From 5bd86ce5b79f5cc2484c902be23430c617ca27b4 Mon Sep 17 00:00:00 2001 From: Simon Schubert Date: Sat, 3 Dec 2005 13:48:16 +0000 Subject: [PATCH] Import OpenSSL 0.9.8a --- crypto/openssl-0.9/CHANGES | 52 +- crypto/openssl-0.9/FAQ | 2 +- crypto/openssl-0.9/NEWS | 5 + crypto/openssl-0.9/PROBLEMS | 15 + crypto/openssl-0.9/README | 2 +- crypto/openssl-0.9/apps/CA.pl | 2 +- crypto/openssl-0.9/apps/apps.c | 2 + crypto/openssl-0.9/apps/ca.c | 1 - crypto/openssl-0.9/apps/dh.c | 1 + crypto/openssl-0.9/apps/dhparam.c | 1 + crypto/openssl-0.9/apps/dsa.c | 1 + crypto/openssl-0.9/apps/dsaparam.c | 1 + crypto/openssl-0.9/apps/gendh.c | 1 + crypto/openssl-0.9/apps/gendsa.c | 1 + crypto/openssl-0.9/apps/genrsa.c | 1 + crypto/openssl-0.9/apps/openssl.cnf | 2 +- crypto/openssl-0.9/apps/prime.c | 2 +- crypto/openssl-0.9/apps/req.c | 9 + crypto/openssl-0.9/apps/rsa.c | 1 + crypto/openssl-0.9/apps/rsautl.c | 1 + crypto/openssl-0.9/apps/s_client.c | 4 + crypto/openssl-0.9/apps/s_server.c | 33 +- crypto/openssl-0.9/apps/smime.c | 4 +- crypto/openssl-0.9/apps/speed.c | 16 +- crypto/openssl-0.9/apps/x509.c | 4 + crypto/openssl-0.9/crypto/aes/aes_locl.h | 2 +- crypto/openssl-0.9/crypto/asn1/a_bitstr.c | 4 +- crypto/openssl-0.9/crypto/asn1/a_strex.c | 4 +- crypto/openssl-0.9/crypto/asn1/asn1.h | 1 + crypto/openssl-0.9/crypto/asn1/asn1_err.c | 1 + crypto/openssl-0.9/crypto/asn1/asn1_par.c | 2 +- crypto/openssl-0.9/crypto/asn1/t_pkey.c | 24 +- crypto/openssl-0.9/crypto/asn1/t_req.c | 4 + crypto/openssl-0.9/crypto/asn1/t_spki.c | 4 + crypto/openssl-0.9/crypto/asn1/tasn_enc.c | 1 + crypto/openssl-0.9/crypto/asn1/tasn_new.c | 15 +- crypto/openssl-0.9/crypto/asn1/x_pubkey.c | 4 + crypto/openssl-0.9/crypto/bf/bf_enc.c | 4 +- crypto/openssl-0.9/crypto/bio/bss_file.c | 5 +- crypto/openssl-0.9/crypto/bn/bn.h | 18 +- crypto/openssl-0.9/crypto/bn/bn_asm.c | 28 + crypto/openssl-0.9/crypto/bn/bn_const.c | 402 +++++++++ crypto/openssl-0.9/crypto/bn/bn_div.c | 9 +- crypto/openssl-0.9/crypto/bn/bn_gcd.c | 3 +- crypto/openssl-0.9/crypto/bn/bn_lcl.h | 36 + crypto/openssl-0.9/crypto/bn/bn_mont.c | 2 +- crypto/openssl-0.9/crypto/bn/bn_recp.c | 4 +- crypto/openssl-0.9/crypto/bn/bn_sqr.c | 4 +- crypto/openssl-0.9/crypto/bn/bn_sqrt.c | 6 +- crypto/openssl-0.9/crypto/bn/bn_word.c | 15 +- crypto/openssl-0.9/crypto/conf/conf_def.c | 13 +- crypto/openssl-0.9/crypto/cryptlib.c | 22 +- crypto/openssl-0.9/crypto/des/cfb_enc.c | 4 +- crypto/openssl-0.9/crypto/des/des_old.h | 4 + crypto/openssl-0.9/crypto/dh/dh.h | 6 + crypto/openssl-0.9/crypto/dh/dh_check.c | 22 + crypto/openssl-0.9/crypto/dh/dh_err.c | 1 + crypto/openssl-0.9/crypto/dh/dh_key.c | 7 + crypto/openssl-0.9/crypto/dsa/dsa_lib.c | 2 + crypto/openssl-0.9/crypto/dso/dso_null.c | 2 + crypto/openssl-0.9/crypto/engine/eng_list.c | 24 +- .../openssl-0.9/crypto/engine/eng_openssl.c | 8 + .../openssl-0.9/crypto/engine/eng_padlock.c | 1 + crypto/openssl-0.9/crypto/engine/engine.h | 17 - crypto/openssl-0.9/crypto/engine/tb_dsa.c | 2 +- crypto/openssl-0.9/crypto/evp/e_null.c | 1 + crypto/openssl-0.9/crypto/evp/e_rc4.c | 2 + crypto/openssl-0.9/crypto/evp/e_xcbc_d.c | 1 + crypto/openssl-0.9/crypto/evp/evp_enc.c | 2 +- crypto/openssl-0.9/crypto/evp/evp_pkey.c | 4 + crypto/openssl-0.9/crypto/evp/m_dss.c | 3 + crypto/openssl-0.9/crypto/evp/m_dss1.c | 2 + crypto/openssl-0.9/crypto/evp/m_md2.c | 2 + crypto/openssl-0.9/crypto/evp/m_md4.c | 2 + crypto/openssl-0.9/crypto/evp/m_md5.c | 2 + crypto/openssl-0.9/crypto/evp/m_ripemd.c | 2 + crypto/openssl-0.9/crypto/evp/m_sha.c | 2 + crypto/openssl-0.9/crypto/evp/m_sha1.c | 2 + crypto/openssl-0.9/crypto/evp/p5_crpt.c | 9 +- crypto/openssl-0.9/crypto/evp/p5_crpt2.c | 9 +- crypto/openssl-0.9/crypto/evp/p_lib.c | 6 + crypto/openssl-0.9/crypto/md32_common.h | 3 +- crypto/openssl-0.9/crypto/objects/obj_dat.h | 118 +-- crypto/openssl-0.9/crypto/objects/obj_mac.h | 18 +- crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c | 2 + crypto/openssl-0.9/crypto/opensslv.h | 6 +- crypto/openssl-0.9/crypto/pem/pem_all.c | 6 + crypto/openssl-0.9/crypto/pem/pem_info.c | 4 + crypto/openssl-0.9/crypto/pem/pem_seal.c | 1 + crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c | 9 +- crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c | 74 +- crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c | 2 +- crypto/openssl-0.9/crypto/pkcs7/pkcs7.h | 1 + crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c | 1 + crypto/openssl-0.9/crypto/rand/rand_unix.c | 6 +- crypto/openssl-0.9/crypto/rc2/rc2_skey.c | 7 + crypto/openssl-0.9/crypto/rsa/rsa_depr.c | 2 +- crypto/openssl-0.9/crypto/rsa/rsa_eay.c | 8 +- crypto/openssl-0.9/crypto/rsa/rsa_pss.c | 10 +- crypto/openssl-0.9/crypto/sha/sha_locl.h | 14 +- crypto/openssl-0.9/crypto/txt_db/txt_db.c | 11 +- crypto/openssl-0.9/crypto/ui/ui_lib.c | 4 +- crypto/openssl-0.9/crypto/ui/ui_locl.h | 4 + crypto/openssl-0.9/crypto/ui/ui_openssl.c | 21 +- crypto/openssl-0.9/crypto/x509/x509_att.c | 10 +- crypto/openssl-0.9/crypto/x509/x509_v3.c | 10 +- crypto/openssl-0.9/crypto/x509/x509_vfy.h | 3 + crypto/openssl-0.9/crypto/x509/x509_vpm.c | 11 + crypto/openssl-0.9/crypto/x509/x_all.c | 4 + crypto/openssl-0.9/crypto/x509v3/v3_alt.c | 3 +- crypto/openssl-0.9/crypto/x509v3/v3_cpols.c | 9 + crypto/openssl-0.9/crypto/x509v3/v3_utl.c | 6 +- crypto/openssl-0.9/e_os.h | 5 +- crypto/openssl-0.9/e_os2.h | 15 +- crypto/openssl-0.9/engines/e_4758cca.c | 19 +- crypto/openssl-0.9/engines/e_aep.c | 14 + crypto/openssl-0.9/engines/e_atalla.c | 10 +- crypto/openssl-0.9/engines/e_chil.c | 15 +- crypto/openssl-0.9/engines/e_cswift.c | 20 +- crypto/openssl-0.9/engines/e_nuron.c | 8 + crypto/openssl-0.9/engines/e_sureware.c | 8 + crypto/openssl-0.9/engines/e_ubsec.c | 6 + crypto/openssl-0.9/ssl/d1_both.c | 2 +- crypto/openssl-0.9/ssl/d1_clnt.c | 35 +- crypto/openssl-0.9/ssl/d1_lib.c | 46 +- crypto/openssl-0.9/ssl/d1_meth.c | 27 +- crypto/openssl-0.9/ssl/d1_srvr.c | 36 +- crypto/openssl-0.9/ssl/s23_clnt.c | 26 +- crypto/openssl-0.9/ssl/s23_lib.c | 66 +- crypto/openssl-0.9/ssl/s23_meth.c | 27 +- crypto/openssl-0.9/ssl/s23_srvr.c | 33 +- crypto/openssl-0.9/ssl/s2_clnt.c | 26 +- crypto/openssl-0.9/ssl/s2_lib.c | 116 +-- crypto/openssl-0.9/ssl/s2_meth.c | 26 +- crypto/openssl-0.9/ssl/s2_srvr.c | 26 +- crypto/openssl-0.9/ssl/s3_clnt.c | 58 +- crypto/openssl-0.9/ssl/s3_enc.c | 12 + crypto/openssl-0.9/ssl/s3_lib.c | 805 ++++++++---------- crypto/openssl-0.9/ssl/s3_meth.c | 26 +- crypto/openssl-0.9/ssl/s3_pkt.c | 5 +- crypto/openssl-0.9/ssl/s3_srvr.c | 44 +- crypto/openssl-0.9/ssl/ssl.h | 2 +- crypto/openssl-0.9/ssl/ssl3.h | 4 + crypto/openssl-0.9/ssl/ssl_algs.c | 2 + crypto/openssl-0.9/ssl/ssl_cert.c | 11 +- crypto/openssl-0.9/ssl/ssl_ciph.c | 35 +- crypto/openssl-0.9/ssl/ssl_lib.c | 29 +- crypto/openssl-0.9/ssl/ssl_locl.h | 210 ++++- crypto/openssl-0.9/ssl/ssl_txt.c | 4 +- crypto/openssl-0.9/ssl/t1_clnt.c | 26 +- crypto/openssl-0.9/ssl/t1_enc.c | 8 + crypto/openssl-0.9/ssl/t1_lib.c | 46 +- crypto/openssl-0.9/ssl/t1_meth.c | 28 +- crypto/openssl-0.9/ssl/t1_srvr.c | 26 +- crypto/openssl-0.9/tools/c_rehash | 2 +- 155 files changed, 2058 insertions(+), 1277 deletions(-) create mode 100755 crypto/openssl-0.9/crypto/bn/bn_const.c diff --git a/crypto/openssl-0.9/CHANGES b/crypto/openssl-0.9/CHANGES index 47133b18d5..a84cebf5fc 100644 --- a/crypto/openssl-0.9/CHANGES +++ b/crypto/openssl-0.9/CHANGES @@ -2,6 +2,43 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8 and 0.9.8a [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CAN-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Add two function to clear and return the verify parameter flags. + [Steve Henson] + + *) Keep cipherlists sorted in the source instead of sorting them at + runtime, thus removing the need for a lock. + [Nils Larsch] + + *) Avoid some small subgroup attacks in Diffie-Hellman. + [Nick Mathewson and Ben Laurie] + + *) Add functions for well-known primes. + [Nick Mathewson] + + *) Extended Windows CE support. + [Satoshi Nakamura and Andy Polyakov] + + *) Initialize SSL_METHOD structures at compile time instead of during + runtime, thus removing the need for a lock. + [Steve Henson] + + *) Make PKCS7_decrypt() work even if no certificate is supplied by + attempting to decrypt each encrypted key in turn. Add support to + smime utility. + [Steve Henson] + Changes between 0.9.7h and 0.9.8 [05 Jul 2005] *) Add libcrypto.pc and libssl.pc for those who feel they need them. @@ -821,7 +858,17 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + Changes between 0.9.7g and 0.9.7h [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] *) Minimal support for X9.31 signatures and PSS padding modes. This is mainly for FIPS compliance and not fully integrated at this stage. @@ -872,6 +919,9 @@ Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + *) Fixes for newer kerberos headers. NB: the casts are needed because the 'length' field is signed on one version and unsigned on another with no (?) obvious way to tell the difference, without these VC++ diff --git a/crypto/openssl-0.9/FAQ b/crypto/openssl-0.9/FAQ index 82d8a6f887..0755cb24eb 100644 --- a/crypto/openssl-0.9/FAQ +++ b/crypto/openssl-0.9/FAQ @@ -72,7 +72,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8 was released on July 5th, 2005. +OpenSSL 0.9.8a was released on October 11th, 2005. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at #endif +#ifndef OPENSSL_NO_RSA #include +#endif #include #define NON_MAIN diff --git a/crypto/openssl-0.9/apps/ca.c b/crypto/openssl-0.9/apps/ca.c index 25717283b0..210b5e1ff4 100644 --- a/crypto/openssl-0.9/apps/ca.c +++ b/crypto/openssl-0.9/apps/ca.c @@ -969,7 +969,6 @@ bad: if (verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n",i); } - goto err; } /*****************************************************************/ diff --git a/crypto/openssl-0.9/apps/dh.c b/crypto/openssl-0.9/apps/dh.c index cd01fed139..c4d891e125 100644 --- a/crypto/openssl-0.9/apps/dh.c +++ b/crypto/openssl-0.9/apps/dh.c @@ -57,6 +57,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include diff --git a/crypto/openssl-0.9/apps/dhparam.c b/crypto/openssl-0.9/apps/dhparam.c index e3cabcfcdc..04bd57c6e8 100644 --- a/crypto/openssl-0.9/apps/dhparam.c +++ b/crypto/openssl-0.9/apps/dhparam.c @@ -109,6 +109,7 @@ * */ +#include /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include diff --git a/crypto/openssl-0.9/apps/dsa.c b/crypto/openssl-0.9/apps/dsa.c index b6f0ed3d02..a5ec5d7e6c 100644 --- a/crypto/openssl-0.9/apps/dsa.c +++ b/crypto/openssl-0.9/apps/dsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include diff --git a/crypto/openssl-0.9/apps/dsaparam.c b/crypto/openssl-0.9/apps/dsaparam.c index 14e79f9a21..c301e81af1 100644 --- a/crypto/openssl-0.9/apps/dsaparam.c +++ b/crypto/openssl-0.9/apps/dsaparam.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/crypto/openssl-0.9/apps/gendh.c b/crypto/openssl-0.9/apps/gendh.c index 69baa50b01..47497864b0 100644 --- a/crypto/openssl-0.9/apps/gendh.c +++ b/crypto/openssl-0.9/apps/gendh.c @@ -57,6 +57,7 @@ * [including the GNU Public Licence.] */ +#include /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/crypto/openssl-0.9/apps/gendsa.c b/crypto/openssl-0.9/apps/gendsa.c index 6d2ed06c81..828e27f1c0 100644 --- a/crypto/openssl-0.9/apps/gendsa.c +++ b/crypto/openssl-0.9/apps/gendsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include diff --git a/crypto/openssl-0.9/apps/genrsa.c b/crypto/openssl-0.9/apps/genrsa.c index f0bb30c56b..4f62cfd04f 100644 --- a/crypto/openssl-0.9/apps/genrsa.c +++ b/crypto/openssl-0.9/apps/genrsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/crypto/openssl-0.9/apps/openssl.cnf b/crypto/openssl-0.9/apps/openssl.cnf index 04710f87d5..9e59020c17 100644 --- a/crypto/openssl-0.9/apps/openssl.cnf +++ b/crypto/openssl-0.9/apps/openssl.cnf @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. diff --git a/crypto/openssl-0.9/apps/prime.c b/crypto/openssl-0.9/apps/prime.c index 36bbe0841c..af2fed15af 100644 --- a/crypto/openssl-0.9/apps/prime.c +++ b/crypto/openssl-0.9/apps/prime.c @@ -115,7 +115,7 @@ int MAIN(int argc, char **argv) BN_print(bio_out,bn); BIO_printf(bio_out," is %sprime\n", - BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not "); + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); BN_free(bn); BIO_free_all(bio_out); diff --git a/crypto/openssl-0.9/apps/req.c b/crypto/openssl-0.9/apps/req.c index 511be7de74..f58e65ec85 100644 --- a/crypto/openssl-0.9/apps/req.c +++ b/crypto/openssl-0.9/apps/req.c @@ -79,6 +79,13 @@ #include #include #include +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #define SECTION "req" @@ -724,7 +731,9 @@ bad: if (newreq && (pkey == NULL)) { +#ifndef OPENSSL_NO_RSA BN_GENCB cb; +#endif char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); diff --git a/crypto/openssl-0.9/apps/rsa.c b/crypto/openssl-0.9/apps/rsa.c index ee65720530..d5cb7b7212 100644 --- a/crypto/openssl-0.9/apps/rsa.c +++ b/crypto/openssl-0.9/apps/rsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #ifndef OPENSSL_NO_RSA #include #include diff --git a/crypto/openssl-0.9/apps/rsautl.c b/crypto/openssl-0.9/apps/rsautl.c index a629ff50ac..463890950e 100644 --- a/crypto/openssl-0.9/apps/rsautl.c +++ b/crypto/openssl-0.9/apps/rsautl.c @@ -56,6 +56,7 @@ * */ +#include #ifndef OPENSSL_NO_RSA #include "apps.h" diff --git a/crypto/openssl-0.9/apps/s_client.c b/crypto/openssl-0.9/apps/s_client.c index b22f3196e6..cfee531349 100644 --- a/crypto/openssl-0.9/apps/s_client.c +++ b/crypto/openssl-0.9/apps/s_client.c @@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; +#ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; +#endif if (full) { @@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } +#ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s\n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s\n", expansion ? SSL_COMP_get_name(expansion) : "NONE"); +#endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/crypto/openssl-0.9/apps/s_server.c b/crypto/openssl-0.9/apps/s_server.c index afc27e15c9..0d6727ca43 100644 --- a/crypto/openssl-0.9/apps/s_server.c +++ b/crypto/openssl-0.9/apps/s_server.c @@ -153,6 +153,12 @@ typedef unsigned int u_int; #include #include #include +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif #include "s_apps.h" #include "timeouts.h" @@ -530,7 +536,9 @@ int MAIN(int argc, char *argv[]) char *CApath=NULL,*CAfile=NULL; unsigned char *context = NULL; char *dhfile = NULL; +#ifndef OPENSSL_NO_ECDH char *named_curve = NULL; +#endif int badop=0,bugs=0; int ret=1; int off=0; @@ -824,21 +832,24 @@ bad: if (s_key_file == NULL) s_key_file = s_cert_file; - s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, - "server certificate private key file"); - if (!s_key) + if (nocert == 0) { - ERR_print_errors(bio_err); - goto end; - } + s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, + "server certificate private key file"); + if (!s_key) + { + ERR_print_errors(bio_err); + goto end; + } - s_cert = load_cert(bio_err,s_cert_file,s_cert_format, + s_cert = load_cert(bio_err,s_cert_file,s_cert_format, NULL, e, "server certificate file"); - if (!s_cert) - { - ERR_print_errors(bio_err); - goto end; + if (!s_cert) + { + ERR_print_errors(bio_err); + goto end; + } } if (s_dcert_file) diff --git a/crypto/openssl-0.9/apps/smime.c b/crypto/openssl-0.9/apps/smime.c index 253cca7f59..250fd69a98 100644 --- a/crypto/openssl-0.9/apps/smime.c +++ b/crypto/openssl-0.9/apps/smime.c @@ -384,9 +384,9 @@ int MAIN(int argc, char **argv) } else if (operation == SMIME_DECRYPT) { - if (!recipfile) + if (!recipfile && !keyfile) { - BIO_printf(bio_err, "No recipient certificate and key specified\n"); + BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; } } diff --git a/crypto/openssl-0.9/apps/speed.c b/crypto/openssl-0.9/apps/speed.c index 8f2aac5ccb..474f20c5a4 100644 --- a/crypto/openssl-0.9/apps/speed.c +++ b/crypto/openssl-0.9/apps/speed.c @@ -286,9 +286,17 @@ static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; static double dsa_results[DSA_NUM][2]; +#ifndef OPENSSL_NO_ECDSA static double ecdsa_results[EC_NUM][2]; +#endif +#ifndef OPENSSL_NO_ECDH static double ecdh_results[EC_NUM][1]; +#endif +#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static int rnd_fake = 0; +#endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) @@ -448,6 +456,7 @@ static double Time_F(int s) #endif /* if defined(OPENSSL_SYS_NETWARE) */ +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -459,8 +468,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int MAIN(int, char **); @@ -695,8 +705,12 @@ int MAIN(int argc, char **argv) int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; +#ifndef OPENSSL_NO_ECDSA int ecdsa_doit[EC_NUM]; +#endif +#ifndef OPENSSL_NO_ECDH int ecdh_doit[EC_NUM]; +#endif int doit[ALGOR_NUM]; int pr_header=0; const EVP_CIPHER *evp_cipher=NULL; diff --git a/crypto/openssl-0.9/apps/x509.c b/crypto/openssl-0.9/apps/x509.c index 393d0d1f47..5f61eb5c46 100644 --- a/crypto/openssl-0.9/apps/x509.c +++ b/crypto/openssl-0.9/apps/x509.c @@ -73,8 +73,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #undef PROG #define PROG x509_main diff --git a/crypto/openssl-0.9/crypto/aes/aes_locl.h b/crypto/openssl-0.9/crypto/aes/aes_locl.h index 183805a15a..054b442d41 100644 --- a/crypto/openssl-0.9/crypto/aes/aes_locl.h +++ b/crypto/openssl-0.9/crypto/aes/aes_locl.h @@ -62,7 +62,7 @@ #include #include -#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE) +#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) # define GETU32(p) SWAP(*((u32 *)(p))) # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } diff --git a/crypto/openssl-0.9/crypto/asn1/a_bitstr.c b/crypto/openssl-0.9/crypto/asn1/a_bitstr.c index f621426d6f..0fb9ce0c2a 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_bitstr.c +++ b/crypto/openssl-0.9/crypto/asn1/a_bitstr.c @@ -183,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) iv= ~v; if (!value) v=0; + if (a == NULL) + return 0; + a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ - if (a == NULL) return(0); if ((a->length < (w+1)) || (a->data == NULL)) { if (!value) return(1); /* Don't need to set */ diff --git a/crypto/openssl-0.9/crypto/asn1/a_strex.c b/crypto/openssl-0.9/crypto/asn1/a_strex.c index cc6a25d4d9..45fe4bd150 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_strex.c +++ b/crypto/openssl-0.9/crypto/asn1/a_strex.c @@ -223,7 +223,7 @@ static int do_buf(unsigned char *buf, int buflen, static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) { - const static char hexdig[] = "0123456789ABCDEF"; + static const char hexdig[] = "0123456789ABCDEF"; unsigned char *p, *q; char hextmp[2]; if(arg) { @@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static signed char tag2nbyte[] = { +static const signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ diff --git a/crypto/openssl-0.9/crypto/asn1/asn1.h b/crypto/openssl-0.9/crypto/asn1/asn1.h index dadcae8bd7..2819678c2c 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1.h +++ b/crypto/openssl-0.9/crypto/asn1/asn1.h @@ -1058,6 +1058,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 #define ASN1_F_ASN1_PACK_STRING 124 +#define ASN1_F_ASN1_PCTX_NEW 205 #define ASN1_F_ASN1_PKCS5_PBE_SET 125 #define ASN1_F_ASN1_SEQ_PACK 126 #define ASN1_F_ASN1_SEQ_UNPACK 127 diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_err.c b/crypto/openssl-0.9/crypto/asn1/asn1_err.c index b9df21c5fe..bef2519e65 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_err.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_err.c @@ -111,6 +111,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, +{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_par.c b/crypto/openssl-0.9/crypto/asn1/asn1_par.c index df247f398d..37aa6b415e 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_par.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_par.c @@ -419,7 +419,7 @@ end: const char *ASN1_tag2str(int tag) { - const static char *tag2str[] = { + static const char *tag2str[] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ diff --git a/crypto/openssl-0.9/crypto/asn1/t_pkey.c b/crypto/openssl-0.9/crypto/asn1/t_pkey.c index 7dd4ae3787..f8821614a0 100644 --- a/crypto/openssl-0.9/crypto/asn1/t_pkey.c +++ b/crypto/openssl-0.9/crypto/asn1/t_pkey.c @@ -81,8 +81,10 @@ static int print(BIO *fp,const char *str, const BIGNUM *num, unsigned char *buf,int off); +#ifndef OPENSSL_NO_EC static int print_bin(BIO *fp, const char *str, const unsigned char *num, size_t len, int off); +#endif #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *x, int off) @@ -196,6 +198,11 @@ int DSA_print(BIO *bp, const DSA *x, int off) if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; @@ -601,6 +608,7 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char * return(1); } +#ifndef OPENSSL_NO_EC static int print_bin(BIO *fp, const char *name, const unsigned char *buf, size_t len, int off) { @@ -638,6 +646,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, return 1; } +#endif #ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_FP_API @@ -666,6 +675,11 @@ int DHparams_print(BIO *bp, const DH *x) if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } if (x->g) if (buf_len < (i = (size_t)BN_num_bytes(x->g))) buf_len = i; @@ -719,11 +733,16 @@ int DSAparams_print_fp(FILE *fp, const DSA *x) int DSAparams_print(BIO *bp, const DSA *x) { unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,ret=0; + int ret=0; size_t buf_len=0,i; if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; @@ -733,7 +752,7 @@ int DSAparams_print(BIO *bp, const DSA *x) m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { - reason=ERR_R_MALLOC_FAILURE; + DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); goto err; } @@ -746,7 +765,6 @@ int DSAparams_print(BIO *bp, const DSA *x) ret=1; err: if (m != NULL) OPENSSL_free(m); - DSAerr(DSA_F_DSAPARAMS_PRINT,reason); return(ret); } diff --git a/crypto/openssl-0.9/crypto/asn1/t_req.c b/crypto/openssl-0.9/crypto/asn1/t_req.c index 204ca105e3..c779a9bb18 100644 --- a/crypto/openssl-0.9/crypto/asn1/t_req.c +++ b/crypto/openssl-0.9/crypto/asn1/t_req.c @@ -63,8 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #ifndef OPENSSL_NO_FP_API int X509_REQ_print_fp(FILE *fp, X509_REQ *x) diff --git a/crypto/openssl-0.9/crypto/asn1/t_spki.c b/crypto/openssl-0.9/crypto/asn1/t_spki.c index 23ab3b94e0..c2a5797dd8 100644 --- a/crypto/openssl-0.9/crypto/asn1/t_spki.c +++ b/crypto/openssl-0.9/crypto/asn1/t_spki.c @@ -60,8 +60,12 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #include /* Print out an SPKI */ diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c index cef398e0fa..0f950db244 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c @@ -59,6 +59,7 @@ #include #include +#include "cryptlib.h" #include #include #include diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_new.c b/crypto/openssl-0.9/crypto/asn1/tasn_new.c index 9216342fec..531dad365c 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_new.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_new.c @@ -326,11 +326,13 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (pf && pf->prim_new) - return pf->prim_new(pval, it); + if (it && it->funcs) + { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_new) + return pf->prim_new(pval, it); + } if (!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; @@ -374,10 +376,9 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (pf) + if (it && it->funcs) { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_clear) pf->prim_clear(pval, it); else diff --git a/crypto/openssl-0.9/crypto/asn1/x_pubkey.c b/crypto/openssl-0.9/crypto/asn1/x_pubkey.c index 50faa4af20..91c2756116 100644 --- a/crypto/openssl-0.9/crypto/asn1/x_pubkey.c +++ b/crypto/openssl-0.9/crypto/asn1/x_pubkey.c @@ -60,8 +60,12 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) diff --git a/crypto/openssl-0.9/crypto/bf/bf_enc.c b/crypto/openssl-0.9/crypto/bf/bf_enc.c index b380acf959..2d21d09f42 100644 --- a/crypto/openssl-0.9/crypto/bf/bf_enc.c +++ b/crypto/openssl-0.9/crypto/bf/bf_enc.c @@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 register BF_LONG l,r; - const register BF_LONG *p,*s; + register const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); @@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 register BF_LONG l,r; - const register BF_LONG *p,*s; + register const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); diff --git a/crypto/openssl-0.9/crypto/bio/bss_file.c b/crypto/openssl-0.9/crypto/bio/bss_file.c index ccc741556e..ad4b301388 100644 --- a/crypto/openssl-0.9/crypto/bio/bss_file.c +++ b/crypto/openssl-0.9/crypto/bio/bss_file.c @@ -396,7 +396,10 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) int ret=0; buf[0]='\0'; - fgets(buf,size,(FILE *)bp->ptr); + if (bp->flags&BIO_FLAGS_UPLINK) + UP_fgets(buf,size,bp->ptr); + else + fgets(buf,size,(FILE *)bp->ptr); if (buf[0] != '\0') ret=strlen(buf); return(ret); diff --git a/crypto/openssl-0.9/crypto/bn/bn.h b/crypto/openssl-0.9/crypto/bn/bn.h index 670584ad74..03ebd506b5 100644 --- a/crypto/openssl-0.9/crypto/bn/bn.h +++ b/crypto/openssl-0.9/crypto/bn/bn.h @@ -699,9 +699,11 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_check_top(a) \ do { \ const BIGNUM *_bnum2 = (a); \ - assert((_bnum2->top == 0) || \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ (_bnum2->d[_bnum2->top - 1] != 0)); \ - bn_pollute(_bnum2); \ + bn_pollute(_bnum2); \ + } \ } while(0) #define bn_fix_top(a) bn_check_top(a) @@ -732,6 +734,18 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); /* BEGIN ERROR CODES */ diff --git a/crypto/openssl-0.9/crypto/bn/bn_asm.c b/crypto/openssl-0.9/crypto/bn/bn_asm.c index 19978085b2..99bc2de491 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_asm.c +++ b/crypto/openssl-0.9/crypto/bn/bn_asm.c @@ -459,6 +459,34 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) #define sqr_add_c2(a,i,j,c0,c1,c2) \ mul_add_c2((a)[i],(a)[j],c0,c1,c2) +#elif defined(BN_UMULT_LOHI) + +#define mul_add_c(a,b,c0,c1,c2) { \ + BN_ULONG ta=(a),tb=(b); \ + BN_UMULT_LOHI(t1,t2,ta,tb); \ + c0 += t1; t2 += (c0 0x%08X\n", BN_CTX_end(ctx); return(1); err: - if (rm) - bn_check_top(rm); + bn_check_top(rm); BN_CTX_end(ctx); return(0); } diff --git a/crypto/openssl-0.9/crypto/bn/bn_gcd.c b/crypto/openssl-0.9/crypto/bn/bn_gcd.c index 0248753f6d..f02e6fcdb4 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_gcd.c +++ b/crypto/openssl-0.9/crypto/bn/bn_gcd.c @@ -488,7 +488,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, err: if ((ret == NULL) && (in == NULL)) BN_free(R); BN_CTX_end(ctx); - if (ret) - bn_check_top(ret); + bn_check_top(ret); return(ret); } diff --git a/crypto/openssl-0.9/crypto/bn/bn_lcl.h b/crypto/openssl-0.9/crypto/bn/bn_lcl.h index 1c680fc3ce..ad4ca7ff30 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_lcl.h +++ b/crypto/openssl-0.9/crypto/bn/bn_lcl.h @@ -270,6 +270,15 @@ extern "C" { : "a"(a),"g"(b) \ : "cc"); # endif +# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) +# if defined(_MSC_VER) && _MSC_VER>=1400 + unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b); + unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b, + unsigned __int64 *h); +# pragma intrinsic(__umulh,_umul128) +# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) +# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) +# endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ @@ -313,6 +322,33 @@ extern "C" { (r1)=Hw(t); \ } +#elif defined(BN_UMULT_LOHI) +#define mul_add(r,a,w,c) { \ + BN_ULONG high,low,ret,tmp=(a); \ + ret = (r); \ + BN_UMULT_LOHI(low,high,w,tmp); \ + ret += (c); \ + (c) = (ret<(c))?1:0; \ + (c) += high; \ + ret += low; \ + (c) += (retd[0]; /* tmod = N mod word size */ buf[1]=0; tmod.d=buf; - tmod.top=1; + tmod.top = buf[0] != 0 ? 1 : 0; tmod.dmax=2; tmod.neg=0; /* Ri = R^-1 mod N*/ diff --git a/crypto/openssl-0.9/crypto/bn/bn_recp.c b/crypto/openssl-0.9/crypto/bn/bn_recp.c index 10fe869d28..2e8efb8dae 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_recp.c +++ b/crypto/openssl-0.9/crypto/bn/bn_recp.c @@ -204,8 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); - if(dv) bn_check_top(dv); - if(rem) bn_check_top(rem); + bn_check_top(dv); + bn_check_top(rem); return(ret); } diff --git a/crypto/openssl-0.9/crypto/bn/bn_sqr.c b/crypto/openssl-0.9/crypto/bn/bn_sqr.c index 3b4b3f0d38..270d0cd348 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_sqr.c +++ b/crypto/openssl-0.9/crypto/bn/bn_sqr.c @@ -148,8 +148,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (rr != r) BN_copy(r,rr); ret = 1; err: - if(rr) bn_check_top(rr); - if(tmp) bn_check_top(tmp); + bn_check_top(rr); + bn_check_top(tmp); BN_CTX_end(ctx); return(ret); } diff --git a/crypto/openssl-0.9/crypto/bn/bn_sqrt.c b/crypto/openssl-0.9/crypto/bn/bn_sqrt.c index c1eb7f6d49..6beaf9e5e5 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_sqrt.c +++ b/crypto/openssl-0.9/crypto/bn/bn_sqrt.c @@ -83,7 +83,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { - BN_free(ret); + if (ret != in) + BN_free(ret); return NULL; } bn_check_top(ret); @@ -102,7 +103,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; if (!BN_set_word(ret, BN_is_one(a))) { - BN_free(ret); + if (ret != in) + BN_free(ret); return NULL; } bn_check_top(ret); diff --git a/crypto/openssl-0.9/crypto/bn/bn_word.c b/crypto/openssl-0.9/crypto/bn/bn_word.c index 1bcb37e292..ee7b87c45c 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_word.c +++ b/crypto/openssl-0.9/crypto/bn/bn_word.c @@ -69,6 +69,9 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) #endif int i; + if (w == 0) + return (BN_ULONG)-1; + bn_check_top(a); w&=BN_MASK2; for (i=a->top-1; i>=0; i--) @@ -94,7 +97,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) if (!w) /* actually this an error (division by zero) */ - return 0; + return (BN_ULONG)-1; if (a->top == 0) return 0; @@ -102,7 +105,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) j = BN_BITS2 - BN_num_bits_word(w); w <<= j; if (!BN_lshift(a, a, j)) - return 0; + return (BN_ULONG)-1; for (i=a->top-1; i>=0; i--) { @@ -175,7 +178,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) /* degenerate case: w is zero */ if (!w) return 1; /* degenerate case: a is zero */ - if(BN_is_zero(a)) return BN_set_word(a,w); + if(BN_is_zero(a)) + { + i = BN_set_word(a,w); + if (i != 0) + BN_set_negative(a, 1); + return i; + } /* handle 'a' when negative */ if (a->neg) { diff --git a/crypto/openssl-0.9/crypto/conf/conf_def.c b/crypto/openssl-0.9/crypto/conf/conf_def.c index 996a0999ac..8083a009d7 100644 --- a/crypto/openssl-0.9/crypto/conf/conf_def.c +++ b/crypto/openssl-0.9/crypto/conf/conf_def.c @@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) e++; } /* So at this point we have - * ns which is the start of the name string which is + * np which is the start of the name string which is * '\0' terminated. - * cs which is the start of the section string which is + * cp which is the start of the section string which is * '\0' terminated. * e is the 'next point after'. - * r and s are the chars replaced by the '\0' - * rp and sp is where 'r' and 's' came from. + * r and rr are the chars replaced by the '\0' + * rp and rrp is where 'r' and 'rr' came from. */ p=_CONF_get_string(conf,cp,np); if (rrp != NULL) *rrp=rr; @@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) points at. /RL */ len -= e-from; from=e; + + /* In case there were no braces or parenthesis around + the variable reference, we have to put back the + character that was replaced with a '\0'. /RL */ + *rp = r; } else buf->data[to++]= *(from++); diff --git a/crypto/openssl-0.9/crypto/cryptlib.c b/crypto/openssl-0.9/crypto/cryptlib.c index 21332378cf..315559c71c 100644 --- a/crypto/openssl-0.9/crypto/cryptlib.c +++ b/crypto/openssl-0.9/crypto/cryptlib.c @@ -661,12 +661,15 @@ int OPENSSL_isservice(void) #endif else return 0; } +#else +int OPENSSL_isservice(void) { return 0; } #endif void OPENSSL_showfatal (const char *fmta,...) { va_list ap; TCHAR buf[256]; const TCHAR *fmt; +#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ HANDLE h; if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && @@ -677,9 +680,10 @@ void OPENSSL_showfatal (const char *fmta,...) va_end (ap); return; } +#endif if (sizeof(TCHAR)==sizeof(char)) - fmt=fmta; + fmt=(const TCHAR *)fmta; else do { int keepgoing; size_t len_0=strlen(fmta)+1,i; @@ -730,21 +734,7 @@ void OPENSSL_showfatal (const char *fmta,...) } else #endif - { MSGBOXPARAMS m; - - m.cbSize = sizeof(m); - m.hwndOwner = NULL; - m.lpszCaption = _T("OpenSSL: FATAL"); - m.dwStyle = MB_OK; - m.hInstance = NULL; - m.lpszIcon = IDI_ERROR; - m.dwContextHelpId = 0; - m.lpfnMsgBoxCallback = NULL; - m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US); - m.lpszText = buf; - - MessageBoxIndirect (&m); - } + MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); } #else void OPENSSL_showfatal (const char *fmta,...) diff --git a/crypto/openssl-0.9/crypto/des/cfb_enc.c b/crypto/openssl-0.9/crypto/des/cfb_enc.c index 6738e7c0e5..720f29a28e 100644 --- a/crypto/openssl-0.9/crypto/des/cfb_enc.c +++ b/crypto/openssl-0.9/crypto/des/cfb_enc.c @@ -125,7 +125,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; #endif if (rem==0) - memcpy(ovec,ovec+num,8); + memmove(ovec,ovec+num,8); else for(i=0 ; i < 8 ; ++i) ovec[i]=ovec[i+num]<p); + BN_sub_word(q,1); + if (BN_cmp(pub_key,q) >= 0) + *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + + ok = 1; +err: + if (q != NULL) BN_free(q); + return(ok); + } diff --git a/crypto/openssl-0.9/crypto/dh/dh_err.c b/crypto/openssl-0.9/crypto/dh/dh_err.c index edce2c7036..ea67fb71a0 100644 --- a/crypto/openssl-0.9/crypto/dh/dh_err.c +++ b/crypto/openssl-0.9/crypto/dh/dh_err.c @@ -84,6 +84,7 @@ static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, {0,NULL} }; diff --git a/crypto/openssl-0.9/crypto/dh/dh_key.c b/crypto/openssl-0.9/crypto/dh/dh_key.c index 39eefe387e..cc17c8851b 100644 --- a/crypto/openssl-0.9/crypto/dh/dh_key.c +++ b/crypto/openssl-0.9/crypto/dh/dh_key.c @@ -177,6 +177,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *tmp; int ret= -1; + int check_result; ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -202,6 +203,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); + goto err; + } + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); diff --git a/crypto/openssl-0.9/crypto/dsa/dsa_lib.c b/crypto/openssl-0.9/crypto/dsa/dsa_lib.c index 3a78082c01..b9825791ba 100644 --- a/crypto/openssl-0.9/crypto/dsa/dsa_lib.c +++ b/crypto/openssl-0.9/crypto/dsa/dsa_lib.c @@ -66,7 +66,9 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#ifndef OPENSSL_NO_DH #include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; diff --git a/crypto/openssl-0.9/crypto/dso/dso_null.c b/crypto/openssl-0.9/crypto/dso/dso_null.c index fa13a7cb0f..4972984651 100644 --- a/crypto/openssl-0.9/crypto/dso/dso_null.c +++ b/crypto/openssl-0.9/crypto/dso/dso_null.c @@ -75,6 +75,8 @@ static DSO_METHOD dso_meth_null = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + NULL, /* dso_name_converter */ + NULL, /* dso_merger */ NULL, /* init */ NULL /* finish */ }; diff --git a/crypto/openssl-0.9/crypto/engine/eng_list.c b/crypto/openssl-0.9/crypto/engine/eng_list.c index f337e0f3bc..bd511944ba 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_list.c +++ b/crypto/openssl-0.9/crypto/engine/eng_list.c @@ -394,19 +394,23 @@ ENGINE *ENGINE_by_id(const char *id) #else /* EEK! Experimental code starts */ if(iterator) return iterator; + /* Prevent infinite recusrion if we're looking for the dynamic engine. */ + if (strcmp(id, "dynamic")) + { #ifdef OPENSSL_SYS_VMS - if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; + if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; #else - if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; + if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; #endif - iterator = ENGINE_by_id("dynamic"); - if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", - load_dir, 0) || - !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) - goto notfound; - return iterator; + iterator = ENGINE_by_id("dynamic"); + if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || + !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || + !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", + load_dir, 0) || + !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) + goto notfound; + return iterator; + } notfound: ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); ERR_add_error_data(2, "id=", id); diff --git a/crypto/openssl-0.9/crypto/engine/eng_openssl.c b/crypto/openssl-0.9/crypto/engine/eng_openssl.c index dd16d3bc6a..7c139ae2ef 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_openssl.c +++ b/crypto/openssl-0.9/crypto/engine/eng_openssl.c @@ -70,9 +70,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -251,6 +257,7 @@ static const EVP_CIPHER test_r4_cipher= sizeof(TEST_RC4_KEY), NULL, NULL, + NULL, NULL }; static const EVP_CIPHER test_r4_40_cipher= @@ -264,6 +271,7 @@ static const EVP_CIPHER test_r4_40_cipher= sizeof(TEST_RC4_KEY), NULL, NULL, + NULL, NULL }; static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, diff --git a/crypto/openssl-0.9/crypto/engine/eng_padlock.c b/crypto/openssl-0.9/crypto/engine/eng_padlock.c index cc9f9dc41e..4e1eae3172 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_padlock.c +++ b/crypto/openssl-0.9/crypto/engine/eng_padlock.c @@ -75,6 +75,7 @@ #include #endif #include +#include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_PADLOCK diff --git a/crypto/openssl-0.9/crypto/engine/engine.h b/crypto/openssl-0.9/crypto/engine/engine.h index 4ce8f4ce7b..c94fb28659 100644 --- a/crypto/openssl-0.9/crypto/engine/engine.h +++ b/crypto/openssl-0.9/crypto/engine/engine.h @@ -100,23 +100,6 @@ extern "C" { #endif -/* Fixups for missing algorithms */ -#ifdef OPENSSL_NO_RSA -typedef void RSA_METHOD; -#endif -#ifdef OPENSSL_NO_DSA -typedef void DSA_METHOD; -#endif -#ifdef OPENSSL_NO_DH -typedef void DH_METHOD; -#endif -#ifdef OPENSSL_NO_ECDH -typedef void ECDH_METHOD; -#endif -#ifdef OPENSSL_NO_ECDSA -typedef void ECDSA_METHOD; -#endif - /* These flags are used to control combinations of algorithm (methods) * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 diff --git a/crypto/openssl-0.9/crypto/engine/tb_dsa.c b/crypto/openssl-0.9/crypto/engine/tb_dsa.c index d326a5f6da..e4674f5f07 100644 --- a/crypto/openssl-0.9/crypto/engine/tb_dsa.c +++ b/crypto/openssl-0.9/crypto/engine/tb_dsa.c @@ -92,7 +92,7 @@ int ENGINE_set_default_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 1); return 1; } diff --git a/crypto/openssl-0.9/crypto/evp/e_null.c b/crypto/openssl-0.9/crypto/evp/e_null.c index 698a8e379c..5205259f18 100644 --- a/crypto/openssl-0.9/crypto/evp/e_null.c +++ b/crypto/openssl-0.9/crypto/evp/e_null.c @@ -76,6 +76,7 @@ static const EVP_CIPHER n_cipher= 0, NULL, NULL, + NULL, NULL }; diff --git a/crypto/openssl-0.9/crypto/evp/e_rc4.c b/crypto/openssl-0.9/crypto/evp/e_rc4.c index eadd8d4274..67af850bea 100644 --- a/crypto/openssl-0.9/crypto/evp/e_rc4.c +++ b/crypto/openssl-0.9/crypto/evp/e_rc4.c @@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; @@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; diff --git a/crypto/openssl-0.9/crypto/evp/e_xcbc_d.c b/crypto/openssl-0.9/crypto/evp/e_xcbc_d.c index cb82815a82..8832da2433 100644 --- a/crypto/openssl-0.9/crypto/evp/e_xcbc_d.c +++ b/crypto/openssl-0.9/crypto/evp/e_xcbc_d.c @@ -91,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL }; diff --git a/crypto/openssl-0.9/crypto/evp/evp_enc.c b/crypto/openssl-0.9/crypto/evp/evp_enc.c index e845632239..22cb6131be 100644 --- a/crypto/openssl-0.9/crypto/evp/evp_enc.c +++ b/crypto/openssl-0.9/crypto/evp/evp_enc.c @@ -449,7 +449,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > (int)b) + if (n == 0 || n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); diff --git a/crypto/openssl-0.9/crypto/evp/evp_pkey.c b/crypto/openssl-0.9/crypto/evp/evp_pkey.c index b71555e712..0147f3e02a 100644 --- a/crypto/openssl-0.9/crypto/evp/evp_pkey.c +++ b/crypto/openssl-0.9/crypto/evp/evp_pkey.c @@ -61,8 +61,12 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #include #ifndef OPENSSL_NO_DSA diff --git a/crypto/openssl-0.9/crypto/evp/m_dss.c b/crypto/openssl-0.9/crypto/evp/m_dss.c index 020f19c44b..a948c77fa4 100644 --- a/crypto/openssl-0.9/crypto/evp/m_dss.c +++ b/crypto/openssl-0.9/crypto/evp/m_dss.c @@ -61,9 +61,12 @@ #include #include #include +#ifndef OPENSSL_NO_DSA #include +#endif #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_dss1.c b/crypto/openssl-0.9/crypto/evp/m_dss1.c index a20056f04b..c12e13972b 100644 --- a/crypto/openssl-0.9/crypto/evp/m_dss1.c +++ b/crypto/openssl-0.9/crypto/evp/m_dss1.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_DSA #include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_md2.c b/crypto/openssl-0.9/crypto/evp/m_md2.c index 1eae4ed38c..5ce849f161 100644 --- a/crypto/openssl-0.9/crypto/evp/m_md2.c +++ b/crypto/openssl-0.9/crypto/evp/m_md2.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_md4.c b/crypto/openssl-0.9/crypto/evp/m_md4.c index 0fb84b6d1e..1e0b7c5b42 100644 --- a/crypto/openssl-0.9/crypto/evp/m_md4.c +++ b/crypto/openssl-0.9/crypto/evp/m_md4.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_md5.c b/crypto/openssl-0.9/crypto/evp/m_md5.c index 21288ee636..63c142119e 100644 --- a/crypto/openssl-0.9/crypto/evp/m_md5.c +++ b/crypto/openssl-0.9/crypto/evp/m_md5.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_ripemd.c b/crypto/openssl-0.9/crypto/evp/m_ripemd.c index 087ad2d30a..a1d60ee78d 100644 --- a/crypto/openssl-0.9/crypto/evp/m_ripemd.c +++ b/crypto/openssl-0.9/crypto/evp/m_ripemd.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_sha.c b/crypto/openssl-0.9/crypto/evp/m_sha.c index e995c122e4..acccc8f92d 100644 --- a/crypto/openssl-0.9/crypto/evp/m_sha.c +++ b/crypto/openssl-0.9/crypto/evp/m_sha.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/m_sha1.c b/crypto/openssl-0.9/crypto/evp/m_sha1.c index daf6db6ebe..4679b1c463 100644 --- a/crypto/openssl-0.9/crypto/evp/m_sha1.c +++ b/crypto/openssl-0.9/crypto/evp/m_sha1.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/openssl-0.9/crypto/evp/p5_crpt.c b/crypto/openssl-0.9/crypto/evp/p5_crpt.c index c0dfb7de37..48d50014a0 100644 --- a/crypto/openssl-0.9/crypto/evp/p5_crpt.c +++ b/crypto/openssl-0.9/crypto/evp/p5_crpt.c @@ -114,9 +114,14 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, const unsigned char *pbuf; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } diff --git a/crypto/openssl-0.9/crypto/evp/p5_crpt2.c b/crypto/openssl-0.9/crypto/evp/p5_crpt2.c index f2e143d2a6..f11cb701a4 100644 --- a/crypto/openssl-0.9/crypto/evp/p5_crpt2.c +++ b/crypto/openssl-0.9/crypto/evp/p5_crpt2.c @@ -156,10 +156,15 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } diff --git a/crypto/openssl-0.9/crypto/evp/p_lib.c b/crypto/openssl-0.9/crypto/evp/p_lib.c index 04b57e8251..22155ecf62 100644 --- a/crypto/openssl-0.9/crypto/evp/p_lib.c +++ b/crypto/openssl-0.9/crypto/evp/p_lib.c @@ -64,9 +64,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif static void EVP_PKEY_free_it(EVP_PKEY *x); diff --git a/crypto/openssl-0.9/crypto/md32_common.h b/crypto/openssl-0.9/crypto/md32_common.h index f1c48b54da..0e625a8e55 100644 --- a/crypto/openssl-0.9/crypto/md32_common.h +++ b/crypto/openssl-0.9/crypto/md32_common.h @@ -286,7 +286,8 @@ #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ + (defined(__x86_64) || defined(__x86_64__)) /* * This gives ~30-40% performance improvement in SHA-256 compiled * with gcc [on P4]. Well, first macro to be frank. We can pull diff --git a/crypto/openssl-0.9/crypto/objects/obj_dat.h b/crypto/openssl-0.9/crypto/objects/obj_dat.h index 998ac99359..db4400c285 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_dat.h +++ b/crypto/openssl-0.9/crypto/objects/obj_dat.h @@ -330,9 +330,9 @@ static unsigned char lvalues[5002]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbqp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbqp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbqp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */ @@ -824,21 +824,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0}, {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0}, {"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0}, -{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL}, +{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0}, -{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL}, -{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL}, +{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, +{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, {"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0}, -{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL}, -{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL}, -{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL}, +{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, +{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, +{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, {"SHA","sha",NID_sha,5,&(lvalues[226]),0}, {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, &(lvalues[231]),0}, -{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL}, +{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, {"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0}, {"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0}, -{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL}, +{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, {"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0}, {"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, &(lvalues[257]),0}, @@ -862,10 +862,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ NID_netscape_cert_extension,8,&(lvalues[345]),0}, {"nsDataType","Netscape Data Type",NID_netscape_data_type,8, &(lvalues[353]),0}, -{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL}, -{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL}, -{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL}, -{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL}, +{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, +{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, +{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, +{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, {"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0}, {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, &(lvalues[366]),0}, @@ -892,7 +892,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0}, {"nsCertSequence","Netscape Certificate Sequence", NID_netscape_cert_sequence,9,&(lvalues[480]),0}, -{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL}, +{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, {"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0}, {"subjectKeyIdentifier","X509v3 Subject Key Identifier", NID_subject_key_identifier,3,&(lvalues[491]),0}, @@ -911,17 +911,17 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"authorityKeyIdentifier","X509v3 Authority Key Identifier", NID_authority_key_identifier,3,&(lvalues[515]),0}, {"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0}, -{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL}, -{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL}, -{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL}, +{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, +{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, +{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, {"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0}, {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0}, -{"RC4-40","rc4-40",NID_rc4_40,0,NULL}, -{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, +{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, +{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, {"GN","givenName",NID_givenName,3,&(lvalues[535]),0}, {"SN","surname",NID_surname,3,&(lvalues[538]),0}, {"initials","initials",NID_initials,3,&(lvalues[541]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"crlDistributionPoints","X509v3 CRL Distribution Points", NID_crl_distribution_points,3,&(lvalues[544]),0}, {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0}, @@ -929,23 +929,23 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"title","title",NID_title,3,&(lvalues[555]),0}, {"description","description",NID_description,3,&(lvalues[558]),0}, {"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0}, -{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL}, -{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL}, -{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL}, +{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, +{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, +{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0}, {"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0}, -{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL}, +{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, {"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0}, {"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0}, {"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, &(lvalues[603]),0}, {"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0}, -{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL}, -{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL}, -{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL}, +{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, +{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, +{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, {"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, @@ -1009,7 +1009,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, &(lvalues[966]),0}, -{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL}, +{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, &(lvalues[974]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, @@ -1219,12 +1219,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2092]),0}, {"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0}, {"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0}, -{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8, +{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, &(lvalues[2116]),0}, -{"sbqp-autonomousSysNum","sbqp-autonomousSysNum", - NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0}, -{"sbqp-routerIdentifier","sbqp-routerIdentifier", - NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0}, +{"sbgp-autonomousSysNum","sbgp-autonomousSysNum", + NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0}, +{"sbgp-routerIdentifier","sbgp-routerIdentifier", + NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0}, {"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, &(lvalues[2148]),0}, @@ -1330,7 +1330,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2588]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, 8,&(lvalues[2596]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0}, @@ -1562,7 +1562,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"generationQualifier","generationQualifier",NID_generationQualifier, 3,&(lvalues[3877]),0}, {"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, &(lvalues[3883]),0}, {"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, @@ -1821,16 +1821,16 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ 10,&(lvalues[4437]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, &(lvalues[4447]),0}, -{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL}, -{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL}, -{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL}, -{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL}, -{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL}, -{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL}, -{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL}, -{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL}, -{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL}, -{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL}, +{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, +{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, +{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, +{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0}, +{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0}, +{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0}, +{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0}, +{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, +{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, +{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, {"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0}, {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0}, {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0}, @@ -1943,8 +1943,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[4995]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", NID_inhibit_any_policy,3,&(lvalues[4998]),0}, -{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL}, -{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL}, +{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, +{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2485,9 +2485,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[ 1]),/* "rsadsi" */ &(nid_objs[482]),/* "sOARecord" */ &(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbqp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbqp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbqp-routerIdentifier" */ +&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +&(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ &(nid_objs[704]),/* "secp112r1" */ &(nid_objs[705]),/* "secp112r2" */ @@ -3240,9 +3240,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[124]),/* "run length compression" */ &(nid_objs[482]),/* "sOARecord" */ &(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbqp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbqp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbqp-routerIdentifier" */ +&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +&(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ &(nid_objs[704]),/* "secp112r1" */ &(nid_objs[705]),/* "secp112r2" */ @@ -3820,9 +3820,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ &(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ &(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ &(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ &(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ &(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ diff --git a/crypto/openssl-0.9/crypto/objects/obj_mac.h b/crypto/openssl-0.9/crypto/objects/obj_mac.h index 7cdd69429f..e4d63e5e3f 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_mac.h +++ b/crypto/openssl-0.9/crypto/objects/obj_mac.h @@ -1363,17 +1363,17 @@ #define NID_aaControls 289 #define OBJ_aaControls OBJ_id_pe,6L -#define SN_sbqp_ipAddrBlock "sbqp-ipAddrBlock" -#define NID_sbqp_ipAddrBlock 290 -#define OBJ_sbqp_ipAddrBlock OBJ_id_pe,7L +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L -#define SN_sbqp_autonomousSysNum "sbqp-autonomousSysNum" -#define NID_sbqp_autonomousSysNum 291 -#define OBJ_sbqp_autonomousSysNum OBJ_id_pe,8L +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L -#define SN_sbqp_routerIdentifier "sbqp-routerIdentifier" -#define NID_sbqp_routerIdentifier 292 -#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L #define SN_ac_proxying "ac-proxying" #define NID_ac_proxying 397 diff --git a/crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c b/crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c index 9b3e6dd8ca..17bab5fc59 100644 --- a/crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c +++ b/crypto/openssl-0.9/crypto/ocsp/ocsp_cl.c @@ -101,6 +101,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) { GENERAL_NAME *gen; gen = GENERAL_NAME_new(); + if (gen == NULL) + return 0; if (!X509_NAME_set(&gen->d.directoryName, nm)) { GENERAL_NAME_free(gen); diff --git a/crypto/openssl-0.9/crypto/opensslv.h b/crypto/openssl-0.9/crypto/opensslv.h index fed5edbe71..e056bffc72 100644 --- a/crypto/openssl-0.9/crypto/opensslv.h +++ b/crypto/openssl-0.9/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090800fL +#define OPENSSL_VERSION_NUMBER 0x0090801fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8-fips 05 Jul 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct 2005" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8 05 Jul 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl-0.9/crypto/pem/pem_all.c b/crypto/openssl-0.9/crypto/pem/pem_all.c index a9ac52de02..66cbc7eb82 100644 --- a/crypto/openssl-0.9/crypto/pem/pem_all.c +++ b/crypto/openssl-0.9/crypto/pem/pem_all.c @@ -117,9 +117,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #ifndef OPENSSL_NO_RSA static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); diff --git a/crypto/openssl-0.9/crypto/pem/pem_info.c b/crypto/openssl-0.9/crypto/pem/pem_info.c index 489e71a892..1644dfcaac 100644 --- a/crypto/openssl-0.9/crypto/pem/pem_info.c +++ b/crypto/openssl-0.9/crypto/pem/pem_info.c @@ -63,8 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #ifndef OPENSSL_NO_FP_API STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) diff --git a/crypto/openssl-0.9/crypto/pem/pem_seal.c b/crypto/openssl-0.9/crypto/pem/pem_seal.c index 0458093353..4e554e5481 100644 --- a/crypto/openssl-0.9/crypto/pem/pem_seal.c +++ b/crypto/openssl-0.9/crypto/pem/pem_seal.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" diff --git a/crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c b/crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c index bbc13e50dd..3ad33c49d8 100644 --- a/crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c +++ b/crypto/openssl-0.9/crypto/pkcs12/p12_crpt.c @@ -94,9 +94,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); return 0; } diff --git a/crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c b/crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c index f0f80a72fc..a4bbba0556 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl-0.9/crypto/pkcs7/pk7_doit.c @@ -62,6 +62,7 @@ #include #include #include +#include static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -307,6 +308,17 @@ err: return(out); } +static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) + { + int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, + pcert->cert_info->issuer); + if (ret) + return ret; + return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + ri->issuer_and_serial->serial); + } + /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { @@ -417,18 +429,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * (if any) */ - for (i=0; iissuer_and_serial->issuer, - pcert->cert_info->issuer) && - !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial)) break; - ri=NULL; - } - if (ri == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - goto err; + if (pcert) { + for (i=0; ienc_key), - M_ASN1_STRING_length(ri->enc_key), pkey); - if (jj <= 0) + /* If we haven't got a certificate try each ri in turn */ + + if (pcert == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); - goto err; + for (i=0; ienc_key), + M_ASN1_STRING_length(ri->enc_key), + pkey); + if (jj > 0) + break; + ERR_clear_error(); + ri = NULL; + } + if (ri == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_NO_RECIPIENT_MATCHES_KEY); + goto err; + } + } + else + { + jj=EVP_PKEY_decrypt(tmp, + M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), pkey); + if (jj <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + ERR_R_EVP_LIB); + goto err; + } } evp_ctx=NULL; diff --git a/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c b/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c index b6146d75c4..1f4a0a1795 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c +++ b/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c @@ -441,7 +441,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) return 0; } - if(!X509_check_private_key(cert, pkey)) { + if(cert && !X509_check_private_key(cert, pkey)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; diff --git a/crypto/openssl-0.9/crypto/pkcs7/pkcs7.h b/crypto/openssl-0.9/crypto/pkcs7/pkcs7.h index 952f37960e..cc092d262d 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pkcs7.h +++ b/crypto/openssl-0.9/crypto/pkcs7/pkcs7.h @@ -432,6 +432,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 #define PKCS7_R_NO_SIGNERS 142 #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 diff --git a/crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c b/crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c index 309664d382..4cd293472f 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c +++ b/crypto/openssl-0.9/crypto/pkcs7/pkcs7err.c @@ -124,6 +124,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, +{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, {ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, diff --git a/crypto/openssl-0.9/crypto/rand/rand_unix.c b/crypto/openssl-0.9/crypto/rand/rand_unix.c index 14837a7a7d..5d031d93af 100644 --- a/crypto/openssl-0.9/crypto/rand/rand_unix.c +++ b/crypto/openssl-0.9/crypto/rand/rand_unix.c @@ -155,7 +155,8 @@ int RAND_poll(void) #ifdef DEVRANDOM static const char *randomfiles[] = { DEVRANDOM }; struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; - int fd,i; + int fd; + size_t i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -185,7 +186,8 @@ int RAND_poll(void) { struct timeval t = { 0, 10*1000 }; /* Spend 10ms on each file. */ - int r,j; + int r; + size_t j; fd_set fset; struct stat *st=&randomstats[i]; diff --git a/crypto/openssl-0.9/crypto/rc2/rc2_skey.c b/crypto/openssl-0.9/crypto/rc2/rc2_skey.c index cab3080c73..4953642056 100644 --- a/crypto/openssl-0.9/crypto/rc2/rc2_skey.c +++ b/crypto/openssl-0.9/crypto/rc2/rc2_skey.c @@ -84,6 +84,10 @@ static unsigned char key_table[256]={ 0xfe,0x7f,0xc1,0xad, }; +#if defined(_MSC_VER) && defined(_ARM_) +#pragma optimize("g",off) +#endif + /* It has come to my attention that there are 2 versions of the RC2 * key schedule. One which is normal, and anther which has a hook to * use a reduced key length. @@ -136,3 +140,6 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) *(ki--)=((k[i]<<8)|k[i-1])&0xffff; } +#if defined(_MSC_VER) +#pragma optimize("",on) +#endif diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c b/crypto/openssl-0.9/crypto/rsa/rsa_depr.c index 73fa6eea90..c5582b996d 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_depr.c @@ -80,7 +80,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, /* The problem is when building with 8, 16, or 32 BN_ULONG, * unsigned long can be larger */ - for (i=0; i #include -const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; +static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; + +#if defined(_MSC_VER) && defined(_ARM_) +#pragma optimize("g", off) +#endif int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, const EVP_MD *Hash, const unsigned char *EM, int sLen) @@ -259,3 +263,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, return ret; } + +#if defined(_MSC_VER) +#pragma optimize("",on) +#endif diff --git a/crypto/openssl-0.9/crypto/sha/sha_locl.h b/crypto/openssl-0.9/crypto/sha/sha_locl.h index 4ce2db946b..6281313a45 100644 --- a/crypto/openssl-0.9/crypto/sha/sha_locl.h +++ b/crypto/openssl-0.9/crypto/sha/sha_locl.h @@ -115,19 +115,19 @@ # endif # ifdef SHA1_ASM -# if !defined(B_ENDIAN) -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# if !defined(B_ENDIAN) # define sha1_block_host_order sha1_block_asm_host_order # define DONT_IMPLEMENT_BLOCK_HOST_ORDER # define sha1_block_data_order sha1_block_asm_data_order # define DONT_IMPLEMENT_BLOCK_DATA_ORDER # define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER # endif +# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +# define sha1_block_host_order sha1_block_asm_host_order +# define DONT_IMPLEMENT_BLOCK_HOST_ORDER +# define sha1_block_data_order sha1_block_asm_data_order +# define DONT_IMPLEMENT_BLOCK_DATA_ORDER # endif # endif void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num); diff --git a/crypto/openssl-0.9/crypto/txt_db/txt_db.c b/crypto/openssl-0.9/crypto/txt_db/txt_db.c index b3a7a42ca0..e9e503eb07 100644 --- a/crypto/openssl-0.9/crypto/txt_db/txt_db.c +++ b/crypto/openssl-0.9/crypto/txt_db/txt_db.c @@ -179,10 +179,13 @@ err: #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); #endif - if (ret->data != NULL) sk_free(ret->data); - if (ret->index != NULL) OPENSSL_free(ret->index); - if (ret->qual != NULL) OPENSSL_free(ret->qual); - if (ret != NULL) OPENSSL_free(ret); + if (ret != NULL) + { + if (ret->data != NULL) sk_free(ret->data); + if (ret->index != NULL) OPENSSL_free(ret->index); + if (ret->qual != NULL) OPENSSL_free(ret->qual); + if (ret != NULL) OPENSSL_free(ret); + } return(NULL); } else diff --git a/crypto/openssl-0.9/crypto/ui/ui_lib.c b/crypto/openssl-0.9/crypto/ui/ui_lib.c index 1a8f3ce113..7ab249c3be 100644 --- a/crypto/openssl-0.9/crypto/ui/ui_lib.c +++ b/crypto/openssl-0.9/crypto/ui/ui_lib.c @@ -620,8 +620,10 @@ UI_METHOD *UI_create_method(char *name) UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); if (ui_method) + { memset(ui_method, 0, sizeof(*ui_method)); - ui_method->name = BUF_strdup(name); + ui_method->name = BUF_strdup(name); + } return ui_method; } diff --git a/crypto/openssl-0.9/crypto/ui/ui_locl.h b/crypto/openssl-0.9/crypto/ui/ui_locl.h index 68cc543402..aa4a55637d 100644 --- a/crypto/openssl-0.9/crypto/ui/ui_locl.h +++ b/crypto/openssl-0.9/crypto/ui/ui_locl.h @@ -62,6 +62,10 @@ #include #include +#ifdef _ +#undef _ +#endif + struct ui_method_st { char *name; diff --git a/crypto/openssl-0.9/crypto/ui/ui_openssl.c b/crypto/openssl-0.9/crypto/ui/ui_openssl.c index 7c80f5feb2..1f23a45a33 100644 --- a/crypto/openssl-0.9/crypto/ui/ui_openssl.c +++ b/crypto/openssl-0.9/crypto/ui/ui_openssl.c @@ -578,7 +578,9 @@ static int close_console(UI *ui) /* Internal functions to handle signals and act on them */ static void pushsig(void) { +#ifndef OPENSSL_SYS_WIN32 int i; +#endif #ifdef SIGACTION struct sigaction sa; @@ -586,6 +588,14 @@ static void pushsig(void) sa.sa_handler=recsig; #endif +#ifdef OPENSSL_SYS_WIN32 + savsig[SIGABRT]=signal(SIGABRT,recsig); + savsig[SIGFPE]=signal(SIGFPE,recsig); + savsig[SIGILL]=signal(SIGILL,recsig); + savsig[SIGINT]=signal(SIGINT,recsig); + savsig[SIGSEGV]=signal(SIGSEGV,recsig); + savsig[SIGTERM]=signal(SIGTERM,recsig); +#else for (i=1; iflags &= ~flags; + return 1; + } + +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) + { + return param->flags; + } + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) { return X509_PURPOSE_set(¶m->purpose, purpose); diff --git a/crypto/openssl-0.9/crypto/x509/x_all.c b/crypto/openssl-0.9/crypto/x509/x_all.c index 84ec5d5098..9039caad60 100644 --- a/crypto/openssl-0.9/crypto/x509/x_all.c +++ b/crypto/openssl-0.9/crypto/x509/x_all.c @@ -64,8 +64,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif int X509_verify(X509 *a, EVP_PKEY *r) { diff --git a/crypto/openssl-0.9/crypto/x509v3/v3_alt.c b/crypto/openssl-0.9/crypto/x509v3/v3_alt.c index e3a19bf8a4..b38b3dbfe6 100644 --- a/crypto/openssl-0.9/crypto/x509v3/v3_alt.c +++ b/crypto/openssl-0.9/crypto/x509v3/v3_alt.c @@ -341,7 +341,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) X509_NAME_ENTRY *ne; GENERAL_NAME *gen = NULL; int i; - if(ctx->flags == CTX_TEST) return 1; + if(ctx != NULL && ctx->flags == CTX_TEST) + return 1; if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); goto err; diff --git a/crypto/openssl-0.9/crypto/x509v3/v3_cpols.c b/crypto/openssl-0.9/crypto/x509v3/v3_cpols.c index 9784b1421a..e5b8c5a1ac 100644 --- a/crypto/openssl-0.9/crypto/x509v3/v3_cpols.c +++ b/crypto/openssl-0.9/crypto/x509v3/v3_cpols.c @@ -139,7 +139,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; int i, ia5org; pols = sk_POLICYINFO_new_null(); + if (pols == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + return NULL; + } vals = X509V3_parse_list(value); + if (vals == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); + goto err; + } ia5org = 0; for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); @@ -178,6 +186,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; err: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } diff --git a/crypto/openssl-0.9/crypto/x509v3/v3_utl.c b/crypto/openssl-0.9/crypto/x509v3/v3_utl.c index 191cfef1a5..7911c4bdaf 100644 --- a/crypto/openssl-0.9/crypto/x509v3/v3_utl.c +++ b/crypto/openssl-0.9/crypto/x509v3/v3_utl.c @@ -826,13 +826,13 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, break; } #ifndef CHARSET_EBCDIC - if (*p == '+') + if (*type == '+') #else - if (*p == os_toascii['+']) + if (*type == os_toascii['+']) #endif { mval = -1; - p++; + type++; } else mval = 0; diff --git a/crypto/openssl-0.9/e_os.h b/crypto/openssl-0.9/e_os.h index 965d1aa8d7..5068d1bd74 100644 --- a/crypto/openssl-0.9/e_os.h +++ b/crypto/openssl-0.9/e_os.h @@ -245,7 +245,7 @@ extern "C" { # define NO_DIRENT # ifdef WINDOWS -# ifndef _WIN32_WINNT +# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) /* * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." * Most notably we ought to check for availability of each specific @@ -565,6 +565,9 @@ extern HINSTANCE _hInstance; extern char *sys_errlist[]; extern int sys_nerr; # define strerror(errnum) \ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) + /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ +#include "crypto/o_str.h" +# define memcmp OPENSSL_memcmp #endif #ifndef OPENSSL_EXIT diff --git a/crypto/openssl-0.9/e_os2.h b/crypto/openssl-0.9/e_os2.h index 5cceb85199..1cbdf5be40 100644 --- a/crypto/openssl-0.9/e_os2.h +++ b/crypto/openssl-0.9/e_os2.h @@ -84,16 +84,6 @@ extern "C" { /* ---------------------- Microsoft operating systems ---------------------- */ -/* The 16 bit environments are pretty straightforward */ -#if defined(OPENSSL_SYSNAME_WIN16) || defined(OPENSSL_SYSNAME_MSDOS) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_MSDOS -#endif -#if defined(OPENSSL_SYSNAME_WIN16) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN16 -#endif - /* For 32 bit environment, there seems to be the CygWin environment and then all the others that try to do the same thing Microsoft does... */ #if defined(OPENSSL_SYSNAME_UWIN) @@ -120,7 +110,7 @@ extern "C" { #endif /* Anything that tries to look like Microsoft is "Windows" */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS @@ -211,9 +201,6 @@ extern "C" { /* Specials for I/O an exit */ -#ifdef OPENSSL_SYS_WIN16 -# define OPENSSL_NO_FP_API -#endif #ifdef OPENSSL_SYS_MSDOS # define OPENSSL_UNISTD_IO # define OPENSSL_DECLARE_EXIT extern void exit(int); diff --git a/crypto/openssl-0.9/engines/e_4758cca.c b/crypto/openssl-0.9/engines/e_4758cca.c index 7d850a854b..0f1dae7567 100644 --- a/crypto/openssl-0.9/engines/e_4758cca.c +++ b/crypto/openssl-0.9/engines/e_4758cca.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif #include #ifndef OPENSSL_NO_HW @@ -109,8 +111,10 @@ static int getModulusAndExponent(const unsigned char *token, long *exponentLengt static int cca_get_random_bytes(unsigned char*, int ); static int cca_random_status(void); +#ifndef OPENSSL_NO_RSA static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,long argl, void *argp); +#endif /* Function pointers for CCA verbs */ /*---------------------------------*/ @@ -154,7 +158,9 @@ static const char* n_pkaDecrypt = CSNDPKD; #endif static const char* n_randomNumberGenerate = CSNBRNG; +#ifndef OPENSSL_NO_RSA static int hndidx = -1; +#endif static DSO *dso = NULL; /* openssl engine initialization structures */ @@ -221,8 +227,10 @@ static int bind_helper(ENGINE *e) !ENGINE_set_init_function(e, ibm_4758_cca_init) || !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || +#endif !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) return 0; /* Ensure the error handling is set up */ @@ -304,8 +312,10 @@ static int ibm_4758_cca_init(ENGINE *e) } #endif +#ifndef OPENSSL_NO_RSA hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", NULL, NULL, cca_ex_free); +#endif return 1; err: @@ -313,13 +323,15 @@ err: DSO_free(dso); dso = NULL; +#ifndef OPENSSL_NO_RSA keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; publicKeyExtract = (F_PUBLICKEYEXTRACT)0; pkaEncrypt = (F_PKAENCRYPT)0; pkaDecrypt = (F_PKADECRYPT)0; +#endif + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; return 0; } @@ -339,6 +351,7 @@ static int ibm_4758_cca_finish(ENGINE *e) return 0; } dso = NULL; +#ifndef OPENSSL_NO_RSA keyRecordRead = (F_KEYRECORDREAD)0; randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; @@ -346,6 +359,8 @@ static int ibm_4758_cca_finish(ENGINE *e) publicKeyExtract = (F_PUBLICKEYEXTRACT)0; pkaEncrypt = (F_PKAENCRYPT)0; pkaDecrypt = (F_PKADECRYPT)0; +#endif + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; return 1; } @@ -951,12 +966,14 @@ static int cca_get_random_bytes(unsigned char* buf, int num) return 1; } +#ifndef OPENSSL_NO_RSA static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { if (item) OPENSSL_free(item); } +#endif /* Goo to handle building as a dynamic engine */ #ifndef OPENSSL_NO_DYNAMIC_ENGINE diff --git a/crypto/openssl-0.9/engines/e_aep.c b/crypto/openssl-0.9/engines/e_aep.c index c175a186e9..7307ddfafb 100644 --- a/crypto/openssl-0.9/engines/e_aep.c +++ b/crypto/openssl-0.9/engines/e_aep.c @@ -69,9 +69,15 @@ typedef int pid_t; #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW @@ -98,12 +104,14 @@ static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection); static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use); /* BIGNUM stuff */ +#ifndef OPENSSL_NO_RSA static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); +#endif /* RSA stuff */ #ifndef OPENSSL_NO_RSA @@ -111,8 +119,10 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ +#ifndef OPENSSL_NO_RSA static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* DSA stuff */ #ifndef OPENSSL_NO_DSA @@ -630,6 +640,7 @@ static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return to_return; } +#ifndef OPENSSL_NO_RSA static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx) @@ -666,6 +677,7 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, err: return rv; } +#endif #ifdef AEPRAND @@ -821,12 +833,14 @@ static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return aep_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/crypto/openssl-0.9/engines/e_atalla.c b/crypto/openssl-0.9/engines/e_atalla.c index 8e11048d05..fabaa86a52 100644 --- a/crypto/openssl-0.9/engines/e_atalla.c +++ b/crypto/openssl-0.9/engines/e_atalla.c @@ -62,9 +62,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW @@ -91,10 +97,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DSA /* DSA stuff */ @@ -563,12 +569,14 @@ static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return atalla_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/crypto/openssl-0.9/engines/e_chil.c b/crypto/openssl-0.9/engines/e_chil.c index 2ef96f9ae6..26108caa64 100644 --- a/crypto/openssl-0.9/engines/e_chil.c +++ b/crypto/openssl-0.9/engines/e_chil.c @@ -65,8 +65,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW @@ -108,9 +112,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* RSA stuff */ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DH /* DH stuff */ @@ -129,8 +135,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); +#ifndef OPENSSL_NO_RSA static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int ind,long argl, void *argp); +#endif /* Interaction stuff */ static int hwcrhk_insert_card(const char *prompt_info, @@ -763,8 +771,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, #if !defined(OPENSSL_NO_RSA) char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; -#endif HWCryptoHook_PassphraseContext ppctx; +#endif #if !defined(OPENSSL_NO_RSA) rmsg.buf = tempbuf; @@ -1072,12 +1080,14 @@ err: } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ @@ -1136,7 +1146,7 @@ static int hwcrhk_rand_status(void) } /* This cleans up an RSA KM key, called when ex_data is freed */ - +#ifndef OPENSSL_NO_RSA static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) { @@ -1161,6 +1171,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, } #endif } +#endif /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model * these just wrap the POSIX functions and add some logging. diff --git a/crypto/openssl-0.9/engines/e_cswift.c b/crypto/openssl-0.9/engines/e_cswift.c index 56a1967496..d5f1d4e05f 100644 --- a/crypto/openssl-0.9/engines/e_cswift.c +++ b/crypto/openssl-0.9/engines/e_cswift.c @@ -62,9 +62,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #include @@ -98,22 +104,26 @@ static int cswift_destroy(ENGINE *e); static int cswift_init(ENGINE *e); static int cswift_finish(ENGINE *e); static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +#ifndef OPENSSL_NO_RSA static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in); +#endif /* BIGNUM stuff */ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); +#endif #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DSA /* DSA stuff */ @@ -570,6 +580,7 @@ err: } +#ifndef OPENSSL_NO_RSA int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in) { int mod; @@ -591,7 +602,9 @@ int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in) return 1; } +#endif +#ifndef OPENSSL_NO_RSA /* Un petit mod_exp chinois */ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, @@ -723,6 +736,7 @@ err: release_context(hac); return to_return; } +#endif #ifndef OPENSSL_NO_RSA static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) @@ -760,7 +774,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx err: return to_return; } -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -788,6 +801,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return cswift_mod_exp(r, a, p, m, ctx); } +#endif /* OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_DSA static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) @@ -1048,7 +1062,7 @@ static int cswift_rand_bytes(unsigned char *buf, int num) /* limitation of cswift with values not a multiple of 32 */ /************************************************************************/ - while(num >= sizeof(buf32)) + while(num >= (int)sizeof(buf32)) { largenum.value = buf; largenum.nbytes = sizeof(buf32); diff --git a/crypto/openssl-0.9/engines/e_nuron.c b/crypto/openssl-0.9/engines/e_nuron.c index f6875d1fa8..4c2537cbc3 100644 --- a/crypto/openssl-0.9/engines/e_nuron.c +++ b/crypto/openssl-0.9/engines/e_nuron.c @@ -62,9 +62,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW @@ -242,11 +248,13 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ +#ifndef OPENSSL_NO_RSA static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return nuron_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/crypto/openssl-0.9/engines/e_sureware.c b/crypto/openssl-0.9/engines/e_sureware.c index 66ffaf24bb..424b82fd98 100644 --- a/crypto/openssl-0.9/engines/e_sureware.c +++ b/crypto/openssl-0.9/engines/e_sureware.c @@ -57,9 +57,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW @@ -82,10 +88,12 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); /* RSA stuff */ +#ifndef OPENSSL_NO_RSA static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding); static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding); +#endif /* RAND stuff */ static int surewarehk_rand_bytes(unsigned char *buf, int num); diff --git a/crypto/openssl-0.9/engines/e_ubsec.c b/crypto/openssl-0.9/engines/e_ubsec.c index f0e4f736ad..8b6c98bafa 100644 --- a/crypto/openssl-0.9/engines/e_ubsec.c +++ b/crypto/openssl-0.9/engines/e_ubsec.c @@ -64,9 +64,15 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_HW diff --git a/crypto/openssl-0.9/ssl/d1_both.c b/crypto/openssl-0.9/ssl/d1_both.c index 92661a9e3b..b746a50dd7 100644 --- a/crypto/openssl-0.9/ssl/d1_both.c +++ b/crypto/openssl-0.9/ssl/d1_both.c @@ -1229,7 +1229,7 @@ dtls1_min_mtu(void) static unsigned int dtls1_guess_mtu(unsigned int curr_mtu) { - int i; + size_t i; if ( curr_mtu == 0 ) return g_probable_mtu[0] ; diff --git a/crypto/openssl-0.9/ssl/d1_clnt.c b/crypto/openssl-0.9/ssl/d1_clnt.c index 0f840f439d..f10b34bd70 100644 --- a/crypto/openssl-0.9/ssl/d1_clnt.c +++ b/crypto/openssl-0.9/ssl/d1_clnt.c @@ -121,6 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH +#include +#endif static SSL_METHOD *dtls1_get_client_method(int ver); static int dtls1_get_hello_verify(SSL *s); @@ -133,28 +136,10 @@ static SSL_METHOD *dtls1_get_client_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_client_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_client_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_client_data.ssl_connect=dtls1_connect; - DTLSv1_client_data.get_ssl_method=dtls1_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&DTLSv1_client_data); - } +IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, + ssl_undefined_function, + dtls1_connect, + dtls1_get_client_method) int dtls1_connect(SSL *s) { @@ -386,11 +371,15 @@ int dtls1_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else if (s->s3->tmp.new_compression == NULL) s->session->compress_meth=0; else s->session->compress_meth= s->s3->tmp.new_compression->id; +#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; @@ -538,7 +527,7 @@ int dtls1_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,j; + unsigned int i,j; unsigned long Time,l; SSL_COMP *comp; diff --git a/crypto/openssl-0.9/ssl/d1_lib.c b/crypto/openssl-0.9/ssl/d1_lib.c index 458ce544d1..7830811144 100644 --- a/crypto/openssl-0.9/ssl/d1_lib.c +++ b/crypto/openssl-0.9/ssl/d1_lib.c @@ -63,9 +63,7 @@ const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT; -static long dtls1_default_timeout(void); - -static SSL3_ENC_METHOD DTLSv1_enc_data={ +SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, tls1_mac, tls1_setup_key_block, @@ -79,49 +77,17 @@ static SSL3_ENC_METHOD DTLSv1_enc_data={ tls1_alert_code, }; -static SSL_METHOD DTLSv1_data= { - DTLS1_VERSION, - dtls1_new, - dtls1_clear, - dtls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - dtls1_get_message, - dtls1_read_bytes, - dtls1_write_app_data_bytes, - dtls1_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - dtls1_default_timeout, - &DTLSv1_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long dtls1_default_timeout(void) +long dtls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the DTLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *dtlsv1_base_method(void) - { - return(&DTLSv1_data); - } +IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int dtls1_new(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/d1_meth.c b/crypto/openssl-0.9/ssl/d1_meth.c index dc4c8ede86..8a6cf31947 100644 --- a/crypto/openssl-0.9/ssl/d1_meth.c +++ b/crypto/openssl-0.9/ssl/d1_meth.c @@ -70,27 +70,8 @@ static SSL_METHOD *dtls1_get_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_data.ssl_connect=dtls1_connect; - DTLSv1_data.ssl_accept=dtls1_accept; - DTLSv1_data.get_ssl_method=dtls1_get_method; - init=0; - } +IMPLEMENT_dtls1_meth_func(DTLSv1_method, + dtls1_accept, + dtls1_connect, + dtls1_get_method) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - - return(&DTLSv1_data); - } diff --git a/crypto/openssl-0.9/ssl/d1_srvr.c b/crypto/openssl-0.9/ssl/d1_srvr.c index 6d07dd4792..180fc6e646 100644 --- a/crypto/openssl-0.9/ssl/d1_srvr.c +++ b/crypto/openssl-0.9/ssl/d1_srvr.c @@ -121,6 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH +#include +#endif static SSL_METHOD *dtls1_get_server_method(int ver); static int dtls1_send_hello_verify_request(SSL *s); @@ -133,28 +136,10 @@ static SSL_METHOD *dtls1_get_server_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_server_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_server_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_server_data.ssl_accept=dtls1_accept; - DTLSv1_server_data.get_ssl_method=dtls1_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&DTLSv1_server_data); - } +IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, + dtls1_accept, + ssl_undefined_function, + dtls1_get_server_method) int dtls1_accept(SSL *s) { @@ -673,7 +658,8 @@ int dtls1_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,sl; + int i; + unsigned int sl; unsigned long l,Time; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) @@ -719,10 +705,14 @@ int dtls1_send_server_hello(SSL *s) p+=i; /* put the compression method */ +#ifdef OPENSSL_NO_COMP + *(p++)=0; +#else if (s->s3->tmp.new_compression == NULL) *(p++)=0; else *(p++)=s->s3->tmp.new_compression->id; +#endif /* do the header */ l=(p-d); diff --git a/crypto/openssl-0.9/ssl/s23_clnt.c b/crypto/openssl-0.9/ssl/s23_clnt.c index b21308b6f2..8bac26c5ac 100644 --- a/crypto/openssl-0.9/ssl/s23_clnt.c +++ b/crypto/openssl-0.9/ssl/s23_clnt.c @@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_client_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_client_method, + ssl_undefined_function, + ssl23_connect, + ssl23_get_client_method) int ssl23_connect(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/s23_lib.c b/crypto/openssl-0.9/ssl/s23_lib.c index 2c5129831a..fc2981308d 100644 --- a/crypto/openssl-0.9/ssl/s23_lib.c +++ b/crypto/openssl-0.9/ssl/s23_lib.c @@ -60,59 +60,17 @@ #include #include "ssl_locl.h" -static int ssl23_num_ciphers(void ); -static SSL_CIPHER *ssl23_get_cipher(unsigned int u); -static int ssl23_read(SSL *s, void *buf, int len); -static int ssl23_peek(SSL *s, void *buf, int len); -static int ssl23_write(SSL *s, const void *buf, int len); -static long ssl23_default_timeout(void ); -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; - -static SSL_METHOD SSLv23_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl23_read, - ssl23_peek, - ssl23_write, - ssl_undefined_function, - ssl_undefined_function, - ssl_ok, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl23_get_cipher_by_char, - ssl23_put_cipher_by_char, - ssl_undefined_const_function, - ssl23_num_ciphers, - ssl23_get_cipher, - ssl_bad_method, - ssl23_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl23_default_timeout(void) +long ssl23_default_timeout(void) { return(300); } -SSL_METHOD *sslv23_base_method(void) - { - return(&SSLv23_data); - } +IMPLEMENT_ssl23_meth_func(sslv23_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) -static int ssl23_num_ciphers(void) +int ssl23_num_ciphers(void) { return(ssl3_num_ciphers() #ifndef OPENSSL_NO_SSL2 @@ -121,7 +79,7 @@ static int ssl23_num_ciphers(void) ); } -static SSL_CIPHER *ssl23_get_cipher(unsigned int u) +SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -137,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) /* This function needs to check if the ciphers required are actually * available */ -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; @@ -155,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) return(cp); } -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; @@ -170,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -static int ssl23_read(SSL *s, void *buf, int len) +int ssl23_read(SSL *s, void *buf, int len) { int n; @@ -193,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len) } } -static int ssl23_peek(SSL *s, void *buf, int len) +int ssl23_peek(SSL *s, void *buf, int len) { int n; @@ -216,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len) } } -static int ssl23_write(SSL *s, const void *buf, int len) +int ssl23_write(SSL *s, const void *buf, int len) { int n; diff --git a/crypto/openssl-0.9/ssl/s23_meth.c b/crypto/openssl-0.9/ssl/s23_meth.c index f207140835..c88569d32c 100644 --- a/crypto/openssl-0.9/ssl/s23_meth.c +++ b/crypto/openssl-0.9/ssl/s23_meth.c @@ -73,27 +73,8 @@ static SSL_METHOD *ssl23_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), - sizeof(SSL_METHOD)); - SSLv23_data.ssl_connect=ssl23_connect; - SSLv23_data.ssl_accept=ssl23_accept; - SSLv23_data.get_ssl_method=ssl23_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_method, + ssl23_accept, + ssl23_connect, + ssl23_get_method) diff --git a/crypto/openssl-0.9/ssl/s23_srvr.c b/crypto/openssl-0.9/ssl/s23_srvr.c index c5404ca0bc..5cd00f850e 100644 --- a/crypto/openssl-0.9/ssl/s23_srvr.c +++ b/crypto/openssl-0.9/ssl/s23_srvr.c @@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_server_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_server_method, + ssl23_accept, + ssl_undefined_function, + ssl23_get_server_method) int ssl23_accept(SSL *s) { @@ -268,9 +250,6 @@ int ssl23_get_client_hello(SSL *s) int n=0,j; int type=0; int v[2]; -#ifndef OPENSSL_NO_RSA - int use_sslv2_strong=0; -#endif if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { @@ -519,9 +498,7 @@ int ssl23_get_client_hello(SSL *s) } s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 diff --git a/crypto/openssl-0.9/ssl/s2_clnt.c b/crypto/openssl-0.9/ssl/s2_clnt.c index 33ea7592c4..0c9e24d5c4 100644 --- a/crypto/openssl-0.9/ssl/s2_clnt.c +++ b/crypto/openssl-0.9/ssl/s2_clnt.c @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_client_data.ssl_connect=ssl2_connect; - SSLv2_client_data.get_ssl_method=ssl2_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_client_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_client_method, + ssl_undefined_function, + ssl2_connect, + ssl2_get_client_method) int ssl2_connect(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/s2_lib.c b/crypto/openssl-0.9/ssl/s2_lib.c index a454d73dc5..d2cce7546d 100644 --- a/crypto/openssl-0.9/ssl/s2_lib.c +++ b/crypto/openssl-0.9/ssl/s2_lib.c @@ -63,11 +63,11 @@ #include #include -static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) +/* list of available SSLv2 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* NULL_WITH_MD5 v3 */ #if 0 @@ -84,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif -/* RC4_128_EXPORT40_WITH_MD5 */ - { - 1, - SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, - SSL2_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, - SSL2_CF_5_BYTE_ENC, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, /* RC4_128_WITH_MD5 */ { 1, @@ -110,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -/* RC2_128_CBC_EXPORT40_WITH_MD5 */ +/* RC4_128_EXPORT40_WITH_MD5 */ { 1, - SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, + SSL2_CK_RC4_128_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, 40, @@ -136,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +/* RC2_128_CBC_EXPORT40_WITH_MD5 */ + { + 1, + SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL_EXPORT|SSL_EXP40, + SSL2_CF_5_BYTE_ENC, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, /* IDEA_128_CBC_WITH_MD5 */ #ifndef OPENSSL_NO_IDEA { @@ -211,47 +211,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* end of list :-) */ }; -static SSL_METHOD SSLv2_data= { - SSL2_VERSION, - ssl2_new, /* local */ - ssl2_clear, /* local */ - ssl2_free, /* local */ - ssl_undefined_function, - ssl_undefined_function, - ssl2_read, - ssl2_peek, - ssl2_write, - ssl2_shutdown, - ssl_ok, /* NULL - renegotiate */ - ssl_ok, /* NULL - check renegotiate */ - NULL, /* NULL - ssl_get_message */ - NULL, /* NULL - ssl_get_record */ - NULL, /* NULL - ssl_write_bytes */ - NULL, /* NULL - dispatch_alert */ - ssl2_ctrl, /* local */ - ssl2_ctx_ctrl, /* local */ - ssl2_get_cipher_by_char, - ssl2_put_cipher_by_char, - ssl2_pending, - ssl2_num_ciphers, - ssl2_get_cipher, - ssl_bad_method, - ssl2_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_void_function, - ssl2_callback_ctrl, /* local */ - ssl2_ctx_callback_ctrl, /* local */ - }; - -static long ssl2_default_timeout(void) +long ssl2_default_timeout(void) { return(300); } -SSL_METHOD *sslv2_base_method(void) - { - return(&SSLv2_data); - } +IMPLEMENT_ssl2_meth_func(sslv2_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int ssl2_num_ciphers(void) { @@ -371,42 +339,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) * available */ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { - static int init=1; - static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; - SSL_CIPHER c,*cp= &c,**cpp; + SSL_CIPHER c,*cp; unsigned long id; - unsigned int i; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - - if (init) - { - for (i=0; ivalid) - return(NULL); + cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, + (char *)ssl2_ciphers, + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), + FP_ICC ssl_cipher_id_cmp); + if ((cp == NULL) || (cp->valid == 0)) + return NULL; else - return(*cpp); + return cp; } int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) diff --git a/crypto/openssl-0.9/ssl/s2_meth.c b/crypto/openssl-0.9/ssl/s2_meth.c index 8b6cbd086e..a35e435b71 100644 --- a/crypto/openssl-0.9/ssl/s2_meth.c +++ b/crypto/openssl-0.9/ssl/s2_meth.c @@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_data; +IMPLEMENT_ssl2_meth_func(SSLv2_method, + ssl2_accept, + ssl2_connect, + ssl2_get_method) - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_data.ssl_connect=ssl2_connect; - SSLv2_data.ssl_accept=ssl2_accept; - SSLv2_data.get_ssl_method=ssl2_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_data); - } #else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC diff --git a/crypto/openssl-0.9/ssl/s2_srvr.c b/crypto/openssl-0.9/ssl/s2_srvr.c index 546feb5174..247cc89155 100644 --- a/crypto/openssl-0.9/ssl/s2_srvr.c +++ b/crypto/openssl-0.9/ssl/s2_srvr.c @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_server_data.ssl_accept=ssl2_accept; - SSLv2_server_data.get_ssl_method=ssl2_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_server_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_server_method, + ssl2_accept, + ssl_undefined_function, + ssl2_get_server_method) int ssl2_accept(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/s3_clnt.c b/crypto/openssl-0.9/ssl/s3_clnt.c index d4f7cec712..eb7e87f9b1 100644 --- a/crypto/openssl-0.9/ssl/s3_clnt.c +++ b/crypto/openssl-0.9/ssl/s3_clnt.c @@ -130,7 +130,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH #include +#endif #include static SSL_METHOD *ssl3_get_client_method(int ver); @@ -149,28 +151,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_client_data.ssl_connect=ssl3_connect; - SSLv3_client_data.get_ssl_method=ssl3_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_client_data); - } +IMPLEMENT_ssl3_meth_func(SSLv3_client_method, + ssl_undefined_function, + ssl3_connect, + ssl3_get_client_method) int ssl3_connect(SSL *s) { @@ -385,11 +369,15 @@ int ssl3_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else if (s->s3->tmp.new_compression == NULL) s->session->compress_meth=0; else s->session->compress_meth= s->s3->tmp.new_compression->id; +#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; @@ -533,9 +521,12 @@ int ssl3_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,j; + int i; unsigned long Time,l; +#ifndef OPENSSL_NO_COMP + int j; SSL_COMP *comp; +#endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) @@ -594,6 +585,9 @@ int ssl3_client_hello(SSL *s) p+=i; /* COMPRESSION */ +#ifdef OPENSSL_NO_COMP + *(p++)=1; +#else if (s->ctx->comp_methods == NULL) j=0; else @@ -604,6 +598,7 @@ int ssl3_client_hello(SSL *s) comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); *(p++)=comp->id; } +#endif *(p++)=0; /* Add the NULL method */ l=(p-d); @@ -631,7 +626,9 @@ int ssl3_get_server_hello(SSL *s) int i,al,ok; unsigned int j; long n; +#ifndef OPENSSL_NO_COMP SSL_COMP *comp; +#endif n=s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -762,6 +759,14 @@ int ssl3_get_server_hello(SSL *s) /* lets get the compression algorithm */ /* COMPRESSION */ +#ifdef OPENSSL_NO_COMP + if (*(p++) != 0) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto f_err; + } +#else j= *(p++); if (j == 0) comp=NULL; @@ -778,6 +783,7 @@ int ssl3_get_server_hello(SSL *s) { s->s3->tmp.new_compression=comp; } +#endif if (p != (d+n)) { @@ -1608,6 +1614,7 @@ int ssl3_get_server_done(SSL *s) } +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -1619,8 +1626,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int ssl3_send_client_key_exchange(SSL *s) { @@ -2132,7 +2140,7 @@ int ssl3_send_client_verify(SSL *s) unsigned u=0; #endif unsigned long n; -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) int j; #endif diff --git a/crypto/openssl-0.9/ssl/s3_enc.c b/crypto/openssl-0.9/ssl/s3_enc.c index 6d92050bb1..561a9846e9 100644 --- a/crypto/openssl-0.9/ssl/s3_enc.c +++ b/crypto/openssl-0.9/ssl/s3_enc.c @@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which) unsigned char *ms,*key,*iv,*er1,*er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; +#ifndef OPENSSL_NO_COMP COMP_METHOD *comp; +#endif const EVP_MD *m; EVP_MD_CTX md; int is_exp,n,i,j,k,cl; @@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which) is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; +#ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) comp=NULL; else comp=s->s3->tmp.new_compression->method; +#endif key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) @@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_read_ctx; s->read_hash=m; +#ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->expand != NULL) { @@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->s3->rrec.comp == NULL) goto err; } +#endif memset(&(s->s3->read_sequence[0]),0,8); mac_secret= &(s->s3->read_mac_secret[0]); } @@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_write_ctx; s->write_hash=m; +#ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->compress != NULL) { @@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } } +#endif memset(&(s->s3->write_sequence[0]),0,8); mac_secret= &(s->s3->write_mac_secret[0]); } @@ -363,7 +371,11 @@ int ssl3_setup_key_block(SSL *s) s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; +#ifdef OPENSSL_NO_COMP + s->s3->tmp.new_compression=NULL; +#else s->s3->tmp.new_compression=comp; +#endif num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num*=2; diff --git a/crypto/openssl-0.9/ssl/s3_lib.c b/crypto/openssl-0.9/ssl/s3_lib.c index 4585ac3014..33e10770dd 100644 --- a/crypto/openssl-0.9/ssl/s3_lib.c +++ b/crypto/openssl-0.9/ssl/s3_lib.c @@ -127,15 +127,16 @@ #include "ssl_locl.h" #include "kssl_lcl.h" #include +#ifndef OPENSSL_NO_DH #include +#endif #include const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) -static long ssl3_default_timeout(void ); - +/* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* The RSA ciphers */ /* Cipher 01 */ @@ -164,75 +165,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - -/* anon DH */ -/* Cipher 17 */ - { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 18 */ - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 19 */ - { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 1B */ - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* RSA again */ /* Cipher 03 */ { 1, @@ -339,8 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - -/* The DH ciphers */ +/* The DH ciphers */ /* Cipher 0B */ { 0, @@ -499,6 +430,71 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +/* Cipher 17 */ + { + 1, + SSL3_TXT_ADH_RC4_40_MD5, + SSL3_CK_ADH_RC4_40_MD5, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 18 */ + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 19 */ + { + 1, + SSL3_TXT_ADH_DES_40_CBC_SHA, + SSL3_CK_ADH_DES_40_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 1A */ + { + 1, + SSL3_TXT_ADH_DES_64_CBC_SHA, + SSL3_CK_ADH_DES_64_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 1B */ + { + 1, + SSL3_TXT_ADH_DES_192_CBC_SHA, + SSL3_CK_ADH_DES_192_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, + 0, + 168, + 168, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, /* Fortezza */ /* Cipher 1C */ @@ -746,262 +742,165 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_KRB5 */ +/* New AES ciphersuites */ +/* Cipher 2F */ + { + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, + SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 30 */ + { + 0, + TLS1_TXT_DH_DSS_WITH_AES_128_SHA, + TLS1_CK_DH_DSS_WITH_AES_128_SHA, + SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 31 */ + { + 0, + TLS1_TXT_DH_RSA_WITH_AES_128_SHA, + TLS1_CK_DH_RSA_WITH_AES_128_SHA, + SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 32 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA, + SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 33 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 34 */ + { + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA, + TLS1_CK_ADH_WITH_AES_128_SHA, + SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, -#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ - /* Cipher 60 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 61 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 62 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 63 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 64 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 65 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 66 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS - }, -#endif - /* New AES ciphersuites */ - - /* Cipher 2F */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 30 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 31 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 32 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 33 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 34 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - - /* Cipher 35 */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 36 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 37 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 38 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 39 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, +/* Cipher 35 */ + { + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_256_SHA, + SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 36 */ + { + 0, + TLS1_TXT_DH_DSS_WITH_AES_256_SHA, + TLS1_CK_DH_DSS_WITH_AES_256_SHA, + SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 37 */ + { + 0, + TLS1_TXT_DH_RSA_WITH_AES_256_SHA, + TLS1_CK_DH_RSA_WITH_AES_256_SHA, + SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 38 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA, + SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +/* Cipher 39 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, /* Cipher 3A */ - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - + { + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA, + TLS1_CK_ADH_WITH_AES_256_SHA, + SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, #ifndef OPENSSL_NO_ECDH /* Cipher 47 */ { @@ -1065,7 +964,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, + SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, @@ -1087,36 +986,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 5B */ - /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ - { - 1, - TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, - TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - - /* Cipher 5C */ - /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ - { - 1, - TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, - TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 4D */ { 1, @@ -1179,7 +1048,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, + SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, @@ -1312,7 +1181,134 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, + /* Cipher 5B */ + /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ + { + 1, + TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, + TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, + SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 5C */ + /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ + { + 1, + TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, + TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, + SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +#endif /* OPENSSL_NO_ECDH */ + +#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES + /* New TLS Export CipherSuites */ + /* Cipher 60 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 61 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 62 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 63 */ + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 64 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 65 */ + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 66 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, + TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif +#ifndef OPENSSL_NO_ECDH /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy * are not yet specified in the ECC/TLS draft but our code * allows them to be implemented very easily. To add such @@ -1326,7 +1322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, + SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, @@ -1342,20 +1338,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, + SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - #endif /* !OPENSSL_NO_ECDH */ /* end of list */ }; -static SSL3_ENC_METHOD SSLv3_enc_data={ +SSL3_ENC_METHOD SSLv3_enc_data={ ssl3_enc, ssl3_mac, ssl3_setup_key_block, @@ -1369,49 +1364,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={ ssl3_alert_code, }; -static SSL_METHOD SSLv3_data= { - SSL3_VERSION, - ssl3_new, - ssl3_clear, - ssl3_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - ssl3_default_timeout, - &SSLv3_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl3_default_timeout(void) +long ssl3_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the SSLv3 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *sslv3_base_method(void) - { - return(&SSLv3_data); - } +IMPLEMENT_ssl3_meth_func(sslv3_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int ssl3_num_ciphers(void) { @@ -1837,12 +1800,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); return 0; } - if (!EC_KEY_up_ref((EC_KEY *)parg)) + ecdh = EC_KEY_dup((EC_KEY *)parg); + if (ecdh == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); return 0; } - ecdh = (EC_KEY *)parg; if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) @@ -1923,41 +1886,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) * available */ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { - static int init=1; - static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; - SSL_CIPHER c,*cp= &c,**cpp; + SSL_CIPHER c,*cp; unsigned long id; - unsigned int i; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - - if (init) - { - for (i=0; ivalid) - return(NULL); + cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, + (char *)ssl3_ciphers, + SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), + FP_ICC ssl_cipher_id_cmp); + if (cp == NULL || cp->valid == 0) + return NULL; else - return(*cpp); + return cp; } int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) diff --git a/crypto/openssl-0.9/ssl/s3_meth.c b/crypto/openssl-0.9/ssl/s3_meth.c index 1fd7a96f87..6a6eb1c58f 100644 --- a/crypto/openssl-0.9/ssl/s3_meth.c +++ b/crypto/openssl-0.9/ssl/s3_meth.c @@ -69,27 +69,9 @@ static SSL_METHOD *ssl3_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_data.ssl_connect=ssl3_connect; - SSLv3_data.ssl_accept=ssl3_accept; - SSLv3_data.get_ssl_method=ssl3_get_method; - init=0; - } +IMPLEMENT_ssl3_meth_func(SSLv3_method, + ssl3_accept, + ssl3_connect, + ssl3_get_method) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_data); - } diff --git a/crypto/openssl-0.9/ssl/s3_pkt.c b/crypto/openssl-0.9/ssl/s3_pkt.c index f90bb77666..d0f54e297b 100644 --- a/crypto/openssl-0.9/ssl/s3_pkt.c +++ b/crypto/openssl-0.9/ssl/s3_pkt.c @@ -476,6 +476,7 @@ err: int ssl3_do_uncompress(SSL *ssl) { +#ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *rr; @@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl) else rr->length=i; rr->data=rr->comp; - +#endif return(1); } int ssl3_do_compress(SSL *ssl) { +#ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *wr; @@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl) wr->length=i; wr->input=wr->data; +#endif return(1); } diff --git a/crypto/openssl-0.9/ssl/s3_srvr.c b/crypto/openssl-0.9/ssl/s3_srvr.c index 29cb2170e6..f762480a02 100644 --- a/crypto/openssl-0.9/ssl/s3_srvr.c +++ b/crypto/openssl-0.9/ssl/s3_srvr.c @@ -133,7 +133,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH #include +#endif #include #ifndef OPENSSL_NO_KRB5 #include @@ -154,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_server_data.ssl_accept=ssl3_accept; - SSLv3_server_data.get_ssl_method=ssl3_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_server_data); - } +IMPLEMENT_ssl3_meth_func(SSLv3_server_method, + ssl3_accept, + ssl_undefined_function, + ssl3_get_server_method) int ssl3_accept(SSL *s) { @@ -682,7 +666,9 @@ int ssl3_get_client_hello(SSL *s) unsigned long id; unsigned char *p,*d,*q; SSL_CIPHER *c; +#ifndef OPENSSL_NO_COMP SSL_COMP *comp=NULL; +#endif STACK_OF(SSL_CIPHER) *ciphers=NULL; /* We do this so that we will respond with our native type. @@ -913,6 +899,7 @@ int ssl3_get_client_hello(SSL *s) * options, we will now look for them. We have i-1 compression * algorithms from the client, starting at q. */ s->s3->tmp.new_compression=NULL; +#ifndef OPENSSL_NO_COMP if (s->ctx->comp_methods != NULL) { /* See if we have a match */ int m,nn,o,v,done=0; @@ -937,6 +924,7 @@ int ssl3_get_client_hello(SSL *s) else comp=NULL; } +#endif /* TLS does not mind if there is extra stuff */ #if 0 /* SSL 3.0 does not mind either, so we should disable this test @@ -960,7 +948,11 @@ int ssl3_get_client_hello(SSL *s) if (!s->hit) { +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else s->session->compress_meth=(comp == NULL)?0:comp->id; +#endif if (s->session->ciphers != NULL) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers=ciphers; @@ -1086,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s) p+=i; /* put the compression method */ +#ifdef OPENSSL_NO_COMP + *(p++)=0; +#else if (s->s3->tmp.new_compression == NULL) *(p++)=0; else *(p++)=s->s3->tmp.new_compression->id; +#endif /* do the header */ l=(p-d); @@ -1642,6 +1638,7 @@ err: } +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -1653,8 +1650,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int ssl3_get_client_key_exchange(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/ssl.h b/crypto/openssl-0.9/ssl/ssl.h index ab4626b2e7..1a96f04df0 100644 --- a/crypto/openssl-0.9/ssl/ssl.h +++ b/crypto/openssl-0.9/ssl/ssl.h @@ -480,7 +480,7 @@ typedef struct ssl_session_st #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L diff --git a/crypto/openssl-0.9/ssl/ssl3.h b/crypto/openssl-0.9/ssl/ssl3.h index 1e762f276e..bacaff157e 100644 --- a/crypto/openssl-0.9/ssl/ssl3.h +++ b/crypto/openssl-0.9/ssl/ssl3.h @@ -254,7 +254,11 @@ extern "C" { #endif #define SSL3_RT_MAX_PLAIN_LENGTH 16384 +#ifdef OPENSSL_NO_COMP +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#else #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +#endif #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) #define SSL3_RT_MAX_DATA_SIZE (1024*1024) diff --git a/crypto/openssl-0.9/ssl/ssl_algs.c b/crypto/openssl-0.9/ssl/ssl_algs.c index 1a41b9967c..ac82d45a9c 100644 --- a/crypto/openssl-0.9/ssl/ssl_algs.c +++ b/crypto/openssl-0.9/ssl/ssl_algs.c @@ -115,6 +115,8 @@ int SSL_library_init(void) be discarded safely */ (void)SSL_COMP_get_compression_methods(); #endif + /* initialize cipher/digest methods table */ + ssl_load_ciphers(); return(1); } diff --git a/crypto/openssl-0.9/ssl/ssl_cert.c b/crypto/openssl-0.9/ssl/ssl_cert.c index 0c9bd07378..7908dcccdb 100644 --- a/crypto/openssl-0.9/ssl/ssl_cert.c +++ b/crypto/openssl-0.9/ssl/ssl_cert.c @@ -121,7 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH #include +#endif #include #include "ssl_locl.h" @@ -198,7 +200,6 @@ CERT *ssl_cert_dup(CERT *cert) #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { - /* DH parameters don't have a reference count */ ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { @@ -232,8 +233,12 @@ CERT *ssl_cert_dup(CERT *cert) #ifndef OPENSSL_NO_ECDH if (cert->ecdh_tmp) { - EC_KEY_up_ref(cert->ecdh_tmp); - ret->ecdh_tmp = cert->ecdh_tmp; + ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); + if (ret->ecdh_tmp == NULL) + { + SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); + goto err; + } } ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; #endif diff --git a/crypto/openssl-0.9/ssl/ssl_ciph.c b/crypto/openssl-0.9/ssl/ssl_ciph.c index 9493e2d85b..cdd7a9ae74 100644 --- a/crypto/openssl-0.9/ssl/ssl_ciph.c +++ b/crypto/openssl-0.9/ssl/ssl_ciph.c @@ -165,9 +165,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, }; -static int init_ciphers=1; - -static void load_ciphers(void) +void ssl_load_ciphers(void) { ssl_cipher_methods[SSL_ENC_DES_IDX]= EVP_get_cipherbyname(SN_des_cbc); @@ -192,9 +190,11 @@ static void load_ciphers(void) EVP_get_digestbyname(SN_md5); ssl_digest_methods[SSL_MD_SHA1_IDX]= EVP_get_digestbyname(SN_sha1); - init_ciphers=0; } + +#ifndef OPENSSL_NO_COMP + static int sk_comp_cmp(const SSL_COMP * const *a, const SSL_COMP * const *b) { @@ -234,6 +234,7 @@ static void load_builtin_compressions(void) } CRYPTO_w_unlock(CRYPTO_LOCK_SSL); } +#endif int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, SSL_COMP **comp) @@ -246,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (comp != NULL) { SSL_COMP ctmp; - +#ifndef OPENSSL_NO_COMP load_builtin_compressions(); +#endif *comp=NULL; ctmp.id=s->compress_meth; @@ -816,13 +818,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) return NULL; - if (init_ciphers) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - if (init_ciphers) load_ciphers(); - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - } - /* * To reduce the work to do we only want to process the compiled * in algorithms, so we first get the mask of disabled ciphers. @@ -1141,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) return(NULL); } +#ifdef OPENSSL_NO_COMP +void *SSL_COMP_get_compression_methods(void) + { + return NULL; + } +int SSL_COMP_add_compression_method(int id, void *cm) + { + return 1; + } + +const char *SSL_COMP_get_name(const void *comp) + { + return NULL; + } +#else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { load_builtin_compressions(); @@ -1201,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) return NULL; } +#endif diff --git a/crypto/openssl-0.9/ssl/ssl_lib.c b/crypto/openssl-0.9/ssl/ssl_lib.c index 383ba33298..dfc1bad52a 100644 --- a/crypto/openssl-0.9/ssl/ssl_lib.c +++ b/crypto/openssl-0.9/ssl/ssl_lib.c @@ -125,7 +125,9 @@ #include #include #include +#ifndef OPENSSL_NO_DH #include +#endif const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -136,7 +138,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, (int (*)(SSL*, int))ssl_undefined_function, - (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function + (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function, + 0, /* finish_mac_length */ + (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function, + NULL, /* client_finished_label */ + 0, /* client_finished_label_len */ + NULL, /* server_finished_label */ + 0, /* server_finished_label_len */ + (int (*)(int))ssl_undefined_function }; int SSL_clear(SSL *s) @@ -1551,7 +1560,10 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_tmp_export,dh_tmp_export,kl; unsigned long mask,emask; - int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size; + int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; +#ifndef OPENSSL_NO_ECDH + int have_ecdh_tmp; +#endif X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0; @@ -2234,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s) OPENSSL_free(s->enc_write_ctx); s->enc_write_ctx=NULL; } +#ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -2244,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s) COMP_CTX_free(s->compress); s->compress=NULL; } +#endif } /* Fix this function so that it takes an optional type parameter */ @@ -2270,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s) return(s->session->cipher); return(NULL); } +#ifdef OPENSSL_NO_COMP +const void *SSL_get_current_compression(SSL *s) + { + return NULL; + } +const void *SSL_get_current_expansion(SSL *s) + { + return NULL; + } +#else const COMP_METHOD *SSL_get_current_compression(SSL *s) { @@ -2284,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s) return(s->expand->meth); return(NULL); } +#endif int ssl_init_wbio_buffer(SSL *s,int push) { diff --git a/crypto/openssl-0.9/ssl/ssl_locl.h b/crypto/openssl-0.9/ssl/ssl_locl.h index 8cbe26c01e..0bebaf02bc 100644 --- a/crypto/openssl-0.9/ssl/ssl_locl.h +++ b/crypto/openssl-0.9/ssl/ssl_locl.h @@ -127,8 +127,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #include #include #include @@ -511,6 +515,195 @@ SSL_METHOD *sslv2_base_method(void); SSL_METHOD *sslv23_base_method(void); SSL_METHOD *sslv3_base_method(void); +extern SSL3_ENC_METHOD TLSv1_enc_data; +extern SSL3_ENC_METHOD SSLv3_enc_data; +extern SSL3_ENC_METHOD DTLSv1_enc_data; + +#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + TLS1_VERSION, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + tls1_default_timeout, \ + &TLSv1_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + SSL3_VERSION, \ + ssl3_new, \ + ssl3_clear, \ + ssl3_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + ssl3_default_timeout, \ + &SSLv3_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + TLS1_VERSION, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl23_read, \ + ssl23_peek, \ + ssl23_write, \ + ssl_undefined_function, \ + ssl_undefined_function, \ + ssl_ok, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl23_get_cipher_by_char, \ + ssl23_put_cipher_by_char, \ + ssl_undefined_const_function, \ + ssl23_num_ciphers, \ + ssl23_get_cipher, \ + s_get_meth, \ + ssl23_default_timeout, \ + &ssl3_undef_enc_method, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + SSL2_VERSION, \ + ssl2_new, /* local */ \ + ssl2_clear, /* local */ \ + ssl2_free, /* local */ \ + s_accept, \ + s_connect, \ + ssl2_read, \ + ssl2_peek, \ + ssl2_write, \ + ssl2_shutdown, \ + ssl_ok, /* NULL - renegotiate */ \ + ssl_ok, /* NULL - check renegotiate */ \ + NULL, /* NULL - ssl_get_message */ \ + NULL, /* NULL - ssl_get_record */ \ + NULL, /* NULL - ssl_write_bytes */ \ + NULL, /* NULL - dispatch_alert */ \ + ssl2_ctrl, /* local */ \ + ssl2_ctx_ctrl, /* local */ \ + ssl2_get_cipher_by_char, \ + ssl2_put_cipher_by_char, \ + ssl2_pending, \ + ssl2_num_ciphers, \ + ssl2_get_cipher, \ + s_get_meth, \ + ssl2_default_timeout, \ + &ssl3_undef_enc_method, \ + ssl_undefined_void_function, \ + ssl2_callback_ctrl, /* local */ \ + ssl2_ctx_callback_ctrl, /* local */ \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + DTLS1_VERSION, \ + dtls1_new, \ + dtls1_clear, \ + dtls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + dtls1_get_message, \ + dtls1_read_bytes, \ + dtls1_write_app_data_bytes, \ + dtls1_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + dtls1_default_timeout, \ + &DTLSv1_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); @@ -546,6 +739,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey); void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); +void ssl_load_ciphers(void); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); @@ -574,6 +768,7 @@ long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); int ssl2_pending(const SSL *s); +long ssl2_default_timeout(void ); SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); @@ -625,7 +820,18 @@ int ssl3_pending(const SSL *s); void ssl3_record_sequence_update(unsigned char *seq); int ssl3_do_change_cipher_spec(SSL *ssl); - +long ssl3_default_timeout(void ); + +int ssl23_num_ciphers(void ); +SSL_CIPHER *ssl23_get_cipher(unsigned int u); +int ssl23_read(SSL *s, void *buf, int len); +int ssl23_peek(SSL *s, void *buf, int len); +int ssl23_write(SSL *s, const void *buf, int len); +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); +SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); +long ssl23_default_timeout(void ); + +long tls1_default_timeout(void); int dtls1_do_write(SSL *s,int type); int ssl3_read_n(SSL *s, int n, int max, int extend); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); @@ -636,6 +842,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len); + int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); @@ -650,6 +857,7 @@ void dtls1_clear_record_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); +long dtls1_default_timeout(void); /* some client-only functions */ diff --git a/crypto/openssl-0.9/ssl/ssl_txt.c b/crypto/openssl-0.9/ssl/ssl_txt.c index fd0c55c127..4eb0867155 100644 --- a/crypto/openssl-0.9/ssl/ssl_txt.c +++ b/crypto/openssl-0.9/ssl/ssl_txt.c @@ -151,9 +151,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; } #endif /* OPENSSL_NO_KRB5 */ +#ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { - SSL_COMP *comp; + SSL_COMP *comp = NULL; ssl_cipher_get_evp(x,NULL,NULL,&comp); if (comp == NULL) @@ -165,6 +166,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; } } +#endif if (x->time != 0L) { if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; diff --git a/crypto/openssl-0.9/ssl/t1_clnt.c b/crypto/openssl-0.9/ssl/t1_clnt.c index 57205fb429..4d1e198cdc 100644 --- a/crypto/openssl-0.9/ssl/t1_clnt.c +++ b/crypto/openssl-0.9/ssl/t1_clnt.c @@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_client_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_client_data.ssl_connect=ssl3_connect; - TLSv1_client_data.get_ssl_method=tls1_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&TLSv1_client_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_client_method, + ssl_undefined_function, + ssl3_connect, + tls1_get_client_method) diff --git a/crypto/openssl-0.9/ssl/t1_enc.c b/crypto/openssl-0.9/ssl/t1_enc.c index cfcfedaa5d..c544c76495 100644 --- a/crypto/openssl-0.9/ssl/t1_enc.c +++ b/crypto/openssl-0.9/ssl/t1_enc.c @@ -231,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which) int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; +#ifndef OPENSSL_NO_COMP const SSL_COMP *comp; +#endif const EVP_MD *m; int is_export,n,i,j,k,exp_label_len,cl; int reuse_dd = 0; @@ -239,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which) is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; +#ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; +#endif key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG @@ -265,6 +269,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_read_ctx; s->read_hash=m; +#ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -284,6 +289,7 @@ int tls1_change_cipher_state(SSL *s, int which) if (s->s3->rrec.comp == NULL) goto err; } +#endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->read_sequence[0]),0,8); @@ -301,6 +307,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_write_ctx; s->write_hash=m; +#ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); @@ -315,6 +322,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err2; } } +#endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->write_sequence[0]),0,8); diff --git a/crypto/openssl-0.9/ssl/t1_lib.c b/crypto/openssl-0.9/ssl/t1_lib.c index 6f95fc1ca8..d4516eba71 100644 --- a/crypto/openssl-0.9/ssl/t1_lib.c +++ b/crypto/openssl-0.9/ssl/t1_lib.c @@ -62,9 +62,7 @@ const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; -static long tls1_default_timeout(void); - -static SSL3_ENC_METHOD TLSv1_enc_data={ +SSL3_ENC_METHOD TLSv1_enc_data={ tls1_enc, tls1_mac, tls1_setup_key_block, @@ -78,49 +76,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={ tls1_alert_code, }; -static SSL_METHOD TLSv1_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - tls1_default_timeout, - &TLSv1_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long tls1_default_timeout(void) +long tls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the TLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *tlsv1_base_method(void) - { - return(&TLSv1_data); - } +IMPLEMENT_tls1_meth_func(tlsv1_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int tls1_new(SSL *s) { diff --git a/crypto/openssl-0.9/ssl/t1_meth.c b/crypto/openssl-0.9/ssl/t1_meth.c index fcc243f782..f5d8df634e 100644 --- a/crypto/openssl-0.9/ssl/t1_meth.c +++ b/crypto/openssl-0.9/ssl/t1_meth.c @@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_data.ssl_connect=ssl3_connect; - TLSv1_data.ssl_accept=ssl3_accept; - TLSv1_data.get_ssl_method=tls1_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - - return(&TLSv1_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_method, + ssl3_accept, + ssl3_connect, + tls1_get_method) diff --git a/crypto/openssl-0.9/ssl/t1_srvr.c b/crypto/openssl-0.9/ssl/t1_srvr.c index 1c1149e49f..b75636abba 100644 --- a/crypto/openssl-0.9/ssl/t1_srvr.c +++ b/crypto/openssl-0.9/ssl/t1_srvr.c @@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_server_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_server_data.ssl_accept=ssl3_accept; - TLSv1_server_data.get_ssl_method=tls1_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&TLSv1_server_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_server_method, + ssl3_accept, + ssl_undefined_function, + tls1_get_server_method) diff --git a/crypto/openssl-0.9/tools/c_rehash b/crypto/openssl-0.9/tools/c_rehash index e614fb5466..3e9ba1efe4 100644 --- a/crypto/openssl-0.9/tools/c_rehash +++ b/crypto/openssl-0.9/tools/c_rehash @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl # Perl c_rehash script, scan all files in a directory -- 2.41.0