback_ctrl,
-       };
-
-static long dtls1_default_timeout(void)
+long dtls1_default_timeout(void)
        {
        /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
         * is way too long for http, the cache would over fill */
        return(60*60*2);
        }
 
-SSL_METHOD *dtlsv1_base_method(void)
-       {
-       return(&DTLSv1_data);
-       }
+IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
+                       ssl_undefined_function,
+                       ssl_undefined_function,
+                       ssl_bad_method)
 
 int dtls1_new(SSL *s)
        {
index dc4c8ed..8a6cf31 100644 (file)
@@ -70,27 +70,8 @@ static SSL_METHOD *dtls1_get_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *DTLSv1_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD DTLSv1_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-               
-               if (init)
-                       {
-                       memcpy((char *)&DTLSv1_data,(char *)dtlsv1_base_method(),
-                               sizeof(SSL_METHOD));
-                       DTLSv1_data.ssl_connect=dtls1_connect;
-                       DTLSv1_data.ssl_accept=dtls1_accept;
-                       DTLSv1_data.get_ssl_method=dtls1_get_method;
-                       init=0;
-                       }
+IMPLEMENT_dtls1_meth_func(DTLSv1_method,
+                       dtls1_accept,
+                       dtls1_connect,
+                       dtls1_get_method)
 
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       
-       return(&DTLSv1_data);
-       }
index 6d07dd4..180fc6e 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
 static SSL_METHOD *dtls1_get_server_method(int ver);
 static int dtls1_send_hello_verify_request(SSL *s);
@@ -133,28 +136,10 @@ static SSL_METHOD *dtls1_get_server_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *DTLSv1_server_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD DTLSv1_server_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&DTLSv1_server_data,(char *)dtlsv1_base_method(),
-                               sizeof(SSL_METHOD));
-                       DTLSv1_server_data.ssl_accept=dtls1_accept;
-                       DTLSv1_server_data.get_ssl_method=dtls1_get_server_method;
-                       init=0;
-                       }
-                       
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&DTLSv1_server_data);
-       }
+IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
+                       dtls1_accept,
+                       ssl_undefined_function,
+                       dtls1_get_server_method)
 
 int dtls1_accept(SSL *s)
        {
@@ -673,7 +658,8 @@ int dtls1_send_server_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-       int i,sl;
+       int i;
+       unsigned int sl;
        unsigned long l,Time;
 
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
@@ -719,10 +705,14 @@ int dtls1_send_server_hello(SSL *s)
                p+=i;
 
                /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+               *(p++)=0;
+#else
                if (s->s3->tmp.new_compression == NULL)
                        *(p++)=0;
                else
                        *(p++)=s->s3->tmp.new_compression->id;
+#endif
 
                /* do the header */
                l=(p-d);
index b21308b..8bac26c 100644 (file)
@@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv23_client_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv23_client_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv23_client_data,
-                               (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                       SSLv23_client_data.ssl_connect=ssl23_connect;
-                       SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
-                       init=0;
-                       }
-
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv23_client_data);
-       }
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+                       ssl_undefined_function,
+                       ssl23_connect,
+                       ssl23_get_client_method)
 
 int ssl23_connect(SSL *s)
        {
index 2c51298..fc29813 100644 (file)
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static int ssl23_num_ciphers(void );
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, void *buf, int len);
-static int ssl23_peek(SSL *s, void *buf, int len);
-static int ssl23_write(SSL *s, const void *buf, int len);
-static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
-
-static SSL_METHOD SSLv23_data= {
-       TLS1_VERSION,
-       tls1_new,
-       tls1_clear,
-       tls1_free,
-       ssl_undefined_function,
-       ssl_undefined_function,
-       ssl23_read,
-       ssl23_peek,
-       ssl23_write,
-       ssl_undefined_function,
-       ssl_undefined_function,
-       ssl_ok,
-       ssl3_get_message,
-       ssl3_read_bytes,
-       ssl3_write_bytes,
-       ssl3_dispatch_alert,
-       ssl3_ctrl,
-       ssl3_ctx_ctrl,
-       ssl23_get_cipher_by_char,
-       ssl23_put_cipher_by_char,
-       ssl_undefined_const_function,
-       ssl23_num_ciphers,
-       ssl23_get_cipher,
-       ssl_bad_method,
-       ssl23_default_timeout,
-       &ssl3_undef_enc_method,
-       ssl_undefined_void_function,
-       ssl3_callback_ctrl,
-       ssl3_ctx_callback_ctrl,
-       };
-
-static long ssl23_default_timeout(void)
+long ssl23_default_timeout(void)
        {
        return(300);
        }
 
-SSL_METHOD *sslv23_base_method(void)
-       {
-       return(&SSLv23_data);
-       }
+IMPLEMENT_ssl23_meth_func(sslv23_base_method,
+                       ssl_undefined_function,
+                       ssl_undefined_function,
+                       ssl_bad_method)
 
-static int ssl23_num_ciphers(void)
+int ssl23_num_ciphers(void)
        {
        return(ssl3_num_ciphers()
 #ifndef OPENSSL_NO_SSL2
@@ -121,7 +79,7 @@ static int ssl23_num_ciphers(void)
            );
        }
 
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+SSL_CIPHER *ssl23_get_cipher(unsigned int u)
        {
        unsigned int uu=ssl3_num_ciphers();
 
@@ -137,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 
 /* This function needs to check if the ciphers required are actually
  * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
        {
        SSL_CIPHER c,*cp;
        unsigned long id;
@@ -155,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
        return(cp);
        }
 
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
        {
        long l;
 
@@ -170,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
        return(3);
        }
 
-static int ssl23_read(SSL *s, void *buf, int len)
+int ssl23_read(SSL *s, void *buf, int len)
        {
        int n;
 
@@ -193,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len)
                }
        }
 
-static int ssl23_peek(SSL *s, void *buf, int len)
+int ssl23_peek(SSL *s, void *buf, int len)
        {
        int n;
 
@@ -216,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len)
                }
        }
 
-static int ssl23_write(SSL *s, const void *buf, int len)
+int ssl23_write(SSL *s, const void *buf, int len)
        {
        int n;
 
index f207140..c88569d 100644 (file)
@@ -73,27 +73,8 @@ static SSL_METHOD *ssl23_get_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv23_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv23_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-               
-               if (init)
-                       {
-                       memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv23_data.ssl_connect=ssl23_connect;
-                       SSLv23_data.ssl_accept=ssl23_accept;
-                       SSLv23_data.get_ssl_method=ssl23_get_method;
-                       init=0;
-                       }
-               
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv23_data);
-       }
+IMPLEMENT_ssl23_meth_func(SSLv23_method,
+                       ssl23_accept,
+                       ssl23_connect,
+                       ssl23_get_method)
 
index c5404ca..5cd00f8 100644 (file)
@@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv23_server_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv23_server_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv23_server_data,
-                               (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                       SSLv23_server_data.ssl_accept=ssl23_accept;
-                       SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-                       init=0;
-                       }
-
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv23_server_data);
-       }
+IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+                       ssl23_accept,
+                       ssl_undefined_function,
+                       ssl23_get_server_method)
 
 int ssl23_accept(SSL *s)
        {
@@ -268,9 +250,6 @@ int ssl23_get_client_hello(SSL *s)
        int n=0,j;
        int type=0;
        int v[2];
-#ifndef OPENSSL_NO_RSA
-       int use_sslv2_strong=0;
-#endif
 
        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
                {
@@ -519,9 +498,7 @@ int ssl23_get_client_hello(SSL *s)
                        }
 
                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-               if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-                       use_sslv2_strong ||
-                       (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+               if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
                        s->s2->ssl2_rollback=0;
                else
                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
index 33ea759..0c9e24d 100644 (file)
@@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_client_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv2_client_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv2_client_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv2_client_data.ssl_connect=ssl2_connect;
-                       SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
-                       init=0;
-                       }
-
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv2_client_data);
-       }
+IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
+                       ssl_undefined_function,
+                       ssl2_connect,
+                       ssl2_get_client_method)
 
 int ssl2_connect(SSL *s)
        {
index a454d73..d2cce75 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
-static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
+/* list of available SSLv2 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* NULL_WITH_MD5 v3 */
 #if 0
@@ -84,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 #endif
-/* RC4_128_EXPORT40_WITH_MD5 */
-       {
-       1,
-       SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
-       SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
-       SSL_EXPORT|SSL_EXP40,
-       SSL2_CF_5_BYTE_ENC,
-       40,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
 /* RC4_128_WITH_MD5 */
        {
        1,
@@ -110,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+/* RC4_128_EXPORT40_WITH_MD5 */
        {
        1,
-       SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
-       SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+       SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+       SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
        SSL_EXPORT|SSL_EXP40,
        SSL2_CF_5_BYTE_ENC,
        40,
@@ -136,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+       {
+       1,
+       SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+       SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+       SSL_EXPORT|SSL_EXP40,
+       SSL2_CF_5_BYTE_ENC,
+       40,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
 /* IDEA_128_CBC_WITH_MD5 */
 #ifndef OPENSSL_NO_IDEA
        {
@@ -211,47 +211,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* end of list :-) */
        };
 
-static SSL_METHOD SSLv2_data= {
-       SSL2_VERSION,
-       ssl2_new,       /* local */
-       ssl2_clear,     /* local */
-       ssl2_free,      /* local */
-       ssl_undefined_function,
-       ssl_undefined_function,
-       ssl2_read,
-       ssl2_peek,
-       ssl2_write,
-       ssl2_shutdown,
-       ssl_ok, /* NULL - renegotiate */
-       ssl_ok, /* NULL - check renegotiate */
-       NULL, /* NULL - ssl_get_message */
-       NULL, /* NULL - ssl_get_record */
-       NULL, /* NULL - ssl_write_bytes */
-       NULL, /* NULL - dispatch_alert */
-       ssl2_ctrl,      /* local */
-       ssl2_ctx_ctrl,  /* local */
-       ssl2_get_cipher_by_char,
-       ssl2_put_cipher_by_char,
-       ssl2_pending,
-       ssl2_num_ciphers,
-       ssl2_get_cipher,
-       ssl_bad_method,
-       ssl2_default_timeout,
-       &ssl3_undef_enc_method,
-       ssl_undefined_void_function,
-       ssl2_callback_ctrl,     /* local */
-       ssl2_ctx_callback_ctrl, /* local */
-       };
-
-static long ssl2_default_timeout(void)
+long ssl2_default_timeout(void)
        {
        return(300);
        }
 
-SSL_METHOD *sslv2_base_method(void)
-       {
-       return(&SSLv2_data);
-       }
+IMPLEMENT_ssl2_meth_func(sslv2_base_method,
+                       ssl_undefined_function,
+                       ssl_undefined_function,
+                       ssl_bad_method)
 
 int ssl2_num_ciphers(void)
        {
@@ -371,42 +339,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
  * available */
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
        {
-       static int init=1;
-       static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
-       SSL_CIPHER c,*cp= &c,**cpp;
+       SSL_CIPHER c,*cp;
        unsigned long id;
-       unsigned int i;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
-               if (init)
-                       {
-                       for (i=0; i<SSL2_NUM_CIPHERS; i++)
-                               sorted[i]= &(ssl2_ciphers[i]);
-
-                       qsort((char *)sorted,
-                               SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                               FP_ICC ssl_cipher_ptr_id_cmp);
-
-                       init=0;
-                       }
-                       
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-               }
 
        id=0x02000000L|((unsigned long)p[0]<<16L)|
                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
        c.id=id;
-       cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
-               (char *)sorted,
-               SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-               FP_ICC ssl_cipher_ptr_id_cmp);
-       if ((cpp == NULL) || !(*cpp)->valid)
-               return(NULL);
+       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+               (char *)ssl2_ciphers,
+               SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
+               FP_ICC ssl_cipher_id_cmp);
+       if ((cp == NULL) || (cp->valid == 0))
+               return NULL;
        else
-               return(*cpp);
+               return cp;
        }
 
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
index 8b6cbd0..a35e435 100644 (file)
@@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv2_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv2_data;
+IMPLEMENT_ssl2_meth_func(SSLv2_method,
+                       ssl2_accept,
+                       ssl2_connect,
+                       ssl2_get_method)
 
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-               
-               if (init)
-                       {
-                       memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv2_data.ssl_connect=ssl2_connect;
-                       SSLv2_data.ssl_accept=ssl2_accept;
-                       SSLv2_data.get_ssl_method=ssl2_get_method;
-                       init=0;
-                       }
-               
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv2_data);
-       }
 #else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
index 546feb5..247cc89 100644 (file)
@@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_server_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv2_server_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv2_server_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv2_server_data.ssl_accept=ssl2_accept;
-                       SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
-                       init=0;
-                       }
-
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv2_server_data);
-       }
+IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
+                       ssl2_accept,
+                       ssl_undefined_function,
+                       ssl2_get_server_method)
 
 int ssl2_accept(SSL *s)
        {
index d4f7cec..eb7e87f 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
@@ -149,28 +151,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv3_client_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv3_client_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv3_client_data.ssl_connect=ssl3_connect;
-                       SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
-                       init=0;
-                       }
-
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv3_client_data);
-       }
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+                       ssl_undefined_function,
+                       ssl3_connect,
+                       ssl3_get_client_method)
 
 int ssl3_connect(SSL *s)
        {
@@ -385,11 +369,15 @@ int ssl3_connect(SSL *s)
                        s->init_num=0;
 
                        s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                       s->session->compress_meth=0;
+#else
                        if (s->s3->tmp.new_compression == NULL)
                                s->session->compress_meth=0;
                        else
                                s->session->compress_meth=
                                        s->s3->tmp.new_compression->id;
+#endif
                        if (!s->method->ssl3_enc->setup_key_block(s))
                                {
                                ret= -1;
@@ -533,9 +521,12 @@ int ssl3_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-       int i,j;
+       int i;
        unsigned long Time,l;
+#ifndef OPENSSL_NO_COMP
+       int j;
        SSL_COMP *comp;
+#endif
 
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -594,6 +585,9 @@ int ssl3_client_hello(SSL *s)
                p+=i;
 
                /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+               *(p++)=1;
+#else
                if (s->ctx->comp_methods == NULL)
                        j=0;
                else
@@ -604,6 +598,7 @@ int ssl3_client_hello(SSL *s)
                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
                        *(p++)=comp->id;
                        }
+#endif
                *(p++)=0; /* Add the NULL method */
                
                l=(p-d);
@@ -631,7 +626,9 @@ int ssl3_get_server_hello(SSL *s)
        int i,al,ok;
        unsigned int j;
        long n;
+#ifndef OPENSSL_NO_COMP
        SSL_COMP *comp;
+#endif
 
        n=s->method->ssl_get_message(s,
                SSL3_ST_CR_SRVR_HELLO_A,
@@ -762,6 +759,14 @@ int ssl3_get_server_hello(SSL *s)
 
        /* lets get the compression algorithm */
        /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+       if (*(p++) != 0)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               goto f_err;
+               }
+#else
        j= *(p++);
        if (j == 0)
                comp=NULL;
@@ -778,6 +783,7 @@ int ssl3_get_server_hello(SSL *s)
                {
                s->s3->tmp.new_compression=comp;
                }
+#endif
 
        if (p != (d+n))
                {
@@ -1608,6 +1614,7 @@ int ssl3_get_server_done(SSL *s)
        }
 
 
+#ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        {
@@ -1619,8 +1626,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        return SHA1(in, inlen, out);
 #else
        return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
        }
+#endif /* OPENSSL_NO_ECDH */
 
 int ssl3_send_client_key_exchange(SSL *s)
        {
@@ -2132,7 +2140,7 @@ int ssl3_send_client_verify(SSL *s)
        unsigned u=0;
 #endif
        unsigned long n;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
 #endif
 
index 6d92050..561a984 100644 (file)
@@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
        unsigned char *ms,*key,*iv,*er1,*er2;
        EVP_CIPHER_CTX *dd;
        const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
        COMP_METHOD *comp;
+#endif
        const EVP_MD *m;
        EVP_MD_CTX md;
        int is_exp,n,i,j,k,cl;
@@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
        is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
        if (s->s3->tmp.new_compression == NULL)
                comp=NULL;
        else
                comp=s->s3->tmp.new_compression->method;
+#endif
        key_block=s->s3->tmp.key_block;
 
        if (which & SSL3_CC_READ)
@@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_read_ctx;
                s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->expand != NULL)
                        {
@@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        if (s->s3->rrec.comp == NULL)
                                goto err;
                        }
+#endif
                memset(&(s->s3->read_sequence[0]),0,8);
                mac_secret= &(s->s3->read_mac_secret[0]);
                }
@@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_write_ctx;
                s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->compress != NULL)
                        {
@@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                                goto err2;
                                }
                        }
+#endif
                memset(&(s->s3->write_sequence[0]),0,8);
                mac_secret= &(s->s3->write_mac_secret[0]);
                }
@@ -363,7 +371,11 @@ int ssl3_setup_key_block(SSL *s)
 
        s->s3->tmp.new_sym_enc=c;
        s->s3->tmp.new_hash=hash;
+#ifdef OPENSSL_NO_COMP
+       s->s3->tmp.new_compression=NULL;
+#else
        s->s3->tmp.new_compression=comp;
+#endif
 
        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
        num*=2;
index 4585ac3..33e1077 100644 (file)
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/pq_compat.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS       (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
-static long ssl3_default_timeout(void );
-
+/* list of available SSLv3 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The RSA ciphers */
 /* Cipher 01 */
@@ -164,75 +165,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-
-/* anon DH */
-/* Cipher 17 */
-       {
-       1,
-       SSL3_TXT_ADH_RC4_40_MD5,
-       SSL3_CK_ADH_RC4_40_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-       SSL_EXPORT|SSL_EXP40,
-       0,
-       40,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
-/* Cipher 18 */
-       {
-       1,
-       SSL3_TXT_ADH_RC4_128_MD5,
-       SSL3_CK_ADH_RC4_128_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-       SSL_NOT_EXP|SSL_MEDIUM,
-       0,
-       128,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
-/* Cipher 19 */
-       {
-       1,
-       SSL3_TXT_ADH_DES_40_CBC_SHA,
-       SSL3_CK_ADH_DES_40_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
-       SSL_EXPORT|SSL_EXP40,
-       0,
-       40,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
-/* Cipher 1A */
-       {
-       1,
-       SSL3_TXT_ADH_DES_64_CBC_SHA,
-       SSL3_CK_ADH_DES_64_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP|SSL_LOW,
-       0,
-       56,
-       56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
-/* Cipher 1B */
-       {
-       1,
-       SSL3_TXT_ADH_DES_192_CBC_SHA,
-       SSL3_CK_ADH_DES_192_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP|SSL_HIGH,
-       0,
-       168,
-       168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
-       },
-
-/* RSA again */
 /* Cipher 03 */
        {
        1,
@@ -339,8 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-
-/*  The DH ciphers */
+/* The DH ciphers */
 /* Cipher 0B */
        {
        0,
@@ -499,6 +430,71 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
+/* Cipher 17 */
+       {
+       1,
+       SSL3_TXT_ADH_RC4_40_MD5,
+       SSL3_CK_ADH_RC4_40_MD5,
+       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+       SSL_EXPORT|SSL_EXP40,
+       0,
+       40,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 18 */
+       {
+       1,
+       SSL3_TXT_ADH_RC4_128_MD5,
+       SSL3_CK_ADH_RC4_128_MD5,
+       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 19 */
+       {
+       1,
+       SSL3_TXT_ADH_DES_40_CBC_SHA,
+       SSL3_CK_ADH_DES_40_CBC_SHA,
+       SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_EXPORT|SSL_EXP40,
+       0,
+       40,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 1A */
+       {
+       1,
+       SSL3_TXT_ADH_DES_64_CBC_SHA,
+       SSL3_CK_ADH_DES_64_CBC_SHA,
+       SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_NOT_EXP|SSL_LOW,
+       0,
+       56,
+       56,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 1B */
+       {
+       1,
+       SSL3_TXT_ADH_DES_192_CBC_SHA,
+       SSL3_CK_ADH_DES_192_CBC_SHA,
+       SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
 
 /* Fortezza */
 /* Cipher 1C */
@@ -746,262 +742,165 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 #endif /* OPENSSL_NO_KRB5 */
+/* New AES ciphersuites */
 
+/* Cipher 2F */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_128_SHA,
+       TLS1_CK_RSA_WITH_AES_128_SHA,
+       SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 30 */
+       {
+       0,
+       TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+       TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+       SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 31 */
+       {
+       0,
+       TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+       TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+       SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 32 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+       TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+       SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 33 */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+       TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+       SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 34 */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_128_SHA,
+       TLS1_CK_ADH_WITH_AES_128_SHA,
+       SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
 
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-       /* New TLS Export CipherSuites */
-       /* Cipher 60 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 61 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 62 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 63 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 64 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 65 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 66 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS
-           },
-#endif
-       /* New AES ciphersuites */
-
-       /* Cipher 2F */
-           {
-           1,
-           TLS1_TXT_RSA_WITH_AES_128_SHA,
-           TLS1_CK_RSA_WITH_AES_128_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 30 */
-           {
-           0,
-           TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-           TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-           SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 31 */
-           {
-           0,
-           TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-           TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-           SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 32 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-           TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 33 */
-           {
-           1,
-           TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-           TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-           SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 34 */
-           {
-           1,
-           TLS1_TXT_ADH_WITH_AES_128_SHA,
-           TLS1_CK_ADH_WITH_AES_128_SHA,
-           SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-
-       /* Cipher 35 */
-           {
-           1,
-           TLS1_TXT_RSA_WITH_AES_256_SHA,
-           TLS1_CK_RSA_WITH_AES_256_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 36 */
-           {
-           0,
-           TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-           TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-           SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 37 */
-           {
-           0,
-           TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-           TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-           SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 38 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-           TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 39 */
-           {
-           1,
-           TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-           TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-           SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+/* Cipher 35 */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_256_SHA,
+       TLS1_CK_RSA_WITH_AES_256_SHA,
+       SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 36 */
+       {
+       0,
+       TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+       TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+       SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 37 */
+       {
+       0,
+       TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+       TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+       SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 38 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+       TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+       SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
+/* Cipher 39 */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+       TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+       SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
        /* Cipher 3A */
-           {
-           1,
-           TLS1_TXT_ADH_WITH_AES_256_SHA,
-           TLS1_CK_ADH_WITH_AES_256_SHA,
-           SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_HIGH,
-           0,
-           256,
-           256,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_256_SHA,
+       TLS1_CK_ADH_WITH_AES_256_SHA,
+       SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       SSL_ALL_CIPHERS,
+       SSL_ALL_STRENGTHS,
+       },
 #ifndef OPENSSL_NO_ECDH
        /* Cipher 47 */
            {
@@ -1065,7 +964,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
             SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_MEDIUM,
+            SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
             128,
@@ -1087,36 +986,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             SSL_ALL_STRENGTHS,
             },
 
-       /* Cipher 5B */
-       /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
-            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP40,
-            0,
-            40,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-
-       /* Cipher 5C */
-       /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
-            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56,
-            0,
-            56,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-
        /* Cipher 4D */
            {
             1,
@@ -1179,7 +1048,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
             SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_MEDIUM,
+            SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
             128,
@@ -1312,7 +1181,134 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             SSL_ALL_CIPHERS,
             SSL_ALL_STRENGTHS,
             },
+       /* Cipher 5B */
+       /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
+           {
+            1,
+            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
+            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP40,
+            0,
+            40,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+       /* Cipher 5C */
+       /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
+           {
+            1,
+            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
+            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+#endif /* OPENSSL_NO_ECDH */
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+       /* New TLS Export CipherSuites */
+       /* Cipher 60 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 61 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 62 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 63 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 64 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 65 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 66 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_NOT_EXP|SSL_MEDIUM,
+           0,
+           128,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS
+           },
+#endif
 
+#ifndef OPENSSL_NO_ECDH
        /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
         * are not yet specified in the ECC/TLS draft but our code
         * allows them to be implemented very easily. To add such
@@ -1326,7 +1322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
             SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_MEDIUM,
+            SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
             128,
@@ -1342,20 +1338,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
             SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_MEDIUM,
+            SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
             128,
             SSL_ALL_CIPHERS,
             SSL_ALL_STRENGTHS,
             },
-
 #endif /* !OPENSSL_NO_ECDH */
 
 /* end of list */
        };
 
-static SSL3_ENC_METHOD SSLv3_enc_data={
+SSL3_ENC_METHOD SSLv3_enc_data={
        ssl3_enc,
        ssl3_mac,
        ssl3_setup_key_block,
@@ -1369,49 +1364,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={
        ssl3_alert_code,
        };
 
-static SSL_METHOD SSLv3_data= {
-       SSL3_VERSION,
-       ssl3_new,
-       ssl3_clear,
-       ssl3_free,
-       ssl_undefined_function,
-       ssl_undefined_function,
-       ssl3_read,
-       ssl3_peek,
-       ssl3_write,
-       ssl3_shutdown,
-       ssl3_renegotiate,
-       ssl3_renegotiate_check,
-       ssl3_get_message,
-       ssl3_read_bytes,
-       ssl3_write_bytes,
-       ssl3_dispatch_alert,
-       ssl3_ctrl,
-       ssl3_ctx_ctrl,
-       ssl3_get_cipher_by_char,
-       ssl3_put_cipher_by_char,
-       ssl3_pending,
-       ssl3_num_ciphers,
-       ssl3_get_cipher,
-       ssl_bad_method,
-       ssl3_default_timeout,
-       &SSLv3_enc_data,
-       ssl_undefined_void_function,
-       ssl3_callback_ctrl,
-       ssl3_ctx_callback_ctrl,
-       };
-
-static long ssl3_default_timeout(void)
+long ssl3_default_timeout(void)
        {
        /* 2 hours, the 24 hours mentioned in the SSLv3 spec
         * is way too long for http, the cache would over fill */
        return(60*60*2);
        }
 
-SSL_METHOD *sslv3_base_method(void)
-       {
-       return(&SSLv3_data);
-       }
+IMPLEMENT_ssl3_meth_func(sslv3_base_method,
+                       ssl_undefined_function,
+                       ssl_undefined_function,
+                       ssl_bad_method)
 
 int ssl3_num_ciphers(void)
        {
@@ -1837,12 +1800,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
                        return 0;
                        }
-               if (!EC_KEY_up_ref((EC_KEY *)parg))
+               ecdh = EC_KEY_dup((EC_KEY *)parg);
+               if (ecdh == NULL)
                        {
-                       SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+                       SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
                        return 0;
                        }
-               ecdh = (EC_KEY *)parg;
                if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
                        {
                        if (!EC_KEY_generate_key(ecdh))
@@ -1923,41 +1886,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
  * available */
 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
        {
-       static int init=1;
-       static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
-       SSL_CIPHER c,*cp= &c,**cpp;
+       SSL_CIPHER c,*cp;
        unsigned long id;
-       unsigned int i;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
-               if (init)
-                       {
-                       for (i=0; i<SSL3_NUM_CIPHERS; i++)
-                               sorted[i]= &(ssl3_ciphers[i]);
-
-                       qsort(sorted,
-                               SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                               FP_ICC ssl_cipher_ptr_id_cmp);
-
-                       init=0;
-                       }
-               
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-               }
 
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
        c.id=id;
-       cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
-               (char *)sorted,
-               SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-               FP_ICC ssl_cipher_ptr_id_cmp);
-       if ((cpp == NULL) || !(*cpp)->valid)
-               return(NULL);
+       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+               (char *)ssl3_ciphers,
+               SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
+               FP_ICC ssl_cipher_id_cmp);
+       if (cp == NULL || cp->valid == 0)
+               return NULL;
        else
-               return(*cpp);
+               return cp;
        }
 
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
index 1fd7a96..6a6eb1c 100644 (file)
@@ -69,27 +69,9 @@ static SSL_METHOD *ssl3_get_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv3_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv3_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-               
-               if (init)
-                       {
-                       memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv3_data.ssl_connect=ssl3_connect;
-                       SSLv3_data.ssl_accept=ssl3_accept;
-                       SSLv3_data.get_ssl_method=ssl3_get_method;
-                       init=0;
-                       }
+IMPLEMENT_ssl3_meth_func(SSLv3_method,
+                       ssl3_accept,
+                       ssl3_connect,
+                       ssl3_get_method)
 
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv3_data);
-       }
 
index f90bb77..d0f54e2 100644 (file)
@@ -476,6 +476,7 @@ err:
 
 int ssl3_do_uncompress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *rr;
 
@@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl)
        else
                rr->length=i;
        rr->data=rr->comp;
-
+#endif
        return(1);
        }
 
 int ssl3_do_compress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *wr;
 
@@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl)
                wr->length=i;
 
        wr->input=wr->data;
+#endif
        return(1);
        }
 
index 29cb217..f762480 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
@@ -154,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver)
                return(NULL);
        }
 
-SSL_METHOD *SSLv3_server_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD SSLv3_server_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-                               sizeof(SSL_METHOD));
-                       SSLv3_server_data.ssl_accept=ssl3_accept;
-                       SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                       init=0;
-                       }
-                       
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&SSLv3_server_data);
-       }
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+                       ssl3_accept,
+                       ssl_undefined_function,
+                       ssl3_get_server_method)
 
 int ssl3_accept(SSL *s)
        {
@@ -682,7 +666,9 @@ int ssl3_get_client_hello(SSL *s)
        unsigned long id;
        unsigned char *p,*d,*q;
        SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
        SSL_COMP *comp=NULL;
+#endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
        /* We do this so that we will respond with our native type.
@@ -913,6 +899,7 @@ int ssl3_get_client_hello(SSL *s)
         * options, we will now look for them.  We have i-1 compression
         * algorithms from the client, starting at q. */
        s->s3->tmp.new_compression=NULL;
+#ifndef OPENSSL_NO_COMP
        if (s->ctx->comp_methods != NULL)
                { /* See if we have a match */
                int m,nn,o,v,done=0;
@@ -937,6 +924,7 @@ int ssl3_get_client_hello(SSL *s)
                else
                        comp=NULL;
                }
+#endif
 
        /* TLS does not mind if there is extra stuff */
 #if 0   /* SSL 3.0 does not mind either, so we should disable this test
@@ -960,7 +948,11 @@ int ssl3_get_client_hello(SSL *s)
 
        if (!s->hit)
                {
+#ifdef OPENSSL_NO_COMP
+               s->session->compress_meth=0;
+#else
                s->session->compress_meth=(comp == NULL)?0:comp->id;
+#endif
                if (s->session->ciphers != NULL)
                        sk_SSL_CIPHER_free(s->session->ciphers);
                s->session->ciphers=ciphers;
@@ -1086,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s)
                p+=i;
 
                /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+                       *(p++)=0;
+#else
                if (s->s3->tmp.new_compression == NULL)
                        *(p++)=0;
                else
                        *(p++)=s->s3->tmp.new_compression->id;
+#endif
 
                /* do the header */
                l=(p-d);
@@ -1642,6 +1638,7 @@ err:
        }
 
 
+#ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        {
@@ -1653,8 +1650,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        return SHA1(in, inlen, out);
 #else
        return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
        }
+#endif /* OPENSSL_NO_ECDH */
 
 int ssl3_get_client_key_exchange(SSL *s)
        {
index ab4626b..1a96f04 100644 (file)
@@ -480,7 +480,7 @@ typedef struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x00000040L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x00000040L /* no effect since 0.9.7h and 0.9.8b */
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                        0x00000080L
 #define SSL_OP_TLS_D5_BUG                              0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200L
index 1e762f2..bacaff1 100644 (file)
@@ -254,7 +254,11 @@ extern "C" {
 #endif
 
 #define SSL3_RT_MAX_PLAIN_LENGTH               16384
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH  SSL3_RT_MAX_PLAIN_LENGTH
+#else
 #define SSL3_RT_MAX_COMPRESSED_LENGTH  (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#endif
 #define SSL3_RT_MAX_ENCRYPTED_LENGTH   (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
 #define SSL3_RT_MAX_PACKET_SIZE                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                  (1024*1024)
index 1a41b99..ac82d45 100644 (file)
@@ -115,6 +115,8 @@ int SSL_library_init(void)
           be discarded safely */
        (void)SSL_COMP_get_compression_methods();
 #endif
+       /* initialize cipher/digest methods table */
+       ssl_load_ciphers();
        return(1);
        }
 
index 0c9bd07..7908dcc 100644 (file)
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 #include "ssl_locl.h"
 
@@ -198,7 +200,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_DH
        if (cert->dh_tmp != NULL)
                {
-               /* DH parameters don't have a reference count */
                ret->dh_tmp = DHparams_dup(cert->dh_tmp);
                if (ret->dh_tmp == NULL)
                        {
@@ -232,8 +233,12 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_ECDH
        if (cert->ecdh_tmp)
                {
-               EC_KEY_up_ref(cert->ecdh_tmp);
-               ret->ecdh_tmp = cert->ecdh_tmp;
+               ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+               if (ret->ecdh_tmp == NULL)
+                       {
+                       SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+                       goto err;
+                       }
                }
        ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
 #endif
index 9493e2d..cdd7a9a 100644 (file)
@@ -165,9 +165,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
        };
 
-static int init_ciphers=1;
-
-static void load_ciphers(void)
+void ssl_load_ciphers(void)
        {
        ssl_cipher_methods[SSL_ENC_DES_IDX]= 
                EVP_get_cipherbyname(SN_des_cbc);
@@ -192,9 +190,11 @@ static void load_ciphers(void)
                EVP_get_digestbyname(SN_md5);
        ssl_digest_methods[SSL_MD_SHA1_IDX]=
                EVP_get_digestbyname(SN_sha1);
-       init_ciphers=0;
        }
 
+
+#ifndef OPENSSL_NO_COMP
+
 static int sk_comp_cmp(const SSL_COMP * const *a,
                        const SSL_COMP * const *b)
        {
@@ -234,6 +234,7 @@ static void load_builtin_compressions(void)
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
        }
+#endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
             const EVP_MD **md, SSL_COMP **comp)
@@ -246,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        if (comp != NULL)
                {
                SSL_COMP ctmp;
-
+#ifndef OPENSSL_NO_COMP
                load_builtin_compressions();
+#endif
 
                *comp=NULL;
                ctmp.id=s->compress_meth;
@@ -816,13 +818,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
                return NULL;
 
-       if (init_ciphers)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-               if (init_ciphers) load_ciphers();
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-               }
-
        /*
         * To reduce the work to do we only want to process the compiled
         * in algorithms, so we first get the mask of disabled ciphers.
@@ -1141,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
        return(NULL);
        }
 
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
+       {
+       return NULL;
+       }
+int SSL_COMP_add_compression_method(int id, void *cm)
+       {
+       return 1;
+       }
+
+const char *SSL_COMP_get_name(const void *comp)
+       {
+       return NULL;
+       }
+#else
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
        {
        load_builtin_compressions();
@@ -1201,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
        return NULL;
        }
 
+#endif
index 383ba33..dfc1bad 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -136,7 +138,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
        ssl_undefined_function,
        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
        (int (*)(SSL*, int))ssl_undefined_function,
-       (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
+       (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+       0,      /* finish_mac_length */
+       (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+       NULL,   /* client_finished_label */
+       0,      /* client_finished_label_len */
+       NULL,   /* server_finished_label */
+       0,      /* server_finished_label_len */
+       (int (*)(int))ssl_undefined_function
        };
 
 int SSL_clear(SSL *s)
@@ -1551,7 +1560,10 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
        int rsa_tmp_export,dh_tmp_export,kl;
        unsigned long mask,emask;
-       int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+       int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+       int have_ecdh_tmp;
+#endif
        X509 *x = NULL;
        EVP_PKEY *ecc_pkey = NULL;
        int signature_nid = 0;
@@ -2234,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                OPENSSL_free(s->enc_write_ctx);
                s->enc_write_ctx=NULL;
                }
+#ifndef OPENSSL_NO_COMP
        if (s->expand != NULL)
                {
                COMP_CTX_free(s->expand);
@@ -2244,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                COMP_CTX_free(s->compress);
                s->compress=NULL;
                }
+#endif
        }
 
 /* Fix this function so that it takes an optional type parameter */
@@ -2270,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
                return(s->session->cipher);
        return(NULL);
        }
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+       {
+       return NULL;
+       }
+const void *SSL_get_current_expansion(SSL *s)
+       {
+       return NULL;
+       }
+#else
 
 const COMP_METHOD *SSL_get_current_compression(SSL *s)
        {
@@ -2284,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
                return(s->expand->meth);
        return(NULL);
        }
+#endif
 
 int ssl_init_wbio_buffer(SSL *s,int push)
        {
index 8cbe26c..0bebaf0 100644 (file)
 #include <openssl/comp.h>
 #include <openssl/bio.h>
 #include <openssl/stack.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/symhacks.h>
@@ -511,6 +515,195 @@ SSL_METHOD *sslv2_base_method(void);
 SSL_METHOD *sslv23_base_method(void);
 SSL_METHOD *sslv3_base_method(void);
 
+extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD SSLv3_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
+#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+       { \
+       static SSL_METHOD func_name##_data= { \
+               TLS1_VERSION, \
+               tls1_new, \
+               tls1_clear, \
+               tls1_free, \
+               s_accept, \
+               s_connect, \
+               ssl3_read, \
+               ssl3_peek, \
+               ssl3_write, \
+               ssl3_shutdown, \
+               ssl3_renegotiate, \
+               ssl3_renegotiate_check, \
+               ssl3_get_message, \
+               ssl3_read_bytes, \
+               ssl3_write_bytes, \
+               ssl3_dispatch_alert, \
+               ssl3_ctrl, \
+               ssl3_ctx_ctrl, \
+               ssl3_get_cipher_by_char, \
+               ssl3_put_cipher_by_char, \
+               ssl3_pending, \
+               ssl3_num_ciphers, \
+               ssl3_get_cipher, \
+               s_get_meth, \
+               tls1_default_timeout, \
+               &TLSv1_enc_data, \
+               ssl_undefined_void_function, \
+               ssl3_callback_ctrl, \
+               ssl3_ctx_callback_ctrl, \
+       }; \
+       return &func_name##_data; \
+       }
+
+#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+       { \
+       static SSL_METHOD func_name##_data= { \
+               SSL3_VERSION, \
+               ssl3_new, \
+               ssl3_clear, \
+               ssl3_free, \
+               s_accept, \
+               s_connect, \
+               ssl3_read, \
+               ssl3_peek, \
+               ssl3_write, \
+               ssl3_shutdown, \
+               ssl3_renegotiate, \
+               ssl3_renegotiate_check, \
+               ssl3_get_message, \
+               ssl3_read_bytes, \
+               ssl3_write_bytes, \
+               ssl3_dispatch_alert, \
+               ssl3_ctrl, \
+               ssl3_ctx_ctrl, \
+               ssl3_get_cipher_by_char, \
+               ssl3_put_cipher_by_char, \
+               ssl3_pending, \
+               ssl3_num_ciphers, \
+               ssl3_get_cipher, \
+               s_get_meth, \
+               ssl3_default_timeout, \
+               &SSLv3_enc_data, \
+               ssl_undefined_void_function, \
+               ssl3_callback_ctrl, \
+               ssl3_ctx_callback_ctrl, \
+       }; \
+       return &func_name##_data; \
+       }
+
+#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+       { \
+       static SSL_METHOD func_name##_data= { \
+       TLS1_VERSION, \
+       tls1_new, \
+       tls1_clear, \
+       tls1_free, \
+       s_accept, \
+       s_connect, \
+       ssl23_read, \
+       ssl23_peek, \
+       ssl23_write, \
+       ssl_undefined_function, \
+       ssl_undefined_function, \
+       ssl_ok, \
+       ssl3_get_message, \
+       ssl3_read_bytes, \
+       ssl3_write_bytes, \
+       ssl3_dispatch_alert, \
+       ssl3_ctrl, \
+       ssl3_ctx_ctrl, \
+       ssl23_get_cipher_by_char, \
+       ssl23_put_cipher_by_char, \
+       ssl_undefined_const_function, \
+       ssl23_num_ciphers, \
+       ssl23_get_cipher, \
+       s_get_meth, \
+       ssl23_default_timeout, \
+       &ssl3_undef_enc_method, \
+       ssl_undefined_void_function, \
+       ssl3_callback_ctrl, \
+       ssl3_ctx_callback_ctrl, \
+       }; \
+       return &func_name##_data; \
+       }
+
+#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+       { \
+       static SSL_METHOD func_name##_data= { \
+               SSL2_VERSION, \
+               ssl2_new,       /* local */ \
+               ssl2_clear,     /* local */ \
+               ssl2_free,      /* local */ \
+               s_accept, \
+               s_connect, \
+               ssl2_read, \
+               ssl2_peek, \
+               ssl2_write, \
+               ssl2_shutdown, \
+               ssl_ok, /* NULL - renegotiate */ \
+               ssl_ok, /* NULL - check renegotiate */ \
+               NULL, /* NULL - ssl_get_message */ \
+               NULL, /* NULL - ssl_get_record */ \
+               NULL, /* NULL - ssl_write_bytes */ \
+               NULL, /* NULL - dispatch_alert */ \
+               ssl2_ctrl,      /* local */ \
+               ssl2_ctx_ctrl,  /* local */ \
+               ssl2_get_cipher_by_char, \
+               ssl2_put_cipher_by_char, \
+               ssl2_pending, \
+               ssl2_num_ciphers, \
+               ssl2_get_cipher, \
+               s_get_meth, \
+               ssl2_default_timeout, \
+               &ssl3_undef_enc_method, \
+               ssl_undefined_void_function, \
+               ssl2_callback_ctrl,     /* local */ \
+               ssl2_ctx_callback_ctrl, /* local */ \
+       }; \
+       return &func_name##_data; \
+       }
+
+#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+       { \
+       static SSL_METHOD func_name##_data= { \
+               DTLS1_VERSION, \
+               dtls1_new, \
+               dtls1_clear, \
+               dtls1_free, \
+               s_accept, \
+               s_connect, \
+               ssl3_read, \
+               ssl3_peek, \
+               ssl3_write, \
+               ssl3_shutdown, \
+               ssl3_renegotiate, \
+         &n