From 74093195730e5ae9cde7c17aebc40525320f2bbc Mon Sep 17 00:00:00 2001 From: Simon Schubert Date: Wed, 6 Sep 2006 12:35:33 +0000 Subject: [PATCH] Import OpenSSL 0.9.8c --- crypto/openssl-0.9/CHANGES | 190 +- crypto/openssl-0.9/FAQ | 77 +- crypto/openssl-0.9/LICENSE | 2 +- crypto/openssl-0.9/NEWS | 36 +- crypto/openssl-0.9/README | 8 +- crypto/openssl-0.9/apps/CA.pl | 4 + crypto/openssl-0.9/apps/dsa.c | 7 + crypto/openssl-0.9/apps/gendsa.c | 12 + crypto/openssl-0.9/apps/genrsa.c | 12 + crypto/openssl-0.9/apps/openssl.c | 10 +- crypto/openssl-0.9/apps/pkcs12.c | 17 +- crypto/openssl-0.9/apps/progs.h | 18 + crypto/openssl-0.9/apps/rsa.c | 7 + crypto/openssl-0.9/apps/s_client.c | 2 +- crypto/openssl-0.9/apps/smime.c | 18 +- crypto/openssl-0.9/apps/speed.c | 115 +- crypto/openssl-0.9/crypto/aes/aes.h | 11 + crypto/openssl-0.9/crypto/aes/aes_core.c | 311 +-- crypto/openssl-0.9/crypto/aes/aes_ige.c | 283 +++ crypto/openssl-0.9/crypto/aes/asm/aes-586.pl | 207 +- crypto/openssl-0.9/crypto/asn1/a_object.c | 89 +- crypto/openssl-0.9/crypto/asn1/a_strex.c | 7 +- crypto/openssl-0.9/crypto/asn1/asn1.h | 4 +- crypto/openssl-0.9/crypto/asn1/asn1_err.c | 8 +- crypto/openssl-0.9/crypto/asn1/asn1_gen.c | 2 + crypto/openssl-0.9/crypto/asn1/asn1_par.c | 5 +- crypto/openssl-0.9/crypto/asn1/t_pkey.c | 38 +- crypto/openssl-0.9/crypto/asn1/tasn_dec.c | 17 +- crypto/openssl-0.9/crypto/asn1/tasn_enc.c | 13 +- crypto/openssl-0.9/crypto/bio/bio.h | 15 +- crypto/openssl-0.9/crypto/bio/bss_conn.c | 2 +- crypto/openssl-0.9/crypto/bio/bss_file.c | 3 + crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c | 4 + crypto/openssl-0.9/crypto/bn/bn.h | 10 +- crypto/openssl-0.9/crypto/bn/bn_gf2m.c | 3 +- crypto/openssl-0.9/crypto/bn/bn_mont.c | 85 +- crypto/openssl-0.9/crypto/bn/bn_prime.c | 3 +- crypto/openssl-0.9/crypto/camellia/camellia.c | 1688 +++++++++++++++++ .../crypto/{aes/aes.h => camellia/camellia.h} | 108 +- crypto/openssl-0.9/crypto/camellia/cmll_cbc.c | 234 +++ .../{LICENSE => crypto/camellia/cmll_cfb.c} | 152 +- .../{rsa/rsa_depr.c => camellia/cmll_ctr.c} | 121 +- .../{rsa/rsa_depr.c => camellia/cmll_ecb.c} | 64 +- .../openssl-0.9/crypto/camellia/cmll_locl.h | 178 ++ .../{rsa/rsa_depr.c => camellia/cmll_misc.c} | 96 +- .../{LICENSE => crypto/camellia/cmll_ofb.c} | 58 +- crypto/openssl-0.9/crypto/comp/c_zlib.c | 141 +- crypto/openssl-0.9/crypto/dh/dh.h | 2 +- crypto/openssl-0.9/crypto/dh/dh_err.c | 2 +- crypto/openssl-0.9/crypto/dh/dh_key.c | 7 +- crypto/openssl-0.9/crypto/dso/dso.h | 2 +- crypto/openssl-0.9/crypto/ec/ec.h | 2 +- crypto/openssl-0.9/crypto/ec/ec2_smpl.c | 3 +- crypto/openssl-0.9/crypto/ec/ec_asn1.c | 21 +- crypto/openssl-0.9/crypto/ec/ec_check.c | 3 +- crypto/openssl-0.9/crypto/ec/ec_curve.c | 3 +- crypto/openssl-0.9/crypto/ec/ec_err.c | 4 +- crypto/openssl-0.9/crypto/ec/ec_lib.c | 4 +- crypto/openssl-0.9/crypto/ec/ec_mult.c | 3 +- crypto/openssl-0.9/crypto/ec/ecp_smpl.c | 3 +- crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c | 8 +- crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c | 2 +- .../openssl-0.9/crypto/engine/eng_padlock.c | 144 +- crypto/openssl-0.9/crypto/engine/engine.h | 3 +- crypto/openssl-0.9/crypto/err/err.c | 17 +- crypto/openssl-0.9/crypto/evp/c_allc.c | 28 + .../{rsa/rsa_depr.c => evp/e_camellia.c} | 99 +- crypto/openssl-0.9/crypto/evp/evp.h | 27 + crypto/openssl-0.9/crypto/evp/evp_enc.c | 16 + crypto/openssl-0.9/crypto/evp/evp_err.c | 2 + crypto/openssl-0.9/crypto/evp/evp_key.c | 3 +- crypto/openssl-0.9/crypto/evp/p5_crpt2.c | 11 +- crypto/openssl-0.9/crypto/idea/i_skey.c | 5 +- crypto/openssl-0.9/crypto/idea/idea.h | 2 +- crypto/openssl-0.9/crypto/objects/obj_dat.c | 188 +- crypto/openssl-0.9/crypto/objects/obj_dat.h | 100 +- crypto/openssl-0.9/crypto/objects/obj_lib.c | 3 +- crypto/openssl-0.9/crypto/objects/obj_mac.h | 88 + crypto/openssl-0.9/crypto/opensslv.h | 6 +- crypto/openssl-0.9/crypto/perlasm/x86asm.pl | 2 +- crypto/openssl-0.9/crypto/perlasm/x86unix.pl | 14 +- crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c | 6 +- crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c | 4 +- crypto/openssl-0.9/crypto/rand/rand_unix.c | 104 +- crypto/openssl-0.9/crypto/rsa/rsa.h | 5 +- crypto/openssl-0.9/crypto/rsa/rsa_depr.c | 3 +- crypto/openssl-0.9/crypto/rsa/rsa_eay.c | 66 +- crypto/openssl-0.9/crypto/rsa/rsa_err.c | 11 +- crypto/openssl-0.9/crypto/rsa/rsa_gen.c | 7 +- crypto/openssl-0.9/crypto/rsa/rsa_lib.c | 2 + crypto/openssl-0.9/crypto/rsa/rsa_sign.c | 17 + crypto/openssl-0.9/crypto/store/str_meth.c | 4 +- crypto/openssl-0.9/crypto/x509/x509_r2x.c | 6 +- crypto/openssl-0.9/crypto/x509/x509_vpm.c | 9 + crypto/openssl-0.9/crypto/x509v3/pcy_tree.c | 1 + crypto/openssl-0.9/crypto/x509v3/v3err.c | 8 +- crypto/openssl-0.9/crypto/x509v3/x509v3.h | 2 +- crypto/openssl-0.9/crypto/x86cpuid.pl | 39 + crypto/openssl-0.9/doc/openssl.txt | 2 +- crypto/openssl-0.9/doc/ssleay.txt | 2 +- crypto/openssl-0.9/doc/standards.txt | 13 +- crypto/openssl-0.9/e_os2.h | 7 + crypto/openssl-0.9/engines/e_cswift.c | 13 +- crypto/openssl-0.9/engines/e_sureware.c | 2 + crypto/openssl-0.9/ssl/d1_clnt.c | 4 +- crypto/openssl-0.9/ssl/d1_enc.c | 5 +- crypto/openssl-0.9/ssl/d1_pkt.c | 8 +- crypto/openssl-0.9/ssl/d1_srvr.c | 4 +- crypto/openssl-0.9/ssl/s23_clnt.c | 4 +- crypto/openssl-0.9/ssl/s23_meth.c | 12 +- crypto/openssl-0.9/ssl/s23_srvr.c | 2 +- crypto/openssl-0.9/ssl/s2_clnt.c | 2 +- crypto/openssl-0.9/ssl/s2_lib.c | 2 +- crypto/openssl-0.9/ssl/s2_srvr.c | 2 +- crypto/openssl-0.9/ssl/s3_clnt.c | 37 +- crypto/openssl-0.9/ssl/s3_lib.c | 649 ++++--- crypto/openssl-0.9/ssl/s3_srvr.c | 48 +- crypto/openssl-0.9/ssl/ssl.h | 141 +- crypto/openssl-0.9/ssl/ssl_algs.c | 9 + crypto/openssl-0.9/ssl/ssl_asn1.c | 2 +- crypto/openssl-0.9/ssl/ssl_cert.c | 30 +- crypto/openssl-0.9/ssl/ssl_ciph.c | 175 +- crypto/openssl-0.9/ssl/ssl_err.c | 10 +- crypto/openssl-0.9/ssl/ssl_lib.c | 2 +- crypto/openssl-0.9/ssl/ssl_locl.h | 5 +- crypto/openssl-0.9/ssl/ssl_sess.c | 4 +- crypto/openssl-0.9/ssl/t1_enc.c | 10 +- crypto/openssl-0.9/ssl/tls1.h | 138 +- 128 files changed, 5468 insertions(+), 1492 deletions(-) create mode 100644 crypto/openssl-0.9/crypto/aes/aes_ige.c create mode 100644 crypto/openssl-0.9/crypto/camellia/camellia.c copy crypto/openssl-0.9/crypto/{aes/aes.h => camellia/camellia.h} (57%) create mode 100644 crypto/openssl-0.9/crypto/camellia/cmll_cbc.c copy crypto/openssl-0.9/{LICENSE => crypto/camellia/cmll_cfb.c} (63%) copy crypto/openssl-0.9/crypto/{rsa/rsa_depr.c => camellia/cmll_ctr.c} (50%) copy crypto/openssl-0.9/crypto/{rsa/rsa_depr.c => camellia/cmll_ecb.c} (68%) create mode 100644 crypto/openssl-0.9/crypto/camellia/cmll_locl.h copy crypto/openssl-0.9/crypto/{rsa/rsa_depr.c => camellia/cmll_misc.c} (63%) copy crypto/openssl-0.9/{LICENSE => crypto/camellia/cmll_ofb.c} (86%) copy crypto/openssl-0.9/crypto/{rsa/rsa_depr.c => evp/e_camellia.c} (58%) diff --git a/crypto/openssl-0.9/CHANGES b/crypto/openssl-0.9/CHANGES index a84cebf5fc..0cfc559e94 100644 --- a/crypto/openssl-0.9/CHANGES +++ b/crypto/openssl-0.9/CHANGES @@ -2,13 +2,115 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8b and 0.9.8c [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Add AES IGE and biIGE modes. + [Ben Laurie] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. + [Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key + versions), which is now available for royalty-free use + (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + Also, add Camellia TLS ciphersuites from RFC 4132. + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, Camellia remains excluded from compilation unless OpenSSL + is configured with 'enable-camellia'. + [NTT] + + *) Disable the padding bug check when compression is in use. The padding + bug check assumes the first packet is of even length, this is not + necessarily true if compresssion is enabled and can result in false + positives causing handshake failure. The actual bug test is ancient + code so it is hoped that implementations will either have fixed it by + now or any which still have the bug do not support compression. + [Steve Henson] + + Changes between 0.9.8a and 0.9.8b [04 May 2006] + + *) When applying a cipher rule check to see if string match is an explicit + cipher suite and only match that one cipher suite if it is. + [Steve Henson] + + *) Link in manifests for VC++ if needed. + [Austin Ziegler ] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-12.txt with proposed changes (but without + TLS extensions, which are supported starting with the 0.9.9 + branch, not in the OpenSSL 0.9.8 branch). + [Douglas Stebila] + + *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support + opaque EVP_CIPHER_CTX handling. + [Steve Henson] + + *) Fixes and enhancements to zlib compression code. We now only use + "zlib1.dll" and use the default __cdecl calling convention on Win32 + to conform with the standards mentioned here: + http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include + --with-zlib-lib options to Configure can be used to supply the location + of the headers and library. Gracefully handle case where zlib library + can't be loaded. + [Steve Henson] + + *) Several fixes and enhancements to the OID generation code. The old code + sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't + handle numbers larger than ULONG_MAX, truncated printing and had a + non standard OBJ_obj2txt() behaviour. + [Steve Henson] + + *) Add support for building of engines under engine/ as shared libraries + under VC++ build system. + [Steve Henson] + + *) Corrected the numerous bugs in the Win32 path splitter in DSO. + Hopefully, we will not see any false combination of paths any more. + [Richard Levitte] + Changes between 0.9.8 and 0.9.8a [11 Oct 2005] *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad - idea. (CAN-2005-2969) + idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial @@ -41,6 +143,9 @@ Changes between 0.9.7h and 0.9.8 [05 Jul 2005] + [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + *) Add libcrypto.pc and libssl.pc for those who feel they need them. [Richard Levitte] @@ -858,13 +963,66 @@ differing sizes. [Richard Levitte] + Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + Changes between 0.9.7i and 0.9.7j [04 May 2006] + + *) Adapt fipsld and the build system to link against the validated FIPS + module in FIPS mode. + [Steve Henson] + + *) Fixes for VC++ 2005 build under Windows. + [Steve Henson] + + *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make + from a Windows bash shell such as MSYS. It is autodetected from the + "config" script when run from a VC++ environment. Modify standard VC++ + build to use fipscanister.o from the GNU make build. + [Steve Henson] + + Changes between 0.9.7h and 0.9.7i [14 Oct 2005] + + *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. + The value now differs depending on if you build for FIPS or not. + BEWARE! A program linked with a shared FIPSed libcrypto can't be + safely run with a non-FIPSed libcrypto, as it may crash because of + the difference induced by this change. + [Andy Polyakov] + Changes between 0.9.7g and 0.9.7h [11 Oct 2005] *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad - idea. + idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial @@ -1029,11 +1187,11 @@ Changes between 0.9.7c and 0.9.7d [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed - by using the Codenomicon TLS Test Tool (CAN-2004-0079) + by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites - (CAN-2004-0112) + (CVE-2004-0112) [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same @@ -1076,9 +1234,9 @@ *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with - invalid tags (CAN-2003-0543 and CAN-2003-0544). + invalid tags (CVE-2003-0543 and CVE-2003-0544). - Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. @@ -1163,7 +1321,7 @@ via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish - between bad padding and a MAC verification error. (CAN-2003-0078) + between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and @@ -1380,7 +1538,7 @@ Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized master key in Kerberos-enabled versions. - (CAN-2002-0657) + (CVE-2002-0657) [Ben Laurie (CHATS)] *) Change the SSL kerb5 codes to match RFC 2712. @@ -3064,7 +3222,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed - by using the Codenomicon TLS Test Tool (CAN-2004-0079) + by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] @@ -3072,7 +3230,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with - certain ASN.1 tags (CAN-2003-0851) + certain ASN.1 tags (CVE-2003-0851) [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] @@ -3080,7 +3238,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with - invalid tags (CAN-2003-0543 and CAN-2003-0544). + invalid tags (CVE-2003-0543 and CVE-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. @@ -3132,7 +3290,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish - between bad padding and a MAC verification error. (CAN-2003-0078) + between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and @@ -3265,7 +3423,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the - supplied buffer. (CAN-2002-0659) + supplied buffer. (CVE-2002-0659) [Steve Henson, Adi Stav , James Yonan ] *) Assertions for various potential buffer overflows, not known to @@ -3273,15 +3431,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were - too small for 64 bit platforms. (CAN-2002-0655) + too small for 64 bit platforms. (CVE-2002-0655) [Matthew Byng-Maddick and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could - supply an oversized session ID to a client. (CAN-2002-0656) + supply an oversized session ID to a client. (CVE-2002-0656) [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could - supply an oversized client master key. (CAN-2002-0656) + supply an oversized client master key. (CVE-2002-0656) [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] diff --git a/crypto/openssl-0.9/FAQ b/crypto/openssl-0.9/FAQ index 0755cb24eb..45c09d5c23 100644 --- a/crypto/openssl-0.9/FAQ +++ b/crypto/openssl-0.9/FAQ @@ -31,6 +31,7 @@ OpenSSL - Frequently Asked Questions * Why does my browser give a warning about a mismatched hostname? * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? +* What is a "128 bit certificate"? Can I create one with OpenSSL? [BUILD] Questions about building and testing OpenSSL @@ -48,6 +49,7 @@ OpenSSL - Frequently Asked Questions * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? * Why does the OpenSSL test suite fail in sha512t on x86 CPU? * Why does compiler fail to compile sha512.c? +* Test suite still fails, what to do? [PROG] Questions about programming with OpenSSL @@ -72,7 +74,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8a was released on October 11th, 2005. +OpenSSL 0.9.8c was released on September 5th, 2006. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at /include/openssl/applink.c and should be either added to -your project or simply #include-d in one [and only one] of your source -files. Failure to do either manifests itself as fatal "no -OPENSSL_Applink" error. +your application project or simply #include-d in one [and only one] +of your application source files. Failure to link this shim module +into your application manifests itself as fatal "no OPENSSL_Applink" +run-time error. An explicit reminder is due that in this situation +[mixing compiler options] it is as important to add CRYPTO_malloc_init +prior first call to OpenSSL. * How do I read or write a DER encoded buffer using the ASN1 functions? diff --git a/crypto/openssl-0.9/LICENSE b/crypto/openssl-0.9/LICENSE index e6afecc724..c21f132db5 100644 --- a/crypto/openssl-0.9/LICENSE +++ b/crypto/openssl-0.9/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssl-0.9/NEWS b/crypto/openssl-0.9/NEWS index 4fb708bc1f..6bda70f39b 100644 --- a/crypto/openssl-0.9/NEWS +++ b/crypto/openssl-0.9/NEWS @@ -5,9 +5,24 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: + + o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 + o New cipher Camellia + + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: + + o Cipher string fixes. + o Fixes for VC++ 2005. + o Updated ECC cipher suite support. + o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). + o Zlib compression usage fixes. + o Built in dynamic engine compilation support on Win32. + o Fixes auto dynamic engine loading in Win32. + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: - o Fix potential SSL 2.0 rollback, CAN-2005-2969 + o Fix potential SSL 2.0 rollback, CVE-2005-2969 o Extended Windows CE support Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: @@ -84,6 +99,25 @@ o Added initial support for Win64. o Added alternate pkg-config files. + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: + + o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 + + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: + + o Visual C++ 2005 fixes. + o Update Windows build system for FIPS. + + Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: + + o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. + + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: + + o Fix SSL 2.0 Rollback, CVE-2005-2969 + o Allow use of fixed-length exponent on DSA signing + o Default fixed-window RSA, DSA, DH private-key operations + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: o More compilation issues fixed. diff --git a/crypto/openssl-0.9/README b/crypto/openssl-0.9/README index 2d1236afb9..b719e48c7c 100644 --- a/crypto/openssl-0.9/README +++ b/crypto/openssl-0.9/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.8a 11 Oct 2005 + OpenSSL 0.9.8c 05 Sep 2006 - Copyright (c) 1998-2005 The OpenSSL Project + Copyright (c) 1998-2006 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -113,6 +113,10 @@ The MDC2 algorithm is patented by IBM. + NTT and Mitsubishi have patents and pending patents on the Camellia + algorithm, but allow use at no charge without requiring an explicit + licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + INSTALLATION ------------ diff --git a/crypto/openssl-0.9/apps/CA.pl b/crypto/openssl-0.9/apps/CA.pl index 8ef8ac1c83..c783a6e6a5 100644 --- a/crypto/openssl-0.9/apps/CA.pl +++ b/crypto/openssl-0.9/apps/CA.pl @@ -94,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -113,6 +116,7 @@ foreach (@ARGV) { system ("$CA -create_serial " . "-out ${CATOP}/$CACERT $CADAYS -batch " . "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . "-infiles ${CATOP}/$CAREQ "); $RET=$?; } diff --git a/crypto/openssl-0.9/apps/dsa.c b/crypto/openssl-0.9/apps/dsa.c index a5ec5d7e6c..d503031ec3 100644 --- a/crypto/openssl-0.9/apps/dsa.c +++ b/crypto/openssl-0.9/apps/dsa.c @@ -84,6 +84,9 @@ * -aes128 - encrypt output if PEM format * -aes192 - encrypt output if PEM format * -aes256 - encrypt output if PEM format + * -camellia128 - encrypt output if PEM format + * -camellia192 - encrypt output if PEM format + * -camellia256 - encrypt output if PEM format * -text - print a text version * -modulus - print the DSA public key */ @@ -211,6 +214,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/crypto/openssl-0.9/apps/gendsa.c b/crypto/openssl-0.9/apps/gendsa.c index 828e27f1c0..936a42b810 100644 --- a/crypto/openssl-0.9/apps/gendsa.c +++ b/crypto/openssl-0.9/apps/gendsa.c @@ -147,6 +147,14 @@ int MAIN(int argc, char **argv) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { @@ -174,6 +182,10 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); +#endif #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); #endif diff --git a/crypto/openssl-0.9/apps/genrsa.c b/crypto/openssl-0.9/apps/genrsa.c index 4f62cfd04f..d716a3cde3 100644 --- a/crypto/openssl-0.9/apps/genrsa.c +++ b/crypto/openssl-0.9/apps/genrsa.c @@ -167,6 +167,14 @@ int MAIN(int argc, char **argv) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (strcmp(*argv,"-passout") == 0) { @@ -190,6 +198,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); diff --git a/crypto/openssl-0.9/apps/openssl.c b/crypto/openssl-0.9/apps/openssl.c index 02d86d546d..47aee5b712 100644 --- a/crypto/openssl-0.9/apps/openssl.c +++ b/crypto/openssl-0.9/apps/openssl.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -445,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) for (fp=functions; fp->name != NULL; fp++) { nl=0; +#ifdef OPENSSL_NO_CAMELLIA if (((i++) % 5) == 0) +#else + if (((i++) % 4) == 0) +#endif { BIO_printf(bio_err,"\n"); nl=1; @@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); } } +#ifdef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,"%-15s",fp->name); +#else + BIO_printf(bio_err,"%-18s",fp->name); +#endif } BIO_printf(bio_err,"\n\n"); ret=0; diff --git a/crypto/openssl-0.9/apps/pkcs12.c b/crypto/openssl-0.9/apps/pkcs12.c index c22c00fce1..308f9208a1 100644 --- a/crypto/openssl-0.9/apps/pkcs12.c +++ b/crypto/openssl-0.9/apps/pkcs12.c @@ -3,7 +3,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -161,6 +161,11 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); #endif else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) @@ -303,6 +308,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); @@ -825,12 +834,14 @@ int alg_print (BIO *x, X509_ALGOR *alg) PBEPARAM *pbe; const unsigned char *p; p = alg->parameter->value.sequence->data; - pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); + pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + if (!pbe) + return 1; BIO_printf (bio_err, "%s, Iteration %ld\n", OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); - return 0; + return 1; } /* Load all certificates from a given file */ diff --git a/crypto/openssl-0.9/apps/progs.h b/crypto/openssl-0.9/apps/progs.h index dc665c53a7..011974b216 100644 --- a/crypto/openssl-0.9/apps/progs.h +++ b/crypto/openssl-0.9/apps/progs.h @@ -165,6 +165,24 @@ FUNCTION functions[] = { #endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, #endif {FUNC_TYPE_CIPHER,"base64",enc_main}, #ifndef OPENSSL_NO_DES diff --git a/crypto/openssl-0.9/apps/rsa.c b/crypto/openssl-0.9/apps/rsa.c index d5cb7b7212..cf09a190ca 100644 --- a/crypto/openssl-0.9/apps/rsa.c +++ b/crypto/openssl-0.9/apps/rsa.c @@ -84,6 +84,9 @@ * -aes128 - encrypt output if PEM format * -aes192 - encrypt output if PEM format * -aes256 - encrypt output if PEM format + * -camellia128 - encrypt output if PEM format + * -camellia192 - encrypt output if PEM format + * -camellia256 - encrypt output if PEM format * -text - print a text version * -modulus - print the RSA key modulus * -check - verify key consistency @@ -211,6 +214,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/crypto/openssl-0.9/apps/s_client.c b/crypto/openssl-0.9/apps/s_client.c index cfee531349..4a1857f3a8 100644 --- a/crypto/openssl-0.9/apps/s_client.c +++ b/crypto/openssl-0.9/apps/s_client.c @@ -188,7 +188,7 @@ static void sc_usage(void) BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); diff --git a/crypto/openssl-0.9/apps/smime.c b/crypto/openssl-0.9/apps/smime.c index 250fd69a98..830f18cd84 100644 --- a/crypto/openssl-0.9/apps/smime.c +++ b/crypto/openssl-0.9/apps/smime.c @@ -160,6 +160,14 @@ int MAIN(int argc, char **argv) cipher = EVP_aes_192_cbc(); else if (!strcmp(*args,"-aes256")) cipher = EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); #endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; @@ -423,6 +431,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); @@ -638,12 +650,6 @@ int MAIN(int argc, char **argv) if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); - /* Don't need to rewind for partial signing */ - if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) - { - BIO_printf(bio_err, "Can't rewind input file\n"); - goto end; - } } else { diff --git a/crypto/openssl-0.9/apps/speed.c b/crypto/openssl-0.9/apps/speed.c index 474f20c5a4..7858aee76e 100644 --- a/crypto/openssl-0.9/apps/speed.c +++ b/crypto/openssl-0.9/apps/speed.c @@ -164,6 +164,9 @@ #ifndef OPENSSL_NO_AES #include #endif +#ifndef OPENSSL_NO_CAMELLIA +#include +#endif #ifndef OPENSSL_NO_MD2 #include #endif @@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif -#define ALGOR_NUM 21 +#define ALGOR_NUM 24 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -281,7 +284,9 @@ static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", - "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"}; + "aes-128 cbc","aes-192 cbc","aes-256 cbc", + "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", + "evp","sha256","sha512"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; @@ -548,6 +553,17 @@ int MAIN(int argc, char **argv) 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; #endif +#ifndef OPENSSL_NO_CAMELLIA + static const unsigned char ckey24[24]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static const unsigned char ckey32[32]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, + 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -567,6 +583,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES AES_KEY aes_ks1, aes_ks2, aes_ks3; #endif +#ifndef OPENSSL_NO_CAMELLIA + CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; +#endif #define D_MD2 0 #define D_MDC2 1 #define D_MD4 2 @@ -585,9 +604,12 @@ int MAIN(int argc, char **argv) #define D_CBC_128_AES 15 #define D_CBC_192_AES 16 #define D_CBC_256_AES 17 -#define D_EVP 18 -#define D_SHA256 19 -#define D_SHA512 20 +#define D_CBC_128_CML 18 +#define D_CBC_192_CML 19 +#define D_CBC_256_CML 20 +#define D_EVP 21 +#define D_SHA256 22 +#define D_SHA512 23 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -930,6 +952,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; + else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1; + else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1; + else +#endif #ifndef OPENSSL_NO_RSA #if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) @@ -1000,6 +1028,15 @@ int MAIN(int argc, char **argv) } else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia") == 0) + { + doit[D_CBC_128_CML]=1; + doit[D_CBC_192_CML]=1; + doit[D_CBC_256_CML]=1; + } + else +#endif #ifndef OPENSSL_NO_RSA if (strcmp(*argv,"rsa") == 0) { @@ -1126,6 +1163,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc "); +#endif #ifndef OPENSSL_NO_RC4 BIO_printf(bio_err,"rc4"); #endif @@ -1163,6 +1204,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"camellia "); +#endif #ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa "); #endif @@ -1171,7 +1215,8 @@ int MAIN(int argc, char **argv) #endif #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ - !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \ + !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err,"\n"); #endif @@ -1265,6 +1310,11 @@ int MAIN(int argc, char **argv) AES_set_encrypt_key(key24,192,&aes_ks2); AES_set_encrypt_key(key32,256,&aes_ks3); #endif +#ifndef OPENSSL_NO_CAMELLIA + Camellia_set_key(key16,128,&camellia_ks1); + Camellia_set_key(ckey24,192,&camellia_ks2); + Camellia_set_key(ckey32,256,&camellia_ks3); +#endif #ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif @@ -1318,6 +1368,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][0]=count; c[D_CBC_192_AES][0]=count; c[D_CBC_256_AES][0]=count; + c[D_CBC_128_CML][0]=count; + c[D_CBC_192_CML][0]=count; + c[D_CBC_256_CML][0]=count; c[D_SHA256][0]=count; c[D_SHA512][0]=count; @@ -1350,6 +1403,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; + c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1; + c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1; + c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1; } #ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; @@ -1743,6 +1799,51 @@ int MAIN(int argc, char **argv) } } +#endif +#ifndef OPENSSL_NO_CAMELLIA + if (doit[D_CBC_128_CML]) + { + for (j=0; j> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -788,10 +673,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -810,10 +695,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -823,10 +708,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); + (Te2[(temp >> 24) ] & 0xff000000) ^ + (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(temp ) & 0xff] & 0x000000ff); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; @@ -865,25 +750,25 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, for (i = 1; i < (key->rounds); i++) { rk += 4; rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[0] ) & 0xff] & 0xff]; rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[1] ) & 0xff] & 0xff]; rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[2] ) & 0xff] & 0xff]; rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[3] ) & 0xff] & 0xff]; } return 0; } @@ -1051,31 +936,31 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, * map cipher state to byte array block: */ s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ + (Te2[(t0 >> 24) ] & 0xff000000) ^ + (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t3 ) & 0xff] & 0x000000ff) ^ rk[0]; PUTU32(out , s0); s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ + (Te2[(t1 >> 24) ] & 0xff000000) ^ + (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t0 ) & 0xff] & 0x000000ff) ^ rk[1]; PUTU32(out + 4, s1); s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ + (Te2[(t2 >> 24) ] & 0xff000000) ^ + (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t1 ) & 0xff] & 0x000000ff) ^ rk[2]; PUTU32(out + 8, s2); s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ + (Te2[(t3 >> 24) ] & 0xff000000) ^ + (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t2 ) & 0xff] & 0x000000ff) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1242,31 +1127,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, * map cipher state to byte array block: */ s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + (Td4[(t0 >> 24) ] << 24) ^ + (Td4[(t3 >> 16) & 0xff] << 16) ^ + (Td4[(t2 >> 8) & 0xff] << 8) ^ + (Td4[(t1 ) & 0xff]) ^ rk[0]; PUTU32(out , s0); s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + (Td4[(t1 >> 24) ] << 24) ^ + (Td4[(t0 >> 16) & 0xff] << 16) ^ + (Td4[(t3 >> 8) & 0xff] << 8) ^ + (Td4[(t2 ) & 0xff]) ^ rk[1]; PUTU32(out + 4, s1); s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + (Td4[(t2 >> 24) ] << 24) ^ + (Td4[(t1 >> 16) & 0xff] << 16) ^ + (Td4[(t0 >> 8) & 0xff] << 8) ^ + (Td4[(t3 ) & 0xff]) ^ rk[2]; PUTU32(out + 8, s2); s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + (Td4[(t3 >> 24) ] << 24) ^ + (Td4[(t2 >> 16) & 0xff] << 16) ^ + (Td4[(t1 >> 8) & 0xff] << 8) ^ + (Td4[(t0 ) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } diff --git a/crypto/openssl-0.9/crypto/aes/aes_ige.c b/crypto/openssl-0.9/crypto/aes/aes_ige.c new file mode 100644 index 0000000000..2082d060cf --- /dev/null +++ b/crypto/openssl-0.9/crypto/aes/aes_ige.c @@ -0,0 +1,283 @@ +/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "cryptlib.h" + +#include +#include "aes_locl.h" + +/* +static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) + { + int n=0; + + fprintf(f,"%s",title); + for( ; n < l ; ++n) + { + if((n%16) == 0) + fprintf(f,"\n%04x",n); + fprintf(f," %02x",s[n]); + } + fprintf(f,"\n"); + } +*/ + +/* N.B. The IV for this mode is _twice_ the block size */ + +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, const int enc) + { + unsigned long n; + unsigned long len = length; + unsigned char tmp[AES_BLOCK_SIZE]; + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char prev[AES_BLOCK_SIZE]; + const unsigned char *iv = ivec; + const unsigned char *iv2 = ivec + AES_BLOCK_SIZE; + + OPENSSL_assert(in && out && key && ivec); + OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); + OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); + + if (AES_ENCRYPT == enc) + { + /* XXX: Do a separate case for when in != out (strictly should + check for overlap, too) */ + while (len >= AES_BLOCK_SIZE) + { + /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] = in[n] ^ iv[n]; + /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */ + AES_encrypt(out, out, key); + /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv2[n]; + /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ + iv = out; + memcpy(prev, in, AES_BLOCK_SIZE); + iv2 = prev; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); + } + else + { + while (len >= AES_BLOCK_SIZE) + { + memcpy(tmp, in, AES_BLOCK_SIZE); + memcpy(tmp2, in, AES_BLOCK_SIZE); + /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + tmp[n] ^= iv2[n]; + /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */ + AES_decrypt(tmp, out, key); + /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= ivec[n]; + /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ + memcpy(ivec, tmp2, AES_BLOCK_SIZE); + iv2 = out; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); + } + } + +/* + * Note that its effectively impossible to do biIGE in anything other + * than a single pass, so no provision is made for chaining. + */ + +/* N.B. The IV for this mode is _four times_ the block size */ + +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc) + { + unsigned long n; + unsigned long len = length; + unsigned char tmp[AES_BLOCK_SIZE]; + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; + unsigned char prev[AES_BLOCK_SIZE]; + const unsigned char *iv; + const unsigned char *iv2; + + OPENSSL_assert(in && out && key && ivec); + OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); + OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); + + if (AES_ENCRYPT == enc) + { + /* XXX: Do a separate case for when in != out (strictly should + check for overlap, too) */ + + /* First the forward pass */ + iv = ivec; + iv2 = ivec + AES_BLOCK_SIZE; + while (len >= AES_BLOCK_SIZE) + { + /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] = in[n] ^ iv[n]; + /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */ + AES_encrypt(out, out, key); + /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv2[n]; + /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ + iv = out; + memcpy(prev, in, AES_BLOCK_SIZE); + iv2 = prev; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + /* And now backwards */ + iv = ivec + AES_BLOCK_SIZE*2; + iv2 = ivec + AES_BLOCK_SIZE*3; + len = length; + while(len >= AES_BLOCK_SIZE) + { + out -= AES_BLOCK_SIZE; + /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ + /* XXX: reduce copies by alternating between buffers */ + memcpy(tmp, out, AES_BLOCK_SIZE); + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv[n]; + /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ + AES_encrypt(out, out, key); + /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv2[n]; + /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ + iv = out; + memcpy(prev, tmp, AES_BLOCK_SIZE); + iv2 = prev; + len -= AES_BLOCK_SIZE; + } + } + else + { + /* First backwards */ + iv = ivec + AES_BLOCK_SIZE*2; + iv2 = ivec + AES_BLOCK_SIZE*3; + in += length; + out += length; + while (len >= AES_BLOCK_SIZE) + { + in -= AES_BLOCK_SIZE; + out -= AES_BLOCK_SIZE; + memcpy(tmp, in, AES_BLOCK_SIZE); + memcpy(tmp2, in, AES_BLOCK_SIZE); + /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + tmp[n] ^= iv2[n]; + /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */ + AES_decrypt(tmp, out, key); + /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv[n]; + /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ + memcpy(tmp3, tmp2, AES_BLOCK_SIZE); + iv = tmp3; + iv2 = out; + len -= AES_BLOCK_SIZE; + } + + /* And now forwards */ + iv = ivec; + iv2 = ivec + AES_BLOCK_SIZE; + len = length; + while (len >= AES_BLOCK_SIZE) + { + memcpy(tmp, out, AES_BLOCK_SIZE); + memcpy(tmp2, out, AES_BLOCK_SIZE); + /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + tmp[n] ^= iv2[n]; + /* hexdump(stdout, "out ^ iv2", tmp, AES_BLOCK_SIZE); */ + AES_decrypt(tmp, out, key); + /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ + /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */ + for(n=0 ; n < AES_BLOCK_SIZE ; ++n) + out[n] ^= iv[n]; + /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ + memcpy(tmp3, tmp2, AES_BLOCK_SIZE); + iv = tmp3; + iv2 = out; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + } + } diff --git a/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl b/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl index c120623881..2774d1cb49 100755 --- a/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl +++ b/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl @@ -6,7 +6,7 @@ # forms are granted according to the OpenSSL license. # ==================================================================== # -# Version 3.4. +# Version 3.6. # # You might fail to appreciate this module performance from the first # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered @@ -66,6 +66,13 @@ # stack. This unfortunately has rather strong impact on small block CBC # performance, ~2x deterioration on 16-byte block if compared to 3.3. # +# Version 3.5 checks if there is L1 cache aliasing between user-supplied +# key schedule and S-boxes and abstains from copying the former if +# there is no. This allows end-user to consciously retain small block +# performance by aligning key schedule in specific manner. +# +# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. +# # Current ECB performance numbers for 128-bit key in CPU cycles per # processed byte [measure commonly used by AES benchmarkers] are: # @@ -505,28 +512,27 @@ sub declast() if($i==3) { &mov ($key,&DWP(12,"esp")); } else { &mov ($out,$s[0]); } &and ($out,0xFF); - &mov ($out,&DWP(2048,$td,$out,4)); - &and ($out,0x000000ff); + &movz ($out,&DWP(2048,$td,$out,1)); if ($i==3) { $tmp=$s[1]; } &movz ($tmp,&HB($s[1])); - &mov ($tmp,&DWP(2048,$td,$tmp,4)); - &and ($tmp,0x0000ff00); + &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &shl ($tmp,8); &xor ($out,$tmp); if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } else { mov ($tmp,$s[2]); } &shr ($tmp,16); &and ($tmp,0xFF); - &mov ($tmp,&DWP(2048,$td,$tmp,4)); - &and ($tmp,0x00ff0000); + &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &shl ($tmp,16); &xor ($out,$tmp); if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } else { &mov ($tmp,$s[3]); } &shr ($tmp,24); - &mov ($tmp,&DWP(2048,$td,$tmp,4)); - &and ($tmp,0xff000000); + &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &shl ($tmp,24); &xor ($out,$tmp); if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } @@ -687,70 +693,38 @@ sub declast() &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); #Td4: - &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5); - &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838); - &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e); - &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb); - &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282); - &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787); - &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444); - &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb); - &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232); - &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d); - &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b); - &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e); - &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666); - &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2); - &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949); - &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525); - &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464); - &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616); - &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc); - &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292); - &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050); - &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada); - &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757); - &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484); - &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000); - &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a); - &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505); - &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606); - &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f); - &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202); - &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303); - &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b); - &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141); - &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea); - &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece); - &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373); - &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222); - &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585); - &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8); - &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e); - &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171); - &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989); - &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e); - &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b); - &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b); - &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020); - &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe); - &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4); - &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333); - &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131); - &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959); - &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f); - &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9); - &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d); - &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f); - &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef); - &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d); - &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0); - &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c); - &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161); - &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e); - &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626); - &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363); - &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d); + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); &function_end_B("_x86_AES_decrypt"); # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); @@ -770,6 +744,18 @@ sub declast() &blindpop("ebp"); &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); + # prefetch Td4 + &lea ("ebp",&DWP(2048+128,"ebp")); + &mov ($s0,&DWP(0-128,"ebp")); + &mov ($s1,&DWP(32-128,"ebp")); + &mov ($s2,&DWP(64-128,"ebp")); + &mov ($s3,&DWP(96-128,"ebp")); + &mov ($s0,&DWP(128-128,"ebp")); + &mov ($s1,&DWP(160-128,"ebp")); + &mov ($s2,&DWP(192-128,"ebp")); + &mov ($s3,&DWP(224-128,"ebp")); + &lea ("ebp",&DWP(-2048-128,"ebp")); + &mov ($s0,&DWP(0,$acc)); # load input data &mov ($s1,&DWP(4,$acc)); &mov ($s2,&DWP(8,$acc)); @@ -805,6 +791,7 @@ my $_ivp=&DWP(36,"esp"); #copy of wparam(4) my $_tmp=&DWP(40,"esp"); #volatile variable my $ivec=&DWP(44,"esp"); #ivec[16] my $aes_key=&DWP(60,"esp"); #copy of aes_key +my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &public_label("AES_Te"); &public_label("AES_Td"); @@ -865,18 +852,27 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &mov ($_key,$s3); # save copy of key &mov ($_ivp,$acc); # save copy of ivp + &mov ($mark,0); # copy of aes_key->rounds = 0; if ($compromise) { &cmp ($s2,$compromise); &jb (&label("skip_ecopy")); } - # copy key schedule to stack - &mov ("ecx",244/4); + # do we copy key schedule to stack? + &mov ($s1 eq "ebx" ? $s1 : "",$s3); + &mov ($s2 eq "ecx" ? $s2 : "",244/4); + &sub ($s1,"ebp"); &mov ("esi",$s3); + &and ($s1,0xfff); &lea ("edi",$aes_key); - &mov ($_key,"edi"); + &cmp ($s1,2048); + &jb (&label("do_ecopy")); + &cmp ($s1,4096-244); + &jb (&label("skip_ecopy")); &align (4); - &data_word(0xF689A5F3); # rep movsd - &set_label("skip_ecopy") if ($compromise); + &set_label("do_ecopy"); + &mov ($_key,"edi"); + &data_word(0xA5F3F689); # rep movsd + &set_label("skip_ecopy"); &mov ($acc,$s0); &mov ($key,16); @@ -942,18 +938,16 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &mov (&DWP(8,$acc),$s2); &mov (&DWP(12,$acc),$s3); + &cmp ($mark,0); # was the key schedule copied? &mov ("edi",$_key); &mov ("esp",$_esp); - if ($compromise) { - &cmp (&wparam(2),$compromise); - &jb (&label("skip_ezero")); - } + &je (&label("skip_ezero")); # zero copy of key schedule &mov ("ecx",240/4); &xor ("eax","eax"); &align (4); - &data_word(0xF689ABF3); # rep stosd - &set_label("skip_ezero") if ($compromise); + &data_word(0xABF3F689); # rep stosd + &set_label("skip_ezero") &popf (); &set_label("enc_out"); &function_end_A(); @@ -968,7 +962,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &cmp ($key,$acc); # compare with inp &je (&label("enc_in_place")); &align (4); - &data_word(0xF689A4F3); # rep movsb # copy input + &data_word(0xA4F3F689); # rep movsb # copy input &jmp (&label("enc_skip_in_place")); &set_label("enc_in_place"); &lea ($key,&DWP(0,$key,$s2)); @@ -976,7 +970,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &mov ($s2,$s1); &xor ($s0,$s0); &align (4); - &data_word(0xF689AAF3); # rep stosb # zero tail + &data_word(0xAAF3F689); # rep stosb # zero tail &pop ($key); # pop ivp &mov ($acc,$_out); # output as input @@ -996,10 +990,10 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key # ... and make sure it doesn't alias with AES_Td modulo 4096 &mov ($s0,"ebp"); - &lea ($s1,&DWP(3072,"ebp")); + &lea ($s1,&DWP(2048+256,"ebp")); &mov ($s3,$key); &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+3072)&0xfff + &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff &and ($s3,0xfff); # p = %esp&0xfff &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); @@ -1030,21 +1024,30 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &mov ($_key,$s3); # save copy of key &mov ($_ivp,$acc); # save copy of ivp + &mov ($mark,0); # copy of aes_key->rounds = 0; if ($compromise) { &cmp ($s2,$compromise); &jb (&label("skip_dcopy")); } - # copy key schedule to stack - &mov ("ecx",244/4); + # do we copy key schedule to stack? + &mov ($s1 eq "ebx" ? $s1 : "",$s3); + &mov ($s2 eq "ecx" ? $s2 : "",244/4); + &sub ($s1,"ebp"); &mov ("esi",$s3); + &and ($s1,0xfff); &lea ("edi",$aes_key); - &mov ($_key,"edi"); + &cmp ($s1,2048+256); + &jb (&label("do_dcopy")); + &cmp ($s1,4096-244); + &jb (&label("skip_dcopy")); &align (4); - &data_word(0xF689A5F3); # rep movsd - &set_label("skip_dcopy") if ($compromise); + &set_label("do_dcopy"); + &mov ($_key,"edi"); + &data_word(0xA5F3F689); # rep movsd + &set_label("skip_dcopy"); &mov ($acc,$s0); - &mov ($key,24); + &mov ($key,18); &align (4); &set_label("prefetch_td"); &mov ($s0,&DWP(0,"ebp")); @@ -1054,7 +1057,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &lea ("ebp",&DWP(128,"ebp")); &dec ($key); &jnz (&label("prefetch_td")); - &sub ("ebp",3072); + &sub ("ebp",2048+256); &cmp ($acc,$_out); &je (&label("dec_in_place")); # in-place processing... @@ -1121,7 +1124,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); &mov ($acc eq "esi" ? $acc : "",$key); &mov ($key eq "edi" ? $key : "",$_out); # load out - &data_word(0xF689A4F3); # rep movsb # copy output + &data_word(0xA4F3F689); # rep movsb # copy output &mov ($key,$_inp); # use inp as temp ivp &jmp (&label("dec_end")); @@ -1188,22 +1191,20 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key &lea ($key,&DWP(0,$key,$s2)); &lea ($acc,&DWP(16,$acc,$s2)); &neg ($s2 eq "ecx" ? $s2 : ""); - &data_word(0xF689A4F3); # rep movsb # restore tail + &data_word(0xA4F3F689); # rep movsb # restore tail &align (4); &set_label("dec_out"); + &cmp ($mark,0); # was the key schedule copied? &mov ("edi",$_key); &mov ("esp",$_esp); - if ($compromise) { - &cmp (&wparam(2),$compromise); - &jb (&label("skip_dzero")); - } + &je (&label("skip_dzero")); # zero copy of key schedule &mov ("ecx",240/4); &xor ("eax","eax"); &align (4); - &data_word(0xF689ABF3); # rep stosd - &set_label("skip_dzero") if ($compromise); + &data_word(0xABF3F689); # rep stosd + &set_label("skip_dzero") &popf (); &function_end("AES_cbc_encrypt"); } diff --git a/crypto/openssl-0.9/crypto/asn1/a_object.c b/crypto/openssl-0.9/crypto/asn1/a_object.c index 3e6531481b..a36356e344 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_object.c +++ b/crypto/openssl-0.9/crypto/asn1/a_object.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -83,10 +84,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { - int i,first,len=0,c; - char tmp[24]; + int i,first,len=0,c, use_bn; + char ftmp[24], *tmp = ftmp; + int tmpsize = sizeof ftmp; const char *p; unsigned long l; + BIGNUM *bl = NULL; if (num == 0) return(0); @@ -98,7 +101,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) num--; if ((c >= '0') && (c <= '2')) { - first=(c-'0')*40; + first= c-'0'; } else { @@ -122,6 +125,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) goto err; } l=0; + use_bn = 0; for (;;) { if (num <= 0) break; @@ -134,7 +138,22 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - l=l*10L+(long)(c-'0'); + if (!use_bn && l > (ULONG_MAX / 10L)) + { + use_bn = 1; + if (!bl) + bl = BN_new(); + if (!bl || !BN_set_word(bl, l)) + goto err; + } + if (use_bn) + { + if (!BN_mul_word(bl, 10L) + || !BN_add_word(bl, c-'0')) + goto err; + } + else + l=l*10L+(long)(c-'0'); } if (len == 0) { @@ -143,14 +162,42 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); goto err; } - l+=(long)first; + if (use_bn) + { + if (!BN_add_word(bl, first * 40)) + goto err; + } + else + l+=(long)first*40; } i=0; - for (;;) + if (use_bn) { - tmp[i++]=(unsigned char)l&0x7f; - l>>=7L; - if (l == 0L) break; + int blsize; + blsize = BN_num_bits(bl); + blsize = (blsize + 6)/7; + if (blsize > tmpsize) + { + if (tmp != ftmp) + OPENSSL_free(tmp); + tmpsize = blsize + 32; + tmp = OPENSSL_malloc(tmpsize); + if (!tmp) + goto err; + } + while(blsize--) + tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); + } + else + { + + for (;;) + { + tmp[i++]=(unsigned char)l&0x7f; + l>>=7L; + if (l == 0L) break; + } + } if (out != NULL) { @@ -166,8 +213,16 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) else len+=i; } + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); return(len); err: + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); return(0); } @@ -178,14 +233,24 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) { - char buf[80]; + char buf[80], *p = buf; int i; if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > (int)sizeof(buf)) i=sizeof buf; - BIO_write(bp,buf,i); + if (i > (int)(sizeof(buf) - 1)) + { + p = OPENSSL_malloc(i + 1); + if (!p) + return -1; + i2t_ASN1_OBJECT(p,i + 1,a); + } + if (i <= 0) + return BIO_write(bp, "", 9); + BIO_write(bp,p,i); + if (p != buf) + OPENSSL_free(p); return(i); } diff --git a/crypto/openssl-0.9/crypto/asn1/a_strex.c b/crypto/openssl-0.9/crypto/asn1/a_strex.c index 45fe4bd150..fc743c2ad0 100644 --- a/crypto/openssl-0.9/crypto/asn1/a_strex.c +++ b/crypto/openssl-0.9/crypto/asn1/a_strex.c @@ -194,6 +194,8 @@ static int do_buf(unsigned char *buf, int buflen, if(i < 0) return -1; /* Invalid UTF8String */ p += i; break; + default: + return -1; /* invalid width */ } if (p == q) orflags = CHARTYPE_LAST_ESC_2253; if(type & BUF_TYPE_CONVUTF8) { @@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR } len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if(outlen < 0) return -1; + if(len < 0) return -1; outlen += len; if(quotes) outlen += 2; if(!arg) return outlen; if(quotes && !io_ch(arg, "\"", 1)) return -1; - do_buf(str->data, str->length, type, flags, NULL, io_ch, arg); + if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) + return -1; if(quotes && !io_ch(arg, "\"", 1)) return -1; return outlen; } diff --git a/crypto/openssl-0.9/crypto/asn1/asn1.h b/crypto/openssl-0.9/crypto/asn1/asn1.h index 2819678c2c..30f1eecd5b 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1.h +++ b/crypto/openssl-0.9/crypto/asn1/asn1.h @@ -149,6 +149,7 @@ extern "C" { #define B_ASN1_UTF8STRING 0x2000 #define B_ASN1_UTCTIME 0x4000 #define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ #define MBSTRING_FLAG 0x1000 @@ -594,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_UNIVERSALSTRING|\ B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ B_ASN1_UNKNOWN #define B_ASN1_DIRECTORYSTRING \ @@ -1045,7 +1047,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_I2D_FP 117 #define ASN1_F_ASN1_INTEGER_SET 118 #define ASN1_F_ASN1_INTEGER_TO_BN 119 -#define ASN1_F_ASN1_ITEM_D2I_FP 190 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 #define ASN1_F_ASN1_ITEM_DUP 191 #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 #define ASN1_F_ASN1_ITEM_EX_D2I 120 diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_err.c b/crypto/openssl-0.9/crypto/asn1/asn1_err.c index bef2519e65..c672d2ebe5 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_err.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_err.c @@ -123,7 +123,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, -{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, +{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_SET"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, @@ -168,10 +168,10 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, -{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, +{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_PBE_SET"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, -{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, -{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, +{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_ADD0_REVOKED"}, +{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_NEW"}, {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_gen.c b/crypto/openssl-0.9/crypto/asn1/asn1_gen.c index e6e04a1cd7..26c832781e 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_gen.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_gen.c @@ -658,6 +658,8 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); goto bad_form; } + vtmp.name = NULL; + vtmp.section = NULL; vtmp.value = (char *)str; if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { diff --git a/crypto/openssl-0.9/crypto/asn1/asn1_par.c b/crypto/openssl-0.9/crypto/asn1/asn1_par.c index 37aa6b415e..501b62a4b1 100644 --- a/crypto/openssl-0.9/crypto/asn1/asn1_par.c +++ b/crypto/openssl-0.9/crypto/asn1/asn1_par.c @@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); - else p = ASN1_tag2str(tag); + else if (tag > 30) + BIO_snprintf(str,sizeof str,"",tag); + else + p = ASN1_tag2str(tag); if (p2 != NULL) { diff --git a/crypto/openssl-0.9/crypto/asn1/t_pkey.c b/crypto/openssl-0.9/crypto/asn1/t_pkey.c index f8821614a0..afb95d6712 100644 --- a/crypto/openssl-0.9/crypto/asn1/t_pkey.c +++ b/crypto/openssl-0.9/crypto/asn1/t_pkey.c @@ -109,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) char str[128]; const char *s; unsigned char *m=NULL; - int ret=0; + int ret=0, mod_len = 0; size_t buf_len=0, i; if (x->n) @@ -143,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off) goto err; } + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + if (x->d != NULL) { if(!BIO_indent(bp,off,128)) goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) <= 0) goto err; } if (x->d == NULL) - BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); + BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); else BUF_strlcpy(str,"modulus:",sizeof str); if (!print(bp,str,x->n,m,off)) goto err; s=(x->d == NULL)?"Exponent:":"publicExponent:"; - if (!print(bp,s,x->e,m,off)) goto err; - if (!print(bp,"privateExponent:",x->d,m,off)) goto err; - if (!print(bp,"prime1:",x->p,m,off)) goto err; - if (!print(bp,"prime2:",x->q,m,off)) goto err; - if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err; - if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err; - if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; + if ((x->e != NULL) && !print(bp,s,x->e,m,off)) + goto err; + if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) + goto err; + if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) + goto err; + if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) + goto err; + if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) + goto err; ret=1; err: if (m != NULL) OPENSSL_free(m); @@ -740,7 +750,7 @@ int DSAparams_print(BIO *bp, const DSA *x) buf_len = (size_t)BN_num_bytes(x->p); else { - DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); goto err; } if (x->q) @@ -752,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x) m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { - DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); + DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); goto err; } @@ -760,8 +770,8 @@ int DSAparams_print(BIO *bp, const DSA *x) BN_num_bits(x->p)) <= 0) goto err; if (!print(bp,"p:",x->p,m,4)) goto err; - if (!print(bp,"q:",x->q,m,4)) goto err; - if (!print(bp,"g:",x->g,m,4)) goto err; + if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; + if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; ret=1; err: if (m != NULL) OPENSSL_free(m); diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_dec.c b/crypto/openssl-0.9/crypto/asn1/tasn_dec.c index 2b9c25611e..0294d8e766 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_dec.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_dec.c @@ -98,7 +98,7 @@ static unsigned long tag2bit[32] = { B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ -0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ +B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ @@ -158,7 +158,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; - const unsigned char *p, *q; + const unsigned char *p = NULL, *q; unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ unsigned char imphack = 0, oclass; char seq_eoc, seq_nolen, cst, isopt; @@ -283,6 +283,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, { wp = *(unsigned char **)in; imphack = *wp; + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); + goto err; + } *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype); } @@ -872,7 +878,10 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, * for UNIVERSAL class and ignore the tag. */ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) + { + free_cont = 1; goto err; + } len = buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) @@ -924,6 +933,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (!*pval) { typ = ASN1_TYPE_new(); + if (typ == NULL) + goto err; *pval = (ASN1_VALUE *)typ; } else @@ -1167,7 +1178,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, return 0; #endif } - else if (!collect_data(buf, &p, plen)) + else if (plen && !collect_data(buf, &p, plen)) return 0; len -= p - q; } diff --git a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c index 0f950db244..25c94aa1d9 100644 --- a/crypto/openssl-0.9/crypto/asn1/tasn_enc.c +++ b/crypto/openssl-0.9/crypto/asn1/tasn_enc.c @@ -618,11 +618,14 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, tbool = (ASN1_BOOLEAN *)pval; if (*tbool == -1) return -1; - /* Default handling if value == size field then omit */ - if (*tbool && (it->size > 0)) - return -1; - if (!*tbool && !it->size) - return -1; + if (it->utype != V_ASN1_ANY) + { + /* Default handling if value == size field then omit */ + if (*tbool && (it->size > 0)) + return -1; + if (!*tbool && !it->size) + return -1; + } c = (unsigned char)*tbool; cont = &c; len = 1; diff --git a/crypto/openssl-0.9/crypto/bio/bio.h b/crypto/openssl-0.9/crypto/bio/bio.h index 7f49ccbe9d..07333cf0b3 100644 --- a/crypto/openssl-0.9/crypto/bio/bio.h +++ b/crypto/openssl-0.9/crypto/bio/bio.h @@ -676,17 +676,20 @@ void BIO_copy_next_retry(BIO *b); /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -#ifndef __GNUC__ -#define __attribute__(x) +#ifdef __GNUC__ +# define __bio_h__attr__ __attribute__ +#else +# define __bio_h__attr__(x) #endif int BIO_printf(BIO *bio, const char *format, ...) - __attribute__((__format__(__printf__,2,3))); + __bio_h__attr__((__format__(__printf__,2,3))); int BIO_vprintf(BIO *bio, const char *format, va_list args) - __attribute__((__format__(__printf__,2,0))); + __bio_h__attr__((__format__(__printf__,2,0))); int BIO_snprintf(char *buf, size_t n, const char *format, ...) - __attribute__((__format__(__printf__,3,4))); + __bio_h__attr__((__format__(__printf__,3,4))); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - __attribute__((__format__(__printf__,3,0))); + __bio_h__attr__((__format__(__printf__,3,0))); +#undef __bio_h__attr__ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/openssl-0.9/crypto/bio/bss_conn.c b/crypto/openssl-0.9/crypto/bio/bss_conn.c index 0c41b1b5a9..c14727855b 100644 --- a/crypto/openssl-0.9/crypto/bio/bss_conn.c +++ b/crypto/openssl-0.9/crypto/bio/bss_conn.c @@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_DO_STATE_MACHINE: /* use this one to start the connection */ - if (!(data->state != BIO_CONN_S_OK)) + if (data->state != BIO_CONN_S_OK) ret=(long)conn_state(b,data); else ret=1; diff --git a/crypto/openssl-0.9/crypto/bio/bss_file.c b/crypto/openssl-0.9/crypto/bio/bss_file.c index ad4b301388..b277367da3 100644 --- a/crypto/openssl-0.9/crypto/bio/bss_file.c +++ b/crypto/openssl-0.9/crypto/bio/bss_file.c @@ -128,7 +128,10 @@ BIO *BIO_new_file(const char *filename, const char *mode) return(NULL); } if ((ret=BIO_new(BIO_s_file_internal())) == NULL) + { + fclose(file); return(NULL); + } BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ BIO_set_fp(ret,file,BIO_CLOSE); diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c index 7378344251..f13f52dd85 100644 --- a/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c @@ -1,3 +1,6 @@ +#ifdef __SUNPRO_C +# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ +#else /* * x86_64 BIGNUM accelerator version 0.1, December 2002. * @@ -591,3 +594,4 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) r[6]=c1; r[7]=c2; } +#endif diff --git a/crypto/openssl-0.9/crypto/bn/bn.h b/crypto/openssl-0.9/crypto/bn/bn.h index 03ebd506b5..95c5d643cb 100644 --- a/crypto/openssl-0.9/crypto/bn/bn.h +++ b/crypto/openssl-0.9/crypto/bn/bn.h @@ -412,9 +412,15 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); -/* BN_set_negative(): sets sign of a bignum */ +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ void BN_set_negative(BIGNUM *b, int n); -/* BN_get_negative(): returns 1 if the bignum is < 0 and 0 otherwise */ +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ #define BN_is_negative(a) ((a)->neg != 0) int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, diff --git a/crypto/openssl-0.9/crypto/bn/bn_gf2m.c b/crypto/openssl-0.9/crypto/bn/bn_gf2m.c index 2af6540ff3..6a793857e1 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_gf2m.c +++ b/crypto/openssl-0.9/crypto/bn/bn_gf2m.c @@ -1080,7 +1080,8 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) BN_zero(a); for (i = 0; p[i] != 0; i++) { - BN_set_bit(a, p[i]); + if (BN_set_bit(a, p[i]) == 0) + return 0; } BN_set_bit(a, 0); bn_check_top(a); diff --git a/crypto/openssl-0.9/crypto/bn/bn_mont.c b/crypto/openssl-0.9/crypto/bn/bn_mont.c index 82af91f90d..961ca67ea1 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_mont.c +++ b/crypto/openssl-0.9/crypto/bn/bn_mont.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* * Details about Montgomery multiplication algorithms can be found at @@ -353,18 +406,32 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { - if (*pmont) - return *pmont; - CRYPTO_w_lock(lock); + int got_write_lock = 0; + BN_MONT_CTX *ret; + + CRYPTO_r_lock(lock); if (!*pmont) { - *pmont = BN_MONT_CTX_new(); - if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx)) + CRYPTO_r_unlock(lock); + CRYPTO_w_lock(lock); + got_write_lock = 1; + + if (!*pmont) { - BN_MONT_CTX_free(*pmont); - *pmont = NULL; + ret = BN_MONT_CTX_new(); + if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) + BN_MONT_CTX_free(ret); + else + *pmont = ret; } } - CRYPTO_w_unlock(lock); - return *pmont; + + ret = *pmont; + + if (got_write_lock) + CRYPTO_w_unlock(lock); + else + CRYPTO_r_unlock(lock); + + return ret; } diff --git a/crypto/openssl-0.9/crypto/bn/bn_prime.c b/crypto/openssl-0.9/crypto/bn/bn_prime.c index d03403a600..d57f658211 100644 --- a/crypto/openssl-0.9/crypto/bn/bn_prime.c +++ b/crypto/openssl-0.9/crypto/bn/bn_prime.c @@ -258,7 +258,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, /* first look for small factors */ if (!BN_is_odd(a)) - return 0; + /* a is even => a is prime if and only if a == 2 */ + return BN_is_word(a, 2); if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) diff --git a/crypto/openssl-0.9/crypto/camellia/camellia.c b/crypto/openssl-0.9/crypto/camellia/camellia.c new file mode 100644 index 0000000000..63505464a8 --- /dev/null +++ b/crypto/openssl-0.9/crypto/camellia/camellia.c @@ -0,0 +1,1688 @@ +/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . + * ALL RIGHTS RESERVED. + * + * Intellectual Property information for Camellia: + * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + * + * News Release for Announcement of Camellia open source: + * http://www.ntt.co.jp/news/news06e/0604/060413a.html + * + * The Camellia Code included herein is developed by + * NTT (Nippon Telegraph and Telephone Corporation), and is contributed + * to the OpenSSL project. + * + * The Camellia Code is licensed pursuant to the OpenSSL open source + * license provided below. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* Algorithm Specification + http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html +*/ + + +#include +#include + +#include "camellia.h" +#include "cmll_locl.h" + +/* + * must be defined uint32_t + */ + +/* key constants */ + +#define CAMELLIA_SIGMA1L (0xA09E667FL) +#define CAMELLIA_SIGMA1R (0x3BCC908BL) +#define CAMELLIA_SIGMA2L (0xB67AE858L) +#define CAMELLIA_SIGMA2R (0x4CAA73B2L) +#define CAMELLIA_SIGMA3L (0xC6EF372FL) +#define CAMELLIA_SIGMA3R (0xE94F82BEL) +#define CAMELLIA_SIGMA4L (0x54FF53A5L) +#define CAMELLIA_SIGMA4R (0xF1D36F1CL) +#define CAMELLIA_SIGMA5L (0x10E527FAL) +#define CAMELLIA_SIGMA5R (0xDE682D1DL) +#define CAMELLIA_SIGMA6L (0xB05688C2L) +#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) + +/* + * macros + */ + +/* e is pointer of subkey */ +#ifdef L_ENDIAN + +#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2 + 1]) +#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2]) + +#else /* big endian */ + +#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) +#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) + +#endif /* IS_LITTLE_ENDIAN */ + +/* rotation right shift 1byte */ +#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) +/* rotation left shift 1bit */ +#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) +/* rotation left shift 1byte */ +#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) + +#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ +do \ + { \ + w0 = ll; \ + ll = (ll << bits) + (lr >> (32 - bits)); \ + lr = (lr << bits) + (rl >> (32 - bits)); \ + rl = (rl << bits) + (rr >> (32 - bits)); \ + rr = (rr << bits) + (w0 >> (32 - bits)); \ + } while(0) + +#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ +do \ + { \ + w0 = ll; \ + w1 = lr; \ + ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ + lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ + rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ + rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ + } while(0) + +#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) +#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) +#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) +#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) + +#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ +do \ + { \ + il = xl ^ kl; \ + ir = xr ^ kr; \ + t0 = il >> 16; \ + t1 = ir >> 16; \ + yl = CAMELLIA_SP1110(ir & 0xff) \ + ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ + ^ CAMELLIA_SP3033(t1 & 0xff) \ + ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ + yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ + ^ CAMELLIA_SP0222(t0 & 0xff) \ + ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(il & 0xff); \ + yl ^= yr; \ + yr = CAMELLIA_RR8(yr); \ + yr ^= yl; \ + } while(0) + + +/* + * for speed up + * + */ +#if !defined(_MSC_VER) + +#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ +do \ + { \ + t0 = kll; \ + t2 = krr; \ + t0 &= ll; \ + t2 |= rr; \ + rl ^= t2; \ + lr ^= CAMELLIA_RL1(t0); \ + t3 = krl; \ + t1 = klr; \ + t3 &= rl; \ + t1 |= lr; \ + ll ^= t1; \ + rr ^= CAMELLIA_RL1(t3); \ + } while(0) + +#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ +do \ + { \ + ir = CAMELLIA_SP1110(xr & 0xff); \ + il = CAMELLIA_SP1110((xl>>24) & 0xff); \ + ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ + il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ + ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ + il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ + ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ + il ^= CAMELLIA_SP4404(xl & 0xff); \ + il ^= kl; \ + ir ^= il ^ kr; \ + yl ^= ir; \ + yr ^= CAMELLIA_RR8(il) ^ ir; \ + } while(0) + +#else /* for MS-VC */ + +#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ +do \ + { \ + t0 = kll; \ + t0 &= ll; \ + lr ^= CAMELLIA_RL1(t0); \ + t1 = klr; \ + t1 |= lr; \ + ll ^= t1; \ + \ + t2 = krr; \ + t2 |= rr; \ + rl ^= t2; \ + t3 = krl; \ + t3 &= rl; \ + rr ^= CAMELLIA_RL1(t3); \ + } while(0) + +#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ +do \ + { \ + il = xl; \ + ir = xr; \ + t0 = il >> 16; \ + t1 = ir >> 16; \ + ir = CAMELLIA_SP1110(ir & 0xff) \ + ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ + ^ CAMELLIA_SP3033(t1 & 0xff) \ + ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ + il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ + ^ CAMELLIA_SP0222(t0 & 0xff) \ + ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(il & 0xff); \ + il ^= kl; \ + ir ^= kr; \ + ir ^= il; \ + il = CAMELLIA_RR8(il); \ + il ^= ir; \ + yl ^= ir; \ + yr ^= il; \ + } while(0) +#endif + +static const uint32_t camellia_sp1110[256] = + { + 0x70707000,0x82828200,0x2c2c2c00,0xececec00, + 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, + 0xe4e4e400,0x85858500,0x57575700,0x35353500, + 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, + 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, + 0x45454500,0x19191900,0xa5a5a500,0x21212100, + 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, + 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, + 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, + 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, + 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, + 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, + 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, + 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, + 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, + 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, + 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, + 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, + 0x74747400,0x12121200,0x2b2b2b00,0x20202000, + 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, + 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, + 0x34343400,0x7e7e7e00,0x76767600,0x05050500, + 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, + 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, + 0x14141400,0x58585800,0x3a3a3a00,0x61616100, + 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, + 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, + 0x53535300,0x18181800,0xf2f2f200,0x22222200, + 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, + 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, + 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, + 0x60606000,0xfcfcfc00,0x69696900,0x50505000, + 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, + 0xa1a1a100,0x89898900,0x62626200,0x97979700, + 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, + 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, + 0x10101000,0xc4c4c400,0x00000000,0x48484800, + 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, + 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, + 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, + 0x87878700,0x5c5c5c00,0x83838300,0x02020200, + 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, + 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, + 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, + 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, + 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, + 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, + 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, + 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, + 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, + 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, + 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, + 0x78787800,0x98989800,0x06060600,0x6a6a6a00, + 0xe7e7e700,0x46464600,0x71717100,0xbababa00, + 0xd4d4d400,0x25252500,0xababab00,0x42424200, + 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, + 0x72727200,0x07070700,0xb9b9b900,0x55555500, + 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, + 0x36363600,0x49494900,0x2a2a2a00,0x68686800, + 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, + 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, + 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, + 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, + 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, + }; + +static const uint32_t camellia_sp0222[256] = + { + 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, + 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, + 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, + 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, + 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, + 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, + 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, + 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, + 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, + 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, + 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, + 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, + 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, + 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, + 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, + 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, + 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, + 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, + 0x00e8e8e8,0x00242424,0x00565656,0x00404040, + 0x00e1e1e1,0x00636363,0x00090909,0x00333333, + 0x00bfbfbf,0x00989898,0x00979797,0x00858585, + 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, + 0x00dadada,0x006f6f6f,0x00535353,0x00626262, + 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, + 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, + 0x00bdbdbd,0x00363636,0x00222222,0x00383838, + 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, + 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, + 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, + 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, + 0x00484848,0x00101010,0x00d1d1d1,0x00515151, + 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, + 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, + 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, + 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, + 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, + 0x00202020,0x00898989,0x00000000,0x00909090, + 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, + 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, + 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, + 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, + 0x009b9b9b,0x00949494,0x00212121,0x00666666, + 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, + 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, + 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, + 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, + 0x00030303,0x002d2d2d,0x00dedede,0x00969696, + 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, + 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, + 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, + 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, + 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, + 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, + 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, + 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, + 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, + 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, + 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, + 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, + 0x00787878,0x00707070,0x00e3e3e3,0x00494949, + 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, + 0x00777777,0x00939393,0x00868686,0x00838383, + 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, + 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, + }; + +static const uint32_t camellia_sp3033[256] = + { + 0x38003838,0x41004141,0x16001616,0x76007676, + 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, + 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, + 0x75007575,0x06000606,0x57005757,0xa000a0a0, + 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, + 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, + 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, + 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, + 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, + 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, + 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, + 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, + 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, + 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, + 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, + 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, + 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, + 0xfd00fdfd,0x66006666,0x58005858,0x96009696, + 0x3a003a3a,0x09000909,0x95009595,0x10001010, + 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, + 0xef00efef,0x26002626,0xe500e5e5,0x61006161, + 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, + 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, + 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, + 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, + 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, + 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, + 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, + 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, + 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, + 0x12001212,0x04000404,0x74007474,0x54005454, + 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, + 0x55005555,0x68006868,0x50005050,0xbe00bebe, + 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, + 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, + 0x70007070,0xff00ffff,0x32003232,0x69006969, + 0x08000808,0x62006262,0x00000000,0x24002424, + 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, + 0x45004545,0x81008181,0x73007373,0x6d006d6d, + 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, + 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, + 0xe600e6e6,0x25002525,0x48004848,0x99009999, + 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, + 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, + 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, + 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, + 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, + 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, + 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, + 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, + 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, + 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, + 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, + 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, + 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, + 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, + 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, + 0x7c007c7c,0x77007777,0x56005656,0x05000505, + 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, + 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, + 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, + 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, + 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, + 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, + }; + +static const uint32_t camellia_sp4404[256] = + { + 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, + 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, + 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, + 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, + 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, + 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, + 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, + 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, + 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, + 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, + 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, + 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, + 0x14140014,0x3a3a003a,0xdede00de,0x11110011, + 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, + 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, + 0x24240024,0xe8e800e8,0x60600060,0x69690069, + 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, + 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, + 0x10100010,0x00000000,0xa3a300a3,0x75750075, + 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, + 0x87870087,0x83830083,0xcdcd00cd,0x90900090, + 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, + 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, + 0x81810081,0x6f6f006f,0x13130013,0x63630063, + 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, + 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, + 0x78780078,0x06060006,0xe7e700e7,0x71710071, + 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, + 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, + 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, + 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, + 0x15150015,0xadad00ad,0x77770077,0x80800080, + 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, + 0x85850085,0x35350035,0x0c0c000c,0x41410041, + 0xefef00ef,0x93930093,0x19190019,0x21210021, + 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, + 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, + 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, + 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, + 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, + 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, + 0x12120012,0x20200020,0xb1b100b1,0x99990099, + 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, + 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, + 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, + 0x0f0f000f,0x16160016,0x18180018,0x22220022, + 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, + 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, + 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, + 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, + 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, + 0x03030003,0xdada00da,0x3f3f003f,0x94940094, + 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, + 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, + 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, + 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, + 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, + 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, + 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, + 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, + 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, + 0x49490049,0x68680068,0x38380038,0xa4a400a4, + 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, + 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, + }; + + +/** + * Stuff related to the Camellia key schedule + */ +#define subl(x) subL[(x)] +#define subr(x) subR[(x)] + +void camellia_setup128(const unsigned char *key, uint32_t *subkey) + { + uint32_t kll, klr, krl, krr; + uint32_t il, ir, t0, t1, w0, w1; + uint32_t kw4l, kw4r, dw, tl, tr; + uint32_t subL[26]; + uint32_t subR[26]; + + /** + * k == kll || klr || krl || krr (|| is concatination) + */ + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + /** + * generate KL dependent subkeys + */ + /* kw1 */ + subl(0) = kll; subr(0) = klr; + /* kw2 */ + subl(1) = krl; subr(1) = krr; + /* rotation left shift 15bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k3 */ + subl(4) = kll; subr(4) = klr; + /* k4 */ + subl(5) = krl; subr(5) = krr; + /* rotation left shift 15+30bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + /* k7 */ + subl(10) = kll; subr(10) = klr; + /* k8 */ + subl(11) = krl; subr(11) = krr; + /* rotation left shift 15+30+15bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k10 */ + subl(13) = krl; subr(13) = krr; + /* rotation left shift 15+30+15+17 bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + /* kl3 */ + subl(16) = kll; subr(16) = klr; + /* kl4 */ + subl(17) = krl; subr(17) = krr; + /* rotation left shift 15+30+15+17+17 bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + /* k13 */ + subl(18) = kll; subr(18) = klr; + /* k14 */ + subl(19) = krl; subr(19) = krr; + /* rotation left shift 15+30+15+17+17+17 bit */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + /* k17 */ + subl(22) = kll; subr(22) = klr; + /* k18 */ + subl(23) = krl; subr(23) = krr; + + /* generate KA */ + kll = subl(0); klr = subr(0); + krl = subl(1); krr = subr(1); + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + /* current status == (kll, klr, w0, w1) */ + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KA dependent subkeys */ + /* k1, k2 */ + subl(2) = kll; subr(2) = klr; + subl(3) = krl; subr(3) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k5,k6 */ + subl(6) = kll; subr(6) = klr; + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* kl1, kl2 */ + subl(8) = kll; subr(8) = klr; + subl(9) = krl; subr(9) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k9 */ + subl(12) = kll; subr(12) = klr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k11, k12 */ + subl(14) = kll; subr(14) = klr; + subl(15) = krl; subr(15) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + /* k15, k16 */ + subl(20) = kll; subr(20) = klr; + subl(21) = krl; subr(21) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + /* kw3, kw4 */ + subl(24) = kll; subr(24) = klr; + subl(25) = krl; subr(25) = krr; + + + /* absorb kw2 to other subkeys */ +/* round 2 */ + subl(3) ^= subl(1); subr(3) ^= subr(1); +/* round 4 */ + subl(5) ^= subl(1); subr(5) ^= subr(1); +/* round 6 */ + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), + subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ +/* round 8 */ + subl(11) ^= subl(1); subr(11) ^= subr(1); +/* round 10 */ + subl(13) ^= subl(1); subr(13) ^= subr(1); +/* round 12 */ + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), + subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ +/* round 14 */ + subl(19) ^= subl(1); subr(19) ^= subr(1); +/* round 16 */ + subl(21) ^= subl(1); subr(21) ^= subr(1); +/* round 18 */ + subl(23) ^= subl(1); subr(23) ^= subr(1); +/* kw3 */ + subl(24) ^= subl(1); subr(24) ^= subr(1); + + /* absorb kw4 to other subkeys */ + kw4l = subl(25); kw4r = subr(25); +/* round 17 */ + subl(22) ^= kw4l; subr(22) ^= kw4r; +/* round 15 */ + subl(20) ^= kw4l; subr(20) ^= kw4r; +/* round 13 */ + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), + kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ +/* round 11 */ + subl(14) ^= kw4l; subr(14) ^= kw4r; +/* round 9 */ + subl(12) ^= kw4l; subr(12) ^= kw4r; +/* round 7 */ + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), + kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ +/* round 5 */ + subl(6) ^= kw4l; subr(6) ^= kw4r; +/* round 3 */ + subl(4) ^= kw4l; subr(4) ^= kw4r; +/* round 1 */ + subl(2) ^= kw4l; subr(2) ^= kw4r; +/* kw1 */ + subl(0) ^= kw4l; subr(0) ^= kw4r; + + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); /* round 1 */ + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), /* FL(kl1) */ + tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), /* FLinv(kl2) */ + tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), /* FL(kl3) */ + tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), /* FLinv(kl4) */ + tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + CamelliaSubkeyL(23) = subl(22); /* round 18 */ + CamelliaSubkeyR(23) = subr(22); + CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */ + CamelliaSubkeyR(24) = subr(24) ^ subr(23); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), + dw = CAMELLIA_RL8(dw);/* round 1 */ + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, + CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), + dw = CAMELLIA_RL8(dw);/* round 2 */ + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, + CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), + dw = CAMELLIA_RL8(dw);/* round 3 */ + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, + CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), + dw = CAMELLIA_RL8(dw);/* round 4 */ + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, + CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), + dw = CAMELLIA_RL8(dw);/* round 5 */ + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, + CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), + dw = CAMELLIA_RL8(dw);/* round 6 */ + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, + CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), + dw = CAMELLIA_RL8(dw);/* round 7 */ + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, + CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), + dw = CAMELLIA_RL8(dw);/* round 8 */ + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, + CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), + dw = CAMELLIA_RL8(dw);/* round 9 */ + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, + CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), + dw = CAMELLIA_RL8(dw);/* round 10 */ + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, + CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), + dw = CAMELLIA_RL8(dw);/* round 11 */ + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, + CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), + dw = CAMELLIA_RL8(dw);/* round 12 */ + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, + CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), + dw = CAMELLIA_RL8(dw);/* round 13 */ + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, + CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), + dw = CAMELLIA_RL8(dw);/* round 14 */ + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, + CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), + dw = CAMELLIA_RL8(dw);/* round 15 */ + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, + CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), + dw = CAMELLIA_RL8(dw);/* round 16 */ + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, + CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), + dw = CAMELLIA_RL8(dw);/* round 17 */ + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, + CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), + dw = CAMELLIA_RL8(dw);/* round 18 */ + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, + CamelliaSubkeyL(23) = dw; + + return; + } + +void camellia_setup256(const unsigned char *key, uint32_t *subkey) + { + uint32_t kll,klr,krl,krr; /* left half of key */ + uint32_t krll,krlr,krrl,krrr; /* right half of key */ + uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ + uint32_t kw4l, kw4r, dw, tl, tr; + uint32_t subL[34]; + uint32_t subR[34]; + + /** + * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) + * (|| is concatination) + */ + + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + krll = GETU32(key + 16); + krlr = GETU32(key + 20); + krrl = GETU32(key + 24); + krrr = GETU32(key + 28); + + /* generate KL dependent subkeys */ + /* kw1 */ + subl(0) = kll; subr(0) = klr; + /* kw2 */ + subl(1) = krl; subr(1) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); + /* k9 */ + subl(12) = kll; subr(12) = klr; + /* k10 */ + subl(13) = krl; subr(13) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* kl3 */ + subl(16) = kll; subr(16) = klr; + /* kl4 */ + subl(17) = krl; subr(17) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + /* k17 */ + subl(22) = kll; subr(22) = klr; + /* k18 */ + subl(23) = krl; subr(23) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + /* k23 */ + subl(30) = kll; subr(30) = klr; + /* k24 */ + subl(31) = krl; subr(31) = krr; + + /* generate KR dependent subkeys */ + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + /* k3 */ + subl(4) = krll; subr(4) = krlr; + /* k4 */ + subl(5) = krrl; subr(5) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + /* kl1 */ + subl(8) = krll; subr(8) = krlr; + /* kl2 */ + subl(9) = krrl; subr(9) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + /* k13 */ + subl(18) = krll; subr(18) = krlr; + /* k14 */ + subl(19) = krrl; subr(19) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + /* k19 */ + subl(26) = krll; subr(26) = krlr; + /* k20 */ + subl(27) = krrl; subr(27) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + + /* generate KA */ + kll = subl(0) ^ krll; klr = subr(0) ^ krlr; + krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + kll ^= krll; klr ^= krlr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KB */ + krll ^= kll; krlr ^= klr; + krrl ^= krl; krrr ^= krr; + CAMELLIA_F(krll, krlr, + CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, + w0, w1, il, ir, t0, t1); + krrl ^= w0; krrr ^= w1; + CAMELLIA_F(krrl, krrr, + CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, + w0, w1, il, ir, t0, t1); + krll ^= w0; krlr ^= w1; + + /* generate KA dependent subkeys */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + /* k5 */ + subl(6) = kll; subr(6) = klr; + /* k6 */ + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + /* k11 */ + subl(14) = kll; subr(14) = klr; + /* k12 */ + subl(15) = krl; subr(15) = krr; + /* rotation left shift 32bit */ + /* kl5 */ + subl(24) = klr; subr(24) = krl; + /* kl6 */ + subl(25) = krr; subr(25) = kll; + /* rotation left shift 49 from k11,k12 -> k21,k22 */ + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); + /* k21 */ + subl(28) = kll; subr(28) = klr; + /* k22 */ + subl(29) = krl; subr(29) = krr; + + /* generate KB dependent subkeys */ + /* k1 */ + subl(2) = krll; subr(2) = krlr; + /* k2 */ + subl(3) = krrl; subr(3) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + /* k7 */ + subl(10) = krll; subr(10) = krlr; + /* k8 */ + subl(11) = krrl; subr(11) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + /* k15 */ + subl(20) = krll; subr(20) = krlr; + /* k16 */ + subl(21) = krrl; subr(21) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); + /* kw3 */ + subl(32) = krll; subr(32) = krlr; + /* kw4 */ + subl(33) = krrl; subr(33) = krrr; + + /* absorb kw2 to other subkeys */ +/* round 2 */ + subl(3) ^= subl(1); subr(3) ^= subr(1); +/* round 4 */ + subl(5) ^= subl(1); subr(5) ^= subr(1); +/* round 6 */ + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), + subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ +/* round 8 */ + subl(11) ^= subl(1); subr(11) ^= subr(1); +/* round 10 */ + subl(13) ^= subl(1); subr(13) ^= subr(1); +/* round 12 */ + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), + subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ +/* round 14 */ + subl(19) ^= subl(1); subr(19) ^= subr(1); +/* round 16 */ + subl(21) ^= subl(1); subr(21) ^= subr(1); +/* round 18 */ + subl(23) ^= subl(1); subr(23) ^= subr(1); + subl(1) ^= subr(1) & ~subr(25); + dw = subl(1) & subl(25), + subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ +/* round 20 */ + subl(27) ^= subl(1); subr(27) ^= subr(1); +/* round 22 */ + subl(29) ^= subl(1); subr(29) ^= subr(1); +/* round 24 */ + subl(31) ^= subl(1); subr(31) ^= subr(1); +/* kw3 */ + subl(32) ^= subl(1); subr(32) ^= subr(1); + + + /* absorb kw4 to other subkeys */ + kw4l = subl(33); kw4r = subr(33); +/* round 23 */ + subl(30) ^= kw4l; subr(30) ^= kw4r; +/* round 21 */ + subl(28) ^= kw4l; subr(28) ^= kw4r; +/* round 19 */ + subl(26) ^= kw4l; subr(26) ^= kw4r; + kw4l ^= kw4r & ~subr(24); + dw = kw4l & subl(24), + kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ +/* round 17 */ + subl(22) ^= kw4l; subr(22) ^= kw4r; +/* round 15 */ + subl(20) ^= kw4l; subr(20) ^= kw4r; +/* round 13 */ + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), + kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ +/* round 11 */ + subl(14) ^= kw4l; subr(14) ^= kw4r; +/* round 9 */ + subl(12) ^= kw4l; subr(12) ^= kw4r; +/* round 7 */ + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), + kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ +/* round 5 */ + subl(6) ^= kw4l; subr(6) ^= kw4r; +/* round 3 */ + subl(4) ^= kw4l; subr(4) ^= kw4r; +/* round 1 */ + subl(2) ^= kw4l; subr(2) ^= kw4r; +/* kw1 */ + subl(0) ^= kw4l; subr(0) ^= kw4r; + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); /* round 1 */ + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), /* FL(kl1) */ + tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), /* FLinv(kl2) */ + tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), /* FL(kl3) */ + tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), /* FLinv(kl4) */ + tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + tl = subl(26) ^ (subr(26) + & ~subr(24)); + dw = tl & subl(24), /* FL(kl5) */ + tr = subr(26) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */ + CamelliaSubkeyR(23) = subr(22) ^ tr; + CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */ + CamelliaSubkeyR(24) = subr(24); + CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */ + CamelliaSubkeyR(25) = subr(25); + tl = subl(23) ^ (subr(23) & + ~subr(25)); + dw = tl & subl(25), /* FLinv(kl6) */ + tr = subr(23) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */ + CamelliaSubkeyR(26) = tr ^ subr(27); + CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */ + CamelliaSubkeyR(27) = subr(26) ^ subr(28); + CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */ + CamelliaSubkeyR(28) = subr(27) ^ subr(29); + CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */ + CamelliaSubkeyR(29) = subr(28) ^ subr(30); + CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */ + CamelliaSubkeyR(30) = subr(29) ^ subr(31); + CamelliaSubkeyL(31) = subl(30); /* round 24 */ + CamelliaSubkeyR(31) = subr(30); + CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */ + CamelliaSubkeyR(32) = subr(32) ^ subr(31); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), + dw = CAMELLIA_RL8(dw);/* round 1 */ + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, + CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), + dw = CAMELLIA_RL8(dw);/* round 2 */ + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, + CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), + dw = CAMELLIA_RL8(dw);/* round 3 */ + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, + CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), + dw = CAMELLIA_RL8(dw);/* round 4 */ + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, + CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), + dw = CAMELLIA_RL8(dw);/* round 5 */ + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, + CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), + dw = CAMELLIA_RL8(dw);/* round 6 */ + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, + CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), + dw = CAMELLIA_RL8(dw);/* round 7 */ + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, + CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), + dw = CAMELLIA_RL8(dw);/* round 8 */ + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, + CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), + dw = CAMELLIA_RL8(dw);/* round 9 */ + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, + CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), + dw = CAMELLIA_RL8(dw);/* round 10 */ + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, + CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), + dw = CAMELLIA_RL8(dw);/* round 11 */ + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, + CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), + dw = CAMELLIA_RL8(dw);/* round 12 */ + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, + CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), + dw = CAMELLIA_RL8(dw);/* round 13 */ + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, + CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), + dw = CAMELLIA_RL8(dw);/* round 14 */ + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, + CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), + dw = CAMELLIA_RL8(dw);/* round 15 */ + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, + CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), + dw = CAMELLIA_RL8(dw);/* round 16 */ + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, + CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), + dw = CAMELLIA_RL8(dw);/* round 17 */ + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, + CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), + dw = CAMELLIA_RL8(dw);/* round 18 */ + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, + CamelliaSubkeyL(23) = dw; + dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), + dw = CAMELLIA_RL8(dw);/* round 19 */ + CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, + CamelliaSubkeyL(26) = dw; + dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), + dw = CAMELLIA_RL8(dw);/* round 20 */ + CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, + CamelliaSubkeyL(27) = dw; + dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), + dw = CAMELLIA_RL8(dw);/* round 21 */ + CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, + CamelliaSubkeyL(28) = dw; + dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), + dw = CAMELLIA_RL8(dw);/* round 22 */ + CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, + CamelliaSubkeyL(29) = dw; + dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), + dw = CAMELLIA_RL8(dw);/* round 23 */ + CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, + CamelliaSubkeyL(30) = dw; + dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), + dw = CAMELLIA_RL8(dw);/* round 24 */ + CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, + CamelliaSubkeyL(31) = dw; + + + return; + } + +void camellia_setup192(const unsigned char *key, uint32_t *subkey) + { + unsigned char kk[32]; + uint32_t krll, krlr, krrl,krrr; + + memcpy(kk, key, 24); + memcpy((unsigned char *)&krll, key+16,4); + memcpy((unsigned char *)&krlr, key+20,4); + krrl = ~krll; + krrr = ~krlr; + memcpy(kk+24, (unsigned char *)&krrl, 4); + memcpy(kk+28, (unsigned char *)&krrr, 4); + camellia_setup256(kk, subkey); + return; + } + + +/** + * Stuff related to camellia encryption/decryption + */ +void camellia_encrypt128(const uint32_t *subkey, uint32_t *io) + { + uint32_t il, ir, t0, t1; + + SWAP4WORD(io); + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + /* main iteration */ + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(24); + io[3] ^= CamelliaSubkeyR(24); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + SWAP4WORD(io); + + return; + } + +void camellia_decrypt128(const uint32_t *subkey, uint32_t *io) + { + uint32_t il,ir,t0,t1; /* temporary valiables */ + + SWAP4WORD(io); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(24); + io[1] ^= CamelliaSubkeyR(24); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + SWAP4WORD(io); + + return; + } + +/** + * stuff for 192 and 256bit encryption/decryption + */ +void camellia_encrypt256(const uint32_t *subkey, uint32_t *io) + { + uint32_t il,ir,t0,t1; /* temporary valiables */ + + SWAP4WORD(io); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(32); + io[3] ^= CamelliaSubkeyR(32); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + SWAP4WORD(io); + + return; + } + +void camellia_decrypt256(const uint32_t *subkey, uint32_t *io) + { + uint32_t il,ir,t0,t1; /* temporary valiables */ + + SWAP4WORD(io); + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(32); + io[1] ^= CamelliaSubkeyR(32); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + SWAP4WORD(io); + + return; + } + diff --git a/crypto/openssl-0.9/crypto/aes/aes.h b/crypto/openssl-0.9/crypto/camellia/camellia.h similarity index 57% copy from crypto/openssl-0.9/crypto/aes/aes.h copy to crypto/openssl-0.9/crypto/camellia/camellia.h index 9ffcc9ff2a..3c8a359543 100644 --- a/crypto/openssl-0.9/crypto/aes/aes.h +++ b/crypto/openssl-0.9/crypto/camellia/camellia.h @@ -1,6 +1,6 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -49,79 +49,81 @@ * */ -#ifndef HEADER_AES_H -#define HEADER_AES_H +#ifndef HEADER_CAMELLIA_H +#define HEADER_CAMELLIA_H #include -#ifdef OPENSSL_NO_AES -#error AES is disabled. +#ifdef OPENSSL_NO_CAMELLIA +#error CAMELLIA is disabled. #endif -#define AES_ENCRYPT 1 -#define AES_DECRYPT 0 +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 /* Because array size can't be a const in C, the following two are macros. Both sizes are in bytes. */ -#define AES_MAXNR 14 -#define AES_BLOCK_SIZE 16 #ifdef __cplusplus extern "C" { #endif /* This should be a hidden type, but EVP requires that the size be known */ -struct aes_key_st { -#ifdef AES_LONG - unsigned long rd_key[4 *(AES_MAXNR + 1)]; -#else - unsigned int rd_key[4 *(AES_MAXNR + 1)]; -#endif - int rounds; -}; -typedef struct aes_key_st AES_KEY; - -const char *AES_options(void); - -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - -void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc); -void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + + /* to match with WORD */ +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; + +struct camellia_key_st + { + KEY_TABLE_TYPE rd_key; + int bitLength; + void (*enc)(const unsigned int *subkey, unsigned int *io); + void (*dec)(const unsigned int *subkey, unsigned int *io); + }; + +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, unsigned char *ivec, const int enc); -void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); -void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); -void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); -void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const AES_KEY *key, - unsigned char *ivec,const int enc); -void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, +void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, + const int nbits,const CAMELLIA_KEY *key, + unsigned char *ivec,const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num); -void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num); - #ifdef __cplusplus } #endif -#endif /* !HEADER_AES_H */ +#endif /* !HEADER_Camellia_H */ + diff --git a/crypto/openssl-0.9/crypto/camellia/cmll_cbc.c b/crypto/openssl-0.9/crypto/camellia/cmll_cbc.c new file mode 100644 index 0000000000..24080e14f5 --- /dev/null +++ b/crypto/openssl-0.9/crypto/camellia/cmll_cbc.c @@ -0,0 +1,234 @@ +/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef CAMELLIA_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include +#include +#include + +#include +#include "cmll_locl.h" + +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc) { + + unsigned long n; + unsigned long len = length; + unsigned char tmp[CAMELLIA_BLOCK_SIZE]; + const unsigned char *iv = ivec; + uint32_t t32[UNITSIZE]; + + + assert(in && out && key && ivec); + assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc)); + + if(((size_t)in) % ALIGN == 0 + && ((size_t)out) % ALIGN == 0 + && ((size_t)ivec) % ALIGN == 0) + { + if (CAMELLIA_ENCRYPT == enc) + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + XOR4WORD2((uint32_t *)out, + (uint32_t *)in, (uint32_t *)iv); + key->enc(key->rd_key, (uint32_t *)out); + iv = out; + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + for(n=0; n < len; ++n) + out[n] = in[n] ^ iv[n]; + for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] = iv[n]; + key->enc(key->rd_key, (uint32_t *)out); + iv = out; + } + memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); + } + else if (in != out) + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + memcpy(out,in,CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key,(uint32_t *)out); + XOR4WORD((uint32_t *)out, (uint32_t *)iv); + iv = in; + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key, (uint32_t *)tmp); + for(n=0; n < len; ++n) + out[n] = tmp[n] ^ iv[n]; + iv = in; + } + memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); + } + else /* in == out */ + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key, (uint32_t *)out); + XOR4WORD((uint32_t *)out, (uint32_t *)ivec); + memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE); + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key,(uint32_t *)out); + for(n=0; n < len; ++n) + out[n] ^= ivec[n]; + for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] = tmp[n]; + memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE); + } + } + } + else /* no aligned */ + { + if (CAMELLIA_ENCRYPT == enc) + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] = in[n] ^ iv[n]; + memcpy(t32, out, CAMELLIA_BLOCK_SIZE); + key->enc(key->rd_key, t32); + memcpy(out, t32, CAMELLIA_BLOCK_SIZE); + iv = out; + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + for(n=0; n < len; ++n) + out[n] = in[n] ^ iv[n]; + for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] = iv[n]; + key->enc(key->rd_key, (uint32_t *)out); + iv = out; + } + memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); + } + else if (in != out) + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + memcpy(t32,in,CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key,t32); + memcpy(out,t32,CAMELLIA_BLOCK_SIZE); + for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + iv = in; + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + memcpy(t32, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key, t32); + memcpy(out, t32, CAMELLIA_BLOCK_SIZE); + for(n=0; n < len; ++n) + out[n] = tmp[n] ^ iv[n]; + iv = in; + } + memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); + } + else + { + while (len >= CAMELLIA_BLOCK_SIZE) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + memcpy(t32, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key, t32); + memcpy(out, t32, CAMELLIA_BLOCK_SIZE); + for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] ^= ivec[n]; + memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE); + len -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (len) + { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + memcpy(t32, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key,t32); + memcpy(out, t32, CAMELLIA_BLOCK_SIZE); + for(n=0; n < len; ++n) + out[n] ^= ivec[n]; + for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) + out[n] = tmp[n]; + memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE); + } + } + } +} + diff --git a/crypto/openssl-0.9/LICENSE b/crypto/openssl-0.9/crypto/camellia/cmll_cfb.c similarity index 63% copy from crypto/openssl-0.9/LICENSE copy to crypto/openssl-0.9/crypto/camellia/cmll_cfb.c index e6afecc724..af0f9f49ad 100644 --- a/crypto/openssl-0.9/LICENSE +++ b/crypto/openssl-0.9/crypto/camellia/cmll_cfb.c @@ -1,18 +1,6 @@ - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - +/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,15 +47,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ - - Original SSLeay License - ----------------------- - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,3 +105,131 @@ * [including the GNU Public Licence.] */ +#ifndef CAMELLIA_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include +#include + +#include +#include "cmll_locl.h" +#include "e_os.h" + + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ + +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) + { + + unsigned int n; + unsigned long l = length; + unsigned char c; + + assert(in && out && key && ivec && num); + + n = *num; + + if (enc) + { + while (l--) + { + if (n == 0) + { + Camellia_encrypt(ivec, ivec, key); + } + ivec[n] = *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % CAMELLIA_BLOCK_SIZE; + } + } + else + { + while (l--) + { + if (n == 0) + { + Camellia_encrypt(ivec, ivec, key); + } + c = *(in); + *(out++) = *(in++) ^ ivec[n]; + ivec[n] = c; + n = (n+1) % CAMELLIA_BLOCK_SIZE; + } + } + + *num=n; + } + +/* This expects a single block of size nbits for both in and out. Note that + it corrupts any extra bits in the last byte of out */ +void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, + const int nbits,const CAMELLIA_KEY *key, + unsigned char *ivec,const int enc) + { + int n,rem,num; + unsigned char ovec[CAMELLIA_BLOCK_SIZE*2]; + + if (nbits<=0 || nbits>128) return; + + /* fill in the first half of the new IV with the current IV */ + memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE); + /* construct the new IV */ + Camellia_encrypt(ivec,ivec,key); + num = (nbits+7)/8; + if (enc) /* encrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]); + else /* decrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; + /* shift ovec left... */ + rem = nbits%8; + num = nbits/8; + if(rem==0) + memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE); + else + for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n) + ivec[n] = ovec[n+num]<>(8-rem); + + /* it is not necessary to cleanse ovec, since the IV is not secret */ + } + +/* N.B. This expects the input to be packed, MS bit first */ +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) + { + unsigned int n; + unsigned char c[1],d[1]; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + memset(out,0,(length+7)/8); + for(n=0 ; n < length ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc); + out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); + } + } + +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) + { + unsigned int n; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + for(n=0 ; n < length ; ++n) + Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); + } + diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c b/crypto/openssl-0.9/crypto/camellia/cmll_ctr.c similarity index 50% copy from crypto/openssl-0.9/crypto/rsa/rsa_depr.c copy to crypto/openssl-0.9/crypto/camellia/cmll_ctr.c index c5582b996d..cc21b70890 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c +++ b/crypto/openssl-0.9/crypto/camellia/cmll_ctr.c @@ -1,6 +1,6 @@ -/* crypto/rsa/rsa_depr.c */ +/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,54 +47,97 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ -/* NB: This file contains deprecated functions (compatibility wrappers to the - * "new" versions). */ +#ifndef CAMELLIA_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include + +#include +#include "cmll_locl.h" + +/* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code + * is endian-neutral. */ +/* increment counter (128-bit int) by 1 */ +static void Camellia_ctr128_inc(unsigned char *counter) + { + unsigned long c; -#include -#include -#include "cryptlib.h" -#include -#include + /* Grab bottom dword of counter and increment */ + c = GETU32(counter + 12); + c++; c &= 0xFFFFFFFF; + PUTU32(counter + 12, c); -#ifdef OPENSSL_NO_DEPRECATED + /* if no overflow, we're done */ + if (c) + return; -static void *dummy=&dummy; + /* Grab 1st dword of counter and increment */ + c = GETU32(counter + 8); + c++; c &= 0xFFFFFFFF; + PUTU32(counter + 8, c); -#else + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 2nd dword of counter and increment */ + c = GETU32(counter + 4); + c++; c &= 0xFFFFFFFF; + PUTU32(counter + 4, c); + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab top dword of counter and increment */ + c = GETU32(counter + 0); + c++; c &= 0xFFFFFFFF; + PUTU32(counter + 0, c); + } -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +/* The input encrypted as though 128bit counter mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to Camellia_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. + */ +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num) { - BN_GENCB cb; - int i; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - if(!rsa || !e) goto err; + unsigned int n; + unsigned long l=length; + + assert(in && out && key && counter && num); + assert(*num < CAMELLIA_BLOCK_SIZE); + + n = *num; - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; i<(int)sizeof(unsigned long)*8; i++) + while (l--) { - if (e_value & (1UL< -#include -#include "cryptlib.h" -#include -#include - -#ifdef OPENSSL_NO_DEPRECATED - -static void *dummy=&dummy; +#ifndef CAMELLIA_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include -#else +#include +#include "cmll_locl.h" -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc) { - BN_GENCB cb; - int i; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - if(!rsa || !e) goto err; + assert(in && out && key); + assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc)); - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; i<(int)sizeof(unsigned long)*8; i++) - { - if (e_value & (1UL< +#include +#include + +#if defined(_MSC_VER) +typedef unsigned char uint8_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#else +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#define ALIGN 4 +#define UNITSIZE 4 + +#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 ) +# define GETU32(p) SWAP(*((uint32_t *)(p))) +# define PUTU32(ct, st) { *((uint32_t *)(ct)) = SWAP((st)); } +# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) ) + + +#else /* not windows */ +# define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ + ^ ((uint32_t)(pt)[1] << 16) \ + ^ ((uint32_t)(pt)[2] << 8) \ + ^ ((uint32_t)(pt)[3])) + +# define PUTU32(ct, st) { (ct)[0] = (uint8_t)((st) >> 24); \ + (ct)[1] = (uint8_t)((st) >> 16); \ + (ct)[2] = (uint8_t)((st) >> 8); \ + (ct)[3] = (uint8_t)(st); } + +#ifdef L_ENDIAN +#if (defined (__GNUC__) && !defined(i386)) +#define CAMELLIA_SWAP4(x) \ + do{\ + asm("bswap %1" : "+r" (x));\ + }while(0) +#else /* not gcc */ +#define CAMELLIA_SWAP4(x) \ + do{\ + x = ((uint32_t)x << 16) + ((uint32_t)x >> 16);\ + x = (((uint32_t)x & 0xff00ff) << 8) + (((uint32_t)x >> 8) & 0xff00ff);\ + } while(0) +#endif /* not gcc */ +#else /* big endian */ +#define CAMELLIA_SWAP4(x) +#endif /* L_ENDIAN */ +#endif + +#define COPY4WORD(dst, src) \ + do \ + { \ + (dst)[0]=(src)[0]; \ + (dst)[1]=(src)[1]; \ + (dst)[2]=(src)[2]; \ + (dst)[3]=(src)[3]; \ + }while(0) + +#define SWAP4WORD(word) \ + do \ + { \ + CAMELLIA_SWAP4((word)[0]); \ + CAMELLIA_SWAP4((word)[1]); \ + CAMELLIA_SWAP4((word)[2]); \ + CAMELLIA_SWAP4((word)[3]); \ + }while(0) + +#define XOR4WORD(a, b)/* a = a ^ b */ \ + do \ + { \ + (a)[0]^=(b)[0]; \ + (a)[1]^=(b)[1]; \ + (a)[2]^=(b)[2]; \ + (a)[3]^=(b)[3]; \ + }while(0) + +#define XOR4WORD2(a, b, c)/* a = b ^ c */ \ + do \ + { \ + (a)[0]=(b)[0]^(c)[0]; \ + (a)[1]=(b)[1]^(c)[1]; \ + (a)[2]=(b)[2]^(c)[2]; \ + (a)[3]=(b)[3]^(c)[3]; \ + }while(0) + + +void camellia_setup128(const unsigned char *key, uint32_t *subkey); +void camellia_setup192(const unsigned char *key, uint32_t *subkey); +void camellia_setup256(const unsigned char *key, uint32_t *subkey); + +void camellia_encrypt128(const uint32_t *subkey, uint32_t *io); +void camellia_decrypt128(const uint32_t *subkey, uint32_t *io); +void camellia_encrypt256(const uint32_t *subkey, uint32_t *io); +void camellia_decrypt256(const uint32_t *subkey, uint32_t *io); + +#ifdef __cplusplus +} +#endif + +#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ + diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c b/crypto/openssl-0.9/crypto/camellia/cmll_misc.c similarity index 63% copy from crypto/openssl-0.9/crypto/rsa/rsa_depr.c copy to crypto/openssl-0.9/crypto/camellia/cmll_misc.c index c5582b996d..3c4ec36662 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c +++ b/crypto/openssl-0.9/crypto/camellia/cmll_misc.c @@ -1,6 +1,6 @@ -/* crypto/rsa/rsa_depr.c */ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,54 +47,64 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ + +#include +#include +#include "cmll_locl.h" -/* NB: This file contains deprecated functions (compatibility wrappers to the - * "new" versions). */ - -#include -#include -#include "cryptlib.h" -#include -#include - -#ifdef OPENSSL_NO_DEPRECATED - -static void *dummy=&dummy; - -#else +const char *CAMELLIA_version="CAMELLIA" OPENSSL_VERSION_PTEXT; -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key) { - BN_GENCB cb; - int i; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - - if(!rsa || !e) goto err; - - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; i<(int)sizeof(unsigned long)*8; i++) + if (!userKey || !key) + { + return -1; + } + + switch(bits) { - if (e_value & (1UL<rd_key); + key->enc = camellia_encrypt128; + key->dec = camellia_decrypt128; + break; + case 192: + camellia_setup192(userKey, (unsigned int *)key->rd_key); + key->enc = camellia_encrypt256; + key->dec = camellia_decrypt256; + break; + case 256: + camellia_setup256(userKey, (unsigned int *)key->rd_key); + key->enc = camellia_encrypt256; + key->dec = camellia_decrypt256; + break; + default: + return -2; } + + key->bitLength = bits; + return 0; + } - BN_GENCB_set_old(&cb, callback, cb_arg); +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) + { + uint32_t tmp[UNITSIZE]; - if(RSA_generate_key_ex(rsa, bits, e, &cb)) { - BN_free(e); - return rsa; + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + key->enc(key->rd_key, tmp); + memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); } -err: - if(e) BN_free(e); - if(rsa) RSA_free(rsa); - return 0; + +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) + { + uint32_t tmp[UNITSIZE]; + + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + key->dec(key->rd_key, tmp); + memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); } -#endif + diff --git a/crypto/openssl-0.9/LICENSE b/crypto/openssl-0.9/crypto/camellia/cmll_ofb.c similarity index 86% copy from crypto/openssl-0.9/LICENSE copy to crypto/openssl-0.9/crypto/camellia/cmll_ofb.c index e6afecc724..d89cf9f3b3 100644 --- a/crypto/openssl-0.9/LICENSE +++ b/crypto/openssl-0.9/crypto/camellia/cmll_ofb.c @@ -1,18 +1,6 @@ - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - +/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,15 +47,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ - - Original SSLeay License - ----------------------- - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,3 +105,37 @@ * [including the GNU Public Licence.] */ +#ifndef CAMELLIA_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include +#include +#include "cmll_locl.h" + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num) { + + unsigned int n; + unsigned long l=length; + + assert(in && out && key && ivec && num); + + n = *num; + + while (l--) { + if (n == 0) { + Camellia_encrypt(ivec, ivec, key); + } + *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % CAMELLIA_BLOCK_SIZE; + } + + *num=n; +} diff --git a/crypto/openssl-0.9/crypto/comp/c_zlib.c b/crypto/openssl-0.9/crypto/comp/c_zlib.c index 8263f7315d..941b807eb3 100644 --- a/crypto/openssl-0.9/crypto/comp/c_zlib.c +++ b/crypto/openssl-0.9/crypto/comp/c_zlib.c @@ -67,46 +67,25 @@ static COMP_METHOD zlib_stateful_method={ * When OpenSSL is built on Windows, we do not want to require that * the ZLIB.DLL be available in order for the OpenSSL DLLs to * work. Therefore, all ZLIB routines are loaded at run time - * and we do not link to a .LIB file. + * and we do not link to a .LIB file when ZLIB_SHARED is set. */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # include - -# define Z_CALLCONV _stdcall -# ifndef ZLIB_SHARED -# define ZLIB_SHARED -# endif -#else -# define Z_CALLCONV #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ #ifdef ZLIB_SHARED #include -/* Prototypes for built in stubs */ -#if 0 -static int stub_compress(Bytef *dest,uLongf *destLen, - const Bytef *source, uLong sourceLen); -#endif -static int stub_inflateEnd(z_streamp strm); -static int stub_inflate(z_streamp strm, int flush); -static int stub_inflateInit_(z_streamp strm, const char * version, - int stream_size); -static int stub_deflateEnd(z_streamp strm); -static int stub_deflate(z_streamp strm, int flush); -static int stub_deflateInit_(z_streamp strm, int level, - const char * version, int stream_size); - /* Function pointers */ -typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, +typedef int (*compress_ft)(Bytef *dest,uLongf *destLen, const Bytef *source, uLong sourceLen); -typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); -typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); -typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, +typedef int (*inflateEnd_ft)(z_streamp strm); +typedef int (*inflate_ft)(z_streamp strm, int flush); +typedef int (*inflateInit__ft)(z_streamp strm, const char * version, int stream_size); -typedef int (Z_CALLCONV *deflateEnd_ft)(z_streamp strm); -typedef int (Z_CALLCONV *deflate_ft)(z_streamp strm, int flush); -typedef int (Z_CALLCONV *deflateInit__ft)(z_streamp strm, int level, +typedef int (*deflateEnd_ft)(z_streamp strm); +typedef int (*deflate_ft)(z_streamp strm, int flush); +typedef int (*deflateInit__ft)(z_streamp strm, int level, const char * version, int stream_size); static compress_ft p_compress=NULL; static inflateEnd_ft p_inflateEnd=NULL; @@ -119,13 +98,13 @@ static deflateInit__ft p_deflateInit_=NULL; static int zlib_loaded = 0; /* only attempt to init func pts once */ static DSO *zlib_dso = NULL; -#define compress stub_compress -#define inflateEnd stub_inflateEnd -#define inflate stub_inflate -#define inflateInit_ stub_inflateInit_ -#define deflateEnd stub_deflateEnd -#define deflate stub_deflate -#define deflateInit_ stub_deflateInit_ +#define compress p_compress +#define inflateEnd p_inflateEnd +#define inflate p_inflate +#define inflateInit_ p_inflateInit_ +#define deflateEnd p_deflateEnd +#define deflate p_deflate +#define deflateInit_ p_deflateInit_ #endif /* ZLIB_SHARED */ struct zlib_state @@ -361,16 +340,6 @@ COMP_METHOD *COMP_zlib(void) { #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); - if (!zlib_dso) - { - zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); - if (zlib_dso) - { - /* Clear the errors from the first failed - DSO_load() */ - ERR_clear_error(); - } - } #else zlib_dso = DSO_load(NULL, "z", NULL, 0); #endif @@ -397,84 +366,22 @@ COMP_METHOD *COMP_zlib(void) p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); - zlib_loaded++; + + if (p_compress && p_inflateEnd && p_inflate + && p_inflateInit_ && p_deflateEnd + && p_deflate && p_deflateInit_) + zlib_loaded++; } } #endif +#ifdef ZLIB_SHARED + if (zlib_loaded) +#endif #if defined(ZLIB) || defined(ZLIB_SHARED) - meth = &zlib_stateful_method; + meth = &zlib_stateful_method; #endif return(meth); } -#ifdef ZLIB_SHARED -#if 0 -/* Stubs for each function to be dynamicly loaded */ -static int -stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) - { - if (p_compress) - return(p_compress(dest,destLen,source,sourceLen)); - else - return(Z_MEM_ERROR); - } -#endif - -static int -stub_inflateEnd(z_streamp strm) - { - if ( p_inflateEnd ) - return(p_inflateEnd(strm)); - else - return(Z_MEM_ERROR); - } - -static int -stub_inflate(z_streamp strm, int flush) - { - if ( p_inflate ) - return(p_inflate(strm,flush)); - else - return(Z_MEM_ERROR); - } - -static int -stub_inflateInit_(z_streamp strm, const char * version, int stream_size) - { - if ( p_inflateInit_ ) - return(p_inflateInit_(strm,version,stream_size)); - else - return(Z_MEM_ERROR); - } - -static int -stub_deflateEnd(z_streamp strm) - { - if ( p_deflateEnd ) - return(p_deflateEnd(strm)); - else - return(Z_MEM_ERROR); - } - -static int -stub_deflate(z_streamp strm, int flush) - { - if ( p_deflate ) - return(p_deflate(strm,flush)); - else - return(Z_MEM_ERROR); - } - -static int -stub_deflateInit_(z_streamp strm, int level, - const char * version, int stream_size) - { - if ( p_deflateInit_ ) - return(p_deflateInit_(strm,level,version,stream_size)); - else - return(Z_MEM_ERROR); - } - -#endif /* ZLIB_SHARED */ diff --git a/crypto/openssl-0.9/crypto/dh/dh.h b/crypto/openssl-0.9/crypto/dh/dh.h index 7871882e35..4d0c565316 100644 --- a/crypto/openssl-0.9/crypto/dh/dh.h +++ b/crypto/openssl-0.9/crypto/dh/dh.h @@ -220,8 +220,8 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 -#define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus } diff --git a/crypto/openssl-0.9/crypto/dh/dh_err.c b/crypto/openssl-0.9/crypto/dh/dh_err.c index ea67fb71a0..b14a94f36a 100644 --- a/crypto/openssl-0.9/crypto/dh/dh_err.c +++ b/crypto/openssl-0.9/crypto/dh/dh_err.c @@ -83,8 +83,8 @@ static ERR_STRING_DATA DH_str_functs[]= static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, -{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {0,NULL} }; diff --git a/crypto/openssl-0.9/crypto/dh/dh_key.c b/crypto/openssl-0.9/crypto/dh/dh_key.c index cc17c8851b..79984e13bc 100644 --- a/crypto/openssl-0.9/crypto/dh/dh_key.c +++ b/crypto/openssl-0.9/crypto/dh/dh_key.c @@ -217,8 +217,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ret=BN_bn2bin(tmp,key); err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return(ret); } diff --git a/crypto/openssl-0.9/crypto/dso/dso.h b/crypto/openssl-0.9/crypto/dso/dso.h index 3de99f5d00..3e51913a72 100644 --- a/crypto/openssl-0.9/crypto/dso/dso.h +++ b/crypto/openssl-0.9/crypto/dso/dso.h @@ -125,7 +125,7 @@ typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); * file specifications and added together in whatever fashion that is * sensible for the DSO method in question. The only rule that really * applies is that if the two specification contain pieces of the same - * type, the copy from the string string takes priority. One could see + * type, the copy from the first string takes priority. One could see * it as the first specification is the one given by the user and the * second being a bunch of defaults to add on if they're missing in the * first. */ diff --git a/crypto/openssl-0.9/crypto/ec/ec.h b/crypto/openssl-0.9/crypto/ec/ec.h index a19a075b0d..919c736388 100644 --- a/crypto/openssl-0.9/crypto/ec/ec.h +++ b/crypto/openssl-0.9/crypto/ec/ec.h @@ -385,6 +385,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 #define EC_F_EC_ASN1_PARAMETERS2GROUP 157 #define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 #define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 #define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 #define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 @@ -428,7 +429,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 -#define EC_F_EC_GROUP_GROUP2NID 147 #define EC_F_EC_GROUP_NEW 108 #define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 #define EC_F_EC_GROUP_NEW_FROM_DATA 175 diff --git a/crypto/openssl-0.9/crypto/ec/ec2_smpl.c b/crypto/openssl-0.9/crypto/ec/ec2_smpl.c index a9f7c9d378..5cd1eac41f 100644 --- a/crypto/openssl-0.9/crypto/ec/ec2_smpl.c +++ b/crypto/openssl-0.9/crypto/ec/ec2_smpl.c @@ -281,7 +281,8 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); return ret; diff --git a/crypto/openssl-0.9/crypto/ec/ec_asn1.c b/crypto/openssl-0.9/crypto/ec/ec_asn1.c index 5693201a26..dec913b8ad 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_asn1.c +++ b/crypto/openssl-0.9/crypto/ec/ec_asn1.c @@ -837,11 +837,6 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) /* create the EC_GROUP structure */ ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); - if (ret == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); - goto err; - } } else if (tmp == NID_X9_62_prime_field) { @@ -860,11 +855,17 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) } /* create the EC_GROUP structure */ ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); - if (ret == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); - goto err; - } + } + else + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); + goto err; + } + + if (ret == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; } /* extract seed (optional) */ diff --git a/crypto/openssl-0.9/crypto/ec/ec_check.c b/crypto/openssl-0.9/crypto/ec/ec_check.c index f22c5641a8..0e316b4b3f 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_check.c +++ b/crypto/openssl-0.9/crypto/ec/ec_check.c @@ -113,7 +113,8 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); if (point) diff --git a/crypto/openssl-0.9/crypto/ec/ec_curve.c b/crypto/openssl-0.9/crypto/ec/ec_curve.c index 923cb71e03..beac20969b 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_curve.c +++ b/crypto/openssl-0.9/crypto/ec/ec_curve.c @@ -1100,7 +1100,8 @@ static const ec_list_element curve_list[] = { { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, - /* the WAP/WTLS curves */ + /* the WAP/WTLS curves + * [unlike SECG, spec has its own OIDs for curves from X9.62] */ { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, diff --git a/crypto/openssl-0.9/crypto/ec/ec_err.c b/crypto/openssl-0.9/crypto/ec/ec_err.c index 73c0055f01..38302b9b54 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_err.c +++ b/crypto/openssl-0.9/crypto/ec/ec_err.c @@ -88,6 +88,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, +{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"}, @@ -131,14 +132,13 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, -{ERR_FUNC(EC_F_EC_GROUP_GROUP2NID), "EC_GROUP_GROUP2NID"}, {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, -{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"}, +{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, diff --git a/crypto/openssl-0.9/crypto/ec/ec_lib.c b/crypto/openssl-0.9/crypto/ec/ec_lib.c index 3c6967ae15..5af84376c6 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_lib.c +++ b/crypto/openssl-0.9/crypto/ec/ec_lib.c @@ -147,7 +147,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) if (group->meth->group_clear_finish != 0) group->meth->group_clear_finish(group); - else if (group->meth != NULL && group->meth->group_finish != 0) + else if (group->meth->group_finish != 0) group->meth->group_finish(group); EC_EX_DATA_clear_free_all_data(&group->extra_data); @@ -558,7 +558,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, { if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); return 0; } } diff --git a/crypto/openssl-0.9/crypto/ec/ec_mult.c b/crypto/openssl-0.9/crypto/ec/ec_mult.c index 7320e31c5c..a045139a00 100644 --- a/crypto/openssl-0.9/crypto/ec/ec_mult.c +++ b/crypto/openssl-0.9/crypto/ec/ec_mult.c @@ -879,7 +879,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); if (pre_comp) diff --git a/crypto/openssl-0.9/crypto/ec/ecp_smpl.c b/crypto/openssl-0.9/crypto/ec/ecp_smpl.c index 75296a3673..4d26f8bdf6 100644 --- a/crypto/openssl-0.9/crypto/ec/ecp_smpl.c +++ b/crypto/openssl-0.9/crypto/ec/ecp_smpl.c @@ -336,7 +336,8 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); return ret; diff --git a/crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c b/crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c index ab96a6dc9c..1fb9bc9600 100644 --- a/crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c +++ b/crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c @@ -206,10 +206,14 @@ int ECDSA_size(const EC_KEY *r) ASN1_INTEGER bs; BIGNUM *order=NULL; unsigned char buf[4]; - const EC_GROUP *group = EC_KEY_get0_group(r); + const EC_GROUP *group; - if (r == NULL || group == NULL) + if (r == NULL) + return 0; + group = EC_KEY_get0_group(r); + if (group == NULL) return 0; + if ((order = BN_new()) == NULL) return 0; if (!EC_GROUP_get_order(group,order,NULL)) { diff --git a/crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c b/crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c index 5143923050..74b1fe8caf 100644 --- a/crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c +++ b/crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c @@ -69,7 +69,7 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, ECDSA_DATA *ecdsa = ecdsa_check(eckey); if (ecdsa == NULL) return NULL; - return ecdsa->meth->ecdsa_do_sign(dgst, dlen, NULL, NULL, eckey); + return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); } int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char diff --git a/crypto/openssl-0.9/crypto/engine/eng_padlock.c b/crypto/openssl-0.9/crypto/engine/eng_padlock.c index 4e1eae3172..8d92af6f8b 100644 --- a/crypto/openssl-0.9/crypto/engine/eng_padlock.c +++ b/crypto/openssl-0.9/crypto/engine/eng_padlock.c @@ -257,10 +257,12 @@ struct padlock_cipher_data union { unsigned int pad[4]; struct { int rounds:4; - int algo:3; - int keygen:1; + int dgst:1; /* n/a in C3 */ + int align:1; /* n/a in C3 */ + int ciphr:1; /* n/a in C3 */ + unsigned int keygen:1; int interm:1; - int encdec:1; + unsigned int encdec:1; int ksize:2; } b; } cword; /* Control word */ @@ -650,17 +652,13 @@ static int padlock_cipher_nids[] = { NID_aes_192_ecb, NID_aes_192_cbc, -#if 0 - NID_aes_192_cfb, /* FIXME: AES192/256 CFB/OFB don't work. */ + NID_aes_192_cfb, NID_aes_192_ofb, -#endif NID_aes_256_ecb, NID_aes_256_cbc, -#if 0 NID_aes_256_cfb, NID_aes_256_ofb, -#endif }; static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ sizeof(padlock_cipher_nids[0])); @@ -676,12 +674,17 @@ static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ NEAREST_ALIGNED(ctx->cipher_data)) +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 + /* Declaring so many ciphers by hand would be a pain. Instead introduce a bit of preprocessor magic :-) */ #define DECLARE_AES_EVP(ksize,lmode,umode) \ static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ NID_aes_##ksize##_##lmode, \ - AES_BLOCK_SIZE, \ + EVP_CIPHER_block_size_##umode, \ AES_KEY_SIZE_##ksize, \ AES_BLOCK_SIZE, \ 0 | EVP_CIPH_##umode##_MODE, \ @@ -783,7 +786,10 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, memset(cdata, 0, sizeof(struct padlock_cipher_data)); /* Prepare Control word. */ - cdata->cword.b.encdec = (ctx->encrypt == 0); + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + cdata->cword.b.encdec = 0; + else + cdata->cword.b.encdec = (ctx->encrypt == 0); cdata->cword.b.rounds = 10 + (key_len - 128) / 32; cdata->cword.b.ksize = (key_len - 128) / 64; @@ -803,7 +809,9 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, and is listed as hardware errata. They most likely will fix it at some point and then a check for stepping would be due here. */ - if (enc) + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || + enc) AES_set_encrypt_key(key, key_len, &cdata->ks); else AES_set_decrypt_key(key, key_len, &cdata->ks); @@ -878,7 +886,7 @@ padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, } #ifndef PADLOCK_CHUNK -# define PADLOCK_CHUNK 4096 /* Must be a power of 2 larger than 16 */ +# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ #endif #if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) # error "insane PADLOCK_CHUNK..." @@ -897,15 +905,63 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, int inp_misaligned, out_misaligned, realign_in_loop; size_t chunk, allocated=0; + /* ctx->num is maintained in byte-oriented modes, + such as CFB and OFB... */ + if ((chunk = ctx->num)) { /* borrow chunk variable */ + unsigned char *ivp=ctx->iv; + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_CFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + if (ctx->encrypt) + while (chunknum = chunk%AES_BLOCK_SIZE; + break; + case EVP_CIPH_OFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + while (chunknum = chunk%AES_BLOCK_SIZE; + break; + } + } + if (nbytes == 0) return 1; +#if 0 if (nbytes % AES_BLOCK_SIZE) return 0; /* are we expected to do tail processing? */ +#else + /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC + modes and arbitrary value in byte-oriented modes, such as + CFB and OFB... */ +#endif /* VIA promises CPUs that won't require alignment in the future. For now padlock_aes_align_required is initialized to 1 and the condition is never met... */ - if (!padlock_aes_align_required) + /* C7 core is capable to manage unaligned input in non-ECB[!] + mode, but performance penalties appear to be approximately + same as for software alignment below or ~3x. They promise to + improve it in the future, but for now we can just as well + pretend that it can only handle aligned input... */ + if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0) return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); inp_misaligned = (((size_t)in_arg) & 0x0F); @@ -917,7 +973,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, * in order to improve L1 cache utilization... */ realign_in_loop = out_misaligned|inp_misaligned; - if (!realign_in_loop) + if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0) return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); /* this takes one "if" out of the loops */ @@ -984,8 +1040,10 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, break; case EVP_CIPH_CFB_MODE: - memcpy (cdata->iv, ctx->iv, AES_BLOCK_SIZE); - goto cfb_shortcut; + memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) goto cfb_shortcut; + else goto cfb_skiploop; do { if (iv != cdata->iv) memcpy(cdata->iv, iv, AES_BLOCK_SIZE); @@ -1004,13 +1062,47 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, else out = out_arg+=chunk; - } while (nbytes -= chunk); + nbytes -= chunk; + } while (nbytes >= AES_BLOCK_SIZE); + + cfb_skiploop: + if (nbytes) { + unsigned char *ivp = cdata->iv; + + if (iv != ivp) { + memcpy(ivp, iv, AES_BLOCK_SIZE); + iv = ivp; + } + ctx->num = nbytes; + if (cdata->cword.b.encdec) { + cdata->cword.b.encdec=0; + padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + cdata->cword.b.encdec=1; + padlock_reload_key(); + while(nbytes) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ *ivp; + *(ivp++) = c, nbytes--; + } + } + else { padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); + while (nbytes) { + *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + } + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); break; case EVP_CIPH_OFB_MODE: memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); - do { + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) do { if (inp_misaligned) inp = padlock_memcpy(out, in_arg, chunk); else @@ -1026,7 +1118,21 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, nbytes -= chunk; chunk = PADLOCK_CHUNK; - } while (nbytes); + } while (nbytes >= AES_BLOCK_SIZE); + + if (nbytes) { + unsigned char *ivp = cdata->iv; + + ctx->num = nbytes; + padlock_reload_key(); /* empirically found */ + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); /* empirically found */ + while (nbytes) { + *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); break; diff --git a/crypto/openssl-0.9/crypto/engine/engine.h b/crypto/openssl-0.9/crypto/engine/engine.h index c94fb28659..3ec59338ff 100644 --- a/crypto/openssl-0.9/crypto/engine/engine.h +++ b/crypto/openssl-0.9/crypto/engine/engine.h @@ -637,7 +637,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ - unsigned long v_check(unsigned long v) { \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -659,6 +659,7 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ diff --git a/crypto/openssl-0.9/crypto/err/err.c b/crypto/openssl-0.9/crypto/err/err.c index e084714383..96bd255e50 100644 --- a/crypto/openssl-0.9/crypto/err/err.c +++ b/crypto/openssl-0.9/crypto/err/err.c @@ -548,9 +548,20 @@ static void build_SYS_str_reasons(void) int i; static int init = 1; - if (!init) return; - + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + return; + } + + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return; + } for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { @@ -1108,7 +1119,7 @@ int ERR_pop_to_mark(void) { err_clear(es,es->top); es->top-=1; - if (es->top == -1) es->top=ERR_NUM_ERRORS; + if (es->top == -1) es->top=ERR_NUM_ERRORS-1; } if (es->bottom == es->top) return 0; diff --git a/crypto/openssl-0.9/crypto/evp/c_allc.c b/crypto/openssl-0.9/crypto/evp/c_allc.c index fc96812365..9ba4d0c6e0 100644 --- a/crypto/openssl-0.9/crypto/evp/c_allc.c +++ b/crypto/openssl-0.9/crypto/evp/c_allc.c @@ -183,6 +183,34 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif + +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_ecb()); + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_128_cfb()); + EVP_add_cipher(EVP_camellia_128_cfb1()); + EVP_add_cipher(EVP_camellia_128_cfb8()); + EVP_add_cipher(EVP_camellia_128_ofb()); + EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); + EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); + EVP_add_cipher(EVP_camellia_192_ecb()); + EVP_add_cipher(EVP_camellia_192_cbc()); + EVP_add_cipher(EVP_camellia_192_cfb()); + EVP_add_cipher(EVP_camellia_192_cfb1()); + EVP_add_cipher(EVP_camellia_192_cfb8()); + EVP_add_cipher(EVP_camellia_192_ofb()); + EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); + EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); + EVP_add_cipher(EVP_camellia_256_ecb()); + EVP_add_cipher(EVP_camellia_256_cbc()); + EVP_add_cipher(EVP_camellia_256_cfb()); + EVP_add_cipher(EVP_camellia_256_cfb1()); + EVP_add_cipher(EVP_camellia_256_cfb8()); + EVP_add_cipher(EVP_camellia_256_ofb()); + EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); +#endif + PKCS12_PBE_add(); PKCS5_PBE_add(); } diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c b/crypto/openssl-0.9/crypto/evp/e_camellia.c similarity index 58% copy from crypto/openssl-0.9/crypto/rsa/rsa_depr.c copy to crypto/openssl-0.9/crypto/evp/e_camellia.c index c5582b996d..a7b40d1c60 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c +++ b/crypto/openssl-0.9/crypto/evp/e_camellia.c @@ -1,6 +1,6 @@ -/* crypto/rsa/rsa_depr.c */ +/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -53,48 +53,79 @@ * */ -/* NB: This file contains deprecated functions (compatibility wrappers to the - * "new" versions). */ +#include +#ifndef OPENSSL_NO_CAMELLIA +#include +#include +#include +#include +#include +#include "evp_locl.h" -#include -#include -#include "cryptlib.h" -#include -#include +static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); -#ifdef OPENSSL_NO_DEPRECATED +/* Camellia subkey Structure */ +typedef struct + { + CAMELLIA_KEY ks; + } EVP_CAMELLIA_KEY; + +/* Attribute operation for Camellia */ +#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) + +IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_128, 16, 16, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_192, 16, 24, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_256, 16, 32, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) + +IMPLEMENT_CAMELLIA_CFBR(128,1) +IMPLEMENT_CAMELLIA_CFBR(192,1) +IMPLEMENT_CAMELLIA_CFBR(256,1) + +IMPLEMENT_CAMELLIA_CFBR(128,8) +IMPLEMENT_CAMELLIA_CFBR(192,8) +IMPLEMENT_CAMELLIA_CFBR(256,8) -static void *dummy=&dummy; -#else -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +/* The subkey for Camellia is generated. */ +static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { - BN_GENCB cb; - int i; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); + int ret; - if(!rsa || !e) goto err; + ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; i<(int)sizeof(unsigned long)*8; i++) + if(ret < 0) { - if (e_value & (1UL<cipher=NULL; */ } +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { + EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + if (ctx) + EVP_CIPHER_CTX_init(ctx); + return ctx; + } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) @@ -472,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(1); } +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) + { + if (ctx) + { + EVP_CIPHER_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + } + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if (c->cipher != NULL) diff --git a/crypto/openssl-0.9/crypto/evp/evp_err.c b/crypto/openssl-0.9/crypto/evp/evp_err.c index e854aadfa2..cb6d9fac2e 100644 --- a/crypto/openssl-0.9/crypto/evp/evp_err.c +++ b/crypto/openssl-0.9/crypto/evp/evp_err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, @@ -117,6 +118,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, diff --git a/crypto/openssl-0.9/crypto/evp/evp_key.c b/crypto/openssl-0.9/crypto/evp/evp_key.c index 0a27f496c9..361ea69ab6 100644 --- a/crypto/openssl-0.9/crypto/evp/evp_key.c +++ b/crypto/openssl-0.9/crypto/evp/evp_key.c @@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit_ex(&c,md, NULL); + if (!EVP_DigestInit_ex(&c,md, NULL)) + return 0; if (addmd++) EVP_DigestUpdate(&c,&(md_buf[0]),mds); EVP_DigestUpdate(&c,data,datal); diff --git a/crypto/openssl-0.9/crypto/evp/p5_crpt2.c b/crypto/openssl-0.9/crypto/evp/p5_crpt2.c index f11cb701a4..c969d5a206 100644 --- a/crypto/openssl-0.9/crypto/evp/p5_crpt2.c +++ b/crypto/openssl-0.9/crypto/evp/p5_crpt2.c @@ -201,11 +201,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now decode key derivation function */ + if(!pbe2->keyfunc->parameter || + (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) + { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + goto err; + } + pbuf = pbe2->keyfunc->parameter->value.sequence->data; plen = pbe2->keyfunc->parameter->value.sequence->length; - if(!pbe2->keyfunc->parameter || - (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) || - !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { + if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); goto err; } diff --git a/crypto/openssl-0.9/crypto/idea/i_skey.c b/crypto/openssl-0.9/crypto/idea/i_skey.c index 1c95bc9c7b..3b1bbd8a45 100644 --- a/crypto/openssl-0.9/crypto/idea/i_skey.c +++ b/crypto/openssl-0.9/crypto/idea/i_skey.c @@ -94,10 +94,11 @@ void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) } } -void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) +void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) { int r; - register IDEA_INT *fp,*tp,t; + register IDEA_INT *tp,t; + const IDEA_INT *fp; tp= &(dk->data[0][0]); fp= &(ek->data[8][0]); diff --git a/crypto/openssl-0.9/crypto/idea/idea.h b/crypto/openssl-0.9/crypto/idea/idea.h index 5782e54b0f..bf97a37e39 100644 --- a/crypto/openssl-0.9/crypto/idea/idea.h +++ b/crypto/openssl-0.9/crypto/idea/idea.h @@ -84,7 +84,7 @@ const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/openssl-0.9/crypto/objects/obj_dat.c b/crypto/openssl-0.9/crypto/objects/obj_dat.c index e56f3dea09..7a95c7795a 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_dat.c +++ b/crypto/openssl-0.9/crypto/objects/obj_dat.c @@ -58,6 +58,7 @@ #include #include +#include #include "cryptlib.h" #include #include @@ -413,8 +414,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) /* Work out size of content octets */ i=a2d_ASN1_OBJECT(NULL,0,s,-1); if (i <= 0) { - /* Clear the error */ - ERR_clear_error(); + /* Don't clear the error */ + /*ERR_clear_error();*/ return NULL; } /* Work out total size */ @@ -436,66 +437,161 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) { - int i,idx=0,n=0,len,nid; + int i,n=0,len,nid, first, use_bn; + BIGNUM *bl; unsigned long l; unsigned char *p; - const char *s; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if (buf_len <= 0) return(0); - if ((a == NULL) || (a->data == NULL)) { buf[0]='\0'; return(0); } - if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { - len=a->length; - p=a->data; - idx=0; - l=0; - while (idx < a->length) { - l|=(p[idx]&0x7f); - if (!(p[idx] & 0x80)) break; - l<<=7L; - idx++; + if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) + { + const char *s; + s=OBJ_nid2ln(nid); + if (s == NULL) + s=OBJ_nid2sn(nid); + if (buf) + BUF_strlcpy(buf,s,buf_len); + n=strlen(s); + return n; } - idx++; - i=(int)(l/40); - if (i > 2) i=2; - l-=(long)(i*40); - - BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); - i=strlen(tbuf); - BUF_strlcpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; + + len=a->length; + p=a->data; + + first = 1; + bl = NULL; + + while (len > 0) + { l=0; - for (; idx (ULONG_MAX >> 7L))) + { + if (!bl && !(bl = BN_new())) + goto err; + if (!BN_set_word(bl, l)) + goto err; + use_bn = 1; + } + if (use_bn) + { + if (!BN_lshift(bl, bl, 7)) + goto err; + } + else + l<<=7L; + } + + if (first) + { + first = 0; + if (l >= 80) + { + i = 2; + if (use_bn) + { + if (!BN_sub_word(bl, 80)) + goto err; + } + else + l -= 80; + } + else + { + i=(int)(l/40); + l-=(long)(i*40); + } + if (buf && (buf_len > 0)) + { + *buf++ = i + '0'; + buf_len--; + } + n++; + } + + if (use_bn) + { + char *bndec; + bndec = BN_bn2dec(bl); + if (!bndec) + goto err; + i = strlen(bndec); + if (buf) + { if (buf_len > 0) - BUF_strlcpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; - l=0; + { + *buf++ = '.'; + buf_len--; + } + BUF_strlcpy(buf,bndec,buf_len); + if (i > buf_len) + { + buf += buf_len; + buf_len = 0; + } + else + { + buf+=i; + buf_len-=i; + } + } + n++; + n += i; + OPENSSL_free(bndec); + } + else + { + BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); + i=strlen(tbuf); + if (buf && (buf_len > 0)) + { + BUF_strlcpy(buf,tbuf,buf_len); + if (i > buf_len) + { + buf += buf_len; + buf_len = 0; + } + else + { + buf+=i; + buf_len-=i; + } + } + n+=i; + l=0; } - l<<=7L; } - } else { - s=OBJ_nid2ln(nid); - if (s == NULL) - s=OBJ_nid2sn(nid); - BUF_strlcpy(buf,s,buf_len); - n=strlen(s); - } - return(n); + + if (bl) + BN_free(bl); + return n; + + err: + if (bl) + BN_free(bl); + return -1; } int OBJ_txt2nid(const char *s) diff --git a/crypto/openssl-0.9/crypto/objects/obj_dat.h b/crypto/openssl-0.9/crypto/objects/obj_dat.h index db4400c285..78439a33c8 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_dat.h +++ b/crypto/openssl-0.9/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 751 -#define NUM_SN 747 -#define NUM_LN 747 -#define NUM_OBJ 709 +#define NUM_NID 769 +#define NUM_SN 765 +#define NUM_LN 765 +#define NUM_OBJ 721 -static unsigned char lvalues[5002]={ +static unsigned char lvalues[5107]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -777,6 +777,18 @@ static unsigned char lvalues[5002]={ 0x55,0x1D,0x20,0x00, /* [4991] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4995] OBJ_policy_mappings */ 0x55,0x1D,0x36, /* [4998] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5034] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5042] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5050] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5058] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5066] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5074] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5082] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5090] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5098] OBJ_camellia_256_ofb128 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1945,6 +1957,36 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ NID_inhibit_any_policy,3,&(lvalues[4998]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, +{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, + &(lvalues[5001]),0}, +{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, + &(lvalues[5012]),0}, +{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, + &(lvalues[5023]),0}, +{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, + &(lvalues[5034]),0}, +{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, + &(lvalues[5042]),0}, +{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, + &(lvalues[5050]),0}, +{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, + &(lvalues[5058]),0}, +{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, + &(lvalues[5066]),0}, +{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, + &(lvalues[5074]),0}, +{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, +{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, +{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, +{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0}, +{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, +{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, +{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, + &(lvalues[5082]),0}, +{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, + &(lvalues[5090]),0}, +{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, + &(lvalues[5098]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1972,6 +2014,24 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[92]),/* "BF-ECB" */ &(nid_objs[94]),/* "BF-OFB" */ &(nid_objs[14]),/* "C" */ +&(nid_objs[751]),/* "CAMELLIA-128-CBC" */ +&(nid_objs[757]),/* "CAMELLIA-128-CFB" */ +&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */ +&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */ +&(nid_objs[754]),/* "CAMELLIA-128-ECB" */ +&(nid_objs[766]),/* "CAMELLIA-128-OFB" */ +&(nid_objs[752]),/* "CAMELLIA-192-CBC" */ +&(nid_objs[758]),/* "CAMELLIA-192-CFB" */ +&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */ +&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */ +&(nid_objs[755]),/* "CAMELLIA-192-ECB" */ +&(nid_objs[767]),/* "CAMELLIA-192-OFB" */ +&(nid_objs[753]),/* "CAMELLIA-256-CBC" */ +&(nid_objs[759]),/* "CAMELLIA-256-CFB" */ +&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */ +&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */ +&(nid_objs[756]),/* "CAMELLIA-256-ECB" */ +&(nid_objs[768]),/* "CAMELLIA-256-OFB" */ &(nid_objs[108]),/* "CAST5-CBC" */ &(nid_objs[110]),/* "CAST5-CFB" */ &(nid_objs[109]),/* "CAST5-ECB" */ @@ -2863,6 +2923,24 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[701]),/* "c2tnb359v1" */ &(nid_objs[703]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ +&(nid_objs[751]),/* "camellia-128-cbc" */ +&(nid_objs[757]),/* "camellia-128-cfb" */ +&(nid_objs[760]),/* "camellia-128-cfb1" */ +&(nid_objs[763]),/* "camellia-128-cfb8" */ +&(nid_objs[754]),/* "camellia-128-ecb" */ +&(nid_objs[766]),/* "camellia-128-ofb" */ +&(nid_objs[752]),/* "camellia-192-cbc" */ +&(nid_objs[758]),/* "camellia-192-cfb" */ +&(nid_objs[761]),/* "camellia-192-cfb1" */ +&(nid_objs[764]),/* "camellia-192-cfb8" */ +&(nid_objs[755]),/* "camellia-192-ecb" */ +&(nid_objs[767]),/* "camellia-192-ofb" */ +&(nid_objs[753]),/* "camellia-256-cbc" */ +&(nid_objs[759]),/* "camellia-256-cfb" */ +&(nid_objs[762]),/* "camellia-256-cfb1" */ +&(nid_objs[765]),/* "camellia-256-cfb8" */ +&(nid_objs[756]),/* "camellia-256-ecb" */ +&(nid_objs[768]),/* "camellia-256-ofb" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[108]),/* "cast5-cbc" */ &(nid_objs[110]),/* "cast5-cfb" */ @@ -3755,6 +3833,15 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ &(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ &(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ +&(nid_objs[754]),/* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ +&(nid_objs[766]),/* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ +&(nid_objs[757]),/* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +&(nid_objs[755]),/* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ +&(nid_objs[767]),/* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ +&(nid_objs[758]),/* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +&(nid_objs[756]),/* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ +&(nid_objs[768]),/* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ +&(nid_objs[759]),/* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ &(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ &(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ &(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ @@ -4089,6 +4176,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ &(nid_objs[648]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ &(nid_objs[649]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +&(nid_objs[751]),/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ +&(nid_objs[752]),/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ +&(nid_objs[753]),/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ &(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ &(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ &(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ diff --git a/crypto/openssl-0.9/crypto/objects/obj_lib.c b/crypto/openssl-0.9/crypto/objects/obj_lib.c index b0b0f2ff24..706fa0b0e7 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_lib.c +++ b/crypto/openssl-0.9/crypto/objects/obj_lib.c @@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) r->data=OPENSSL_malloc(o->length); if (r->data == NULL) goto err; - memcpy(r->data,o->data,o->length); + if (o->data != NULL) + memcpy(r->data,o->data,o->length); r->length=o->length; r->nid=o->nid; r->ln=r->sn=NULL; diff --git a/crypto/openssl-0.9/crypto/objects/obj_mac.h b/crypto/openssl-0.9/crypto/objects/obj_mac.h index e4d63e5e3f..df4ad903f9 100644 --- a/crypto/openssl-0.9/crypto/objects/obj_mac.h +++ b/crypto/openssl-0.9/crypto/objects/obj_mac.h @@ -3303,3 +3303,91 @@ #define LN_ipsec4 "ipsec4" #define NID_ipsec4 750 +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + diff --git a/crypto/openssl-0.9/crypto/opensslv.h b/crypto/openssl-0.9/crypto/opensslv.h index e056bffc72..d683442720 100644 --- a/crypto/openssl-0.9/crypto/opensslv.h +++ b/crypto/openssl-0.9/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090801fL +#define OPENSSL_VERSION_NUMBER 0x0090803f #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c-fips 05 Sep 2006" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c 05 Sep 2006" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl-0.9/crypto/perlasm/x86asm.pl b/crypto/openssl-0.9/crypto/perlasm/x86asm.pl index cf2aee40ec..5979122158 100644 --- a/crypto/openssl-0.9/crypto/perlasm/x86asm.pl +++ b/crypto/openssl-0.9/crypto/perlasm/x86asm.pl @@ -93,7 +93,7 @@ $tmp #ifdef OUT #define OK 1 #define ALIGN 4 -#if defined(__CYGWIN__) || defined(__DJGPP__) +#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__) #undef SIZE #undef TYPE #define SIZE(a,b) diff --git a/crypto/openssl-0.9/crypto/perlasm/x86unix.pl b/crypto/openssl-0.9/crypto/perlasm/x86unix.pl index 9bc5c0e893..e71050b6bc 100644 --- a/crypto/openssl-0.9/crypto/perlasm/x86unix.pl +++ b/crypto/openssl-0.9/crypto/perlasm/x86unix.pl @@ -200,6 +200,7 @@ sub main'call { my $pre=$under; { if ($label{$i} eq $_[0]) { $pre=''; last; } } &out1("call",$pre.$_[0]); } +sub main'call_ptr { &out1p("call",@_); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } sub main'test { &out2("testl",@_); } @@ -215,7 +216,6 @@ sub main'cld { &out0("cld"); } # SSE2 sub main'emms { &out0("emms"); } sub main'movd { &out2("movd",@_); } -sub main'movq { &out2("movq",@_); } sub main'movdqu { &out2("movdqu",@_); } sub main'movdqa { &out2("movdqa",@_); } sub main'movdq2q{ &out2("movdq2q",@_); } @@ -227,6 +227,13 @@ sub main'psllq { &out2("psllq",@_); } sub main'pxor { &out2("pxor",@_); } sub main'por { &out2("por",@_); } sub main'pand { &out2("pand",@_); } +sub main'movq { + local($p1,$p2,$optimize)=@_; + if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) + # movq between mmx registers can sink Intel CPUs + { push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n"); } + else { &out2("movq",@_); } + } # The bswapl instruction is new for the 486. Emulate if i386. sub main'bswap @@ -588,6 +595,11 @@ ___ } } +sub main'data_byte + { + push(@out,"\t.byte\t".join(',',@_)."\n"); + } + sub main'data_word { push(@out,"\t.long\t".join(',',@_)."\n"); diff --git a/crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c b/crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c index 7bff04889c..c408cc8ab8 100644 --- a/crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c +++ b/crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c @@ -69,7 +69,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, { const EVP_MD *md_type; HMAC_CTX hmac; - unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; + unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; if (!PKCS7_type_is_data(p12->authsafes)) @@ -88,12 +88,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, return 0; } if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - PKCS12_MAC_KEY_LENGTH, key, md_type)) { + EVP_MD_size(md_type), key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); + HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final(&hmac, mac, maclen); diff --git a/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c b/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c index 1f4a0a1795..dc835e5b8a 100644 --- a/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c +++ b/crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c @@ -127,9 +127,12 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + if (flags & PKCS7_STREAM) return p7; + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); PKCS7_free(p7); @@ -138,7 +141,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, SMIME_crlf_copy(data, p7bio, flags); - if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); diff --git a/crypto/openssl-0.9/crypto/rand/rand_unix.c b/crypto/openssl-0.9/crypto/rand/rand_unix.c index 5d031d93af..6c2be5cb96 100644 --- a/crypto/openssl-0.9/crypto/rand/rand_unix.c +++ b/crypto/openssl-0.9/crypto/rand/rand_unix.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -116,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include #include @@ -125,6 +125,13 @@ #include #include #include +#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ +# include +#endif +#include +#ifndef FD_SETSIZE +# define FD_SETSIZE (8*sizeof(fd_set)) +#endif #ifdef __OpenBSD__ int RAND_poll(void) @@ -143,7 +150,7 @@ int RAND_poll(void) return 1; } -#else +#else /* !defined(__OpenBSD__) */ int RAND_poll(void) { unsigned long l; @@ -184,11 +191,9 @@ int RAND_poll(void) #endif )) >= 0) { - struct timeval t = { 0, 10*1000 }; /* Spend 10ms on - each file. */ + int usec = 10*1000; /* spend 10ms on each file */ int r; size_t j; - fd_set fset; struct stat *st=&randomstats[i]; /* Avoid using same input... Used to be O_NOFOLLOW @@ -204,35 +209,75 @@ int RAND_poll(void) do { - FD_ZERO(&fset); - FD_SET(fd, &fset); - r = -1; + int try_read = 0; - if (select(fd+1,&fset,NULL,NULL,&t) < 0) - t.tv_usec=0; - else if (FD_ISSET(fd, &fset)) +#if defined(OPENSSL_SYS_LINUX) + /* use poll() */ + struct pollfd pset; + + pset.fd = fd; + pset.events = POLLIN; + pset.revents = 0; + + if (poll(&pset, 1, usec / 1000) < 0) + usec = 0; + else + try_read = (pset.revents & POLLIN) != 0; + +#else + /* use select() */ + fd_set fset; + struct timeval t; + + t.tv_sec = 0; + t.tv_usec = usec; + + if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) + { + /* can't use select, so just try to read once anyway */ + try_read = 1; + } + else + { + FD_ZERO(&fset); + FD_SET(fd, &fset); + + if (select(fd+1,&fset,NULL,NULL,&t) >= 0) + { + usec = t.tv_usec; + if (FD_ISSET(fd, &fset)) + try_read = 1; + } + else + usec = 0; + } +#endif + + if (try_read) { - r=read(fd,(unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); + r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); if (r > 0) n += r; } - - /* Some Unixen will update t, some - won't. For those who won't, give - up here, otherwise, we will do + else + r = -1; + + /* Some Unixen will update t in select(), some + won't. For those who won't, or if we + didn't use select() in the first place, + give up here, otherwise, we will do this once again for the remaining time. */ - if (t.tv_usec == 10*1000) - t.tv_usec=0; + if (usec == 10*1000) + usec = 0; } - while ((r > 0 || (errno == EINTR || errno == EAGAIN)) - && t.tv_usec != 0 && n < ENTROPY_NEEDED); + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); close(fd); } } -#endif +#endif /* defined(DEVRANDOM) */ #ifdef DEVRANDOM_EGD /* Use an EGD socket to read entropy from an EGD or PRNGD entropy @@ -247,7 +292,7 @@ int RAND_poll(void) if (r > 0) n += r; } -#endif +#endif /* defined(DEVRANDOM_EGD) */ #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) @@ -273,12 +318,13 @@ int RAND_poll(void) #endif } -#endif -#endif +#endif /* defined(__OpenBSD__) */ +#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ + #if defined(OPENSSL_SYS_VXWORKS) int RAND_poll(void) -{ - return 0; -} + { + return 0; + } #endif diff --git a/crypto/openssl-0.9/crypto/rsa/rsa.h b/crypto/openssl-0.9/crypto/rsa/rsa.h index a1ca34760c..ce6f54ffed 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa.h +++ b/crypto/openssl-0.9/crypto/rsa/rsa.h @@ -411,17 +411,18 @@ void ERR_load_RSA_strings(void); #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 -#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS1_PADDING_TOO_SHORT 105 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 -#define RSA_R_SLEN_CHECK_FAILED 136 #ifdef __cplusplus } diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c b/crypto/openssl-0.9/crypto/rsa/rsa_depr.c index c5582b996d..a859ded987 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_depr.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_depr.c @@ -83,7 +83,8 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, for (i=0; i<(int)sizeof(unsigned long)*8; i++) { if (e_value & (1UL<blinding == NULL) { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + if (rsa->blinding == NULL) - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->blinding == NULL) - rsa->blinding = RSA_setup_blinding(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } + rsa->blinding = RSA_setup_blinding(rsa, ctx); } ret = rsa->blinding; if (ret == NULL) - return NULL; + goto err; - if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) + if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) + { + /* rsa->blinding is ours! */ + + *local = 1; + } + else { - *local = 0; + /* resort to rsa->mt_blinding instead */ + + *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + if (rsa->mt_blinding == NULL) { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (!got_write_lock) + { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + } + if (rsa->mt_blinding == NULL) rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } ret = rsa->mt_blinding; } - else - *local = 1; + err: + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + else + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); return ret; } @@ -358,7 +381,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { - blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); @@ -479,7 +502,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { - blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); @@ -617,6 +640,15 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, { case RSA_PKCS1_PADDING: r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); + /* Generally signatures should be at least 2/3 padding, though + this isn't possible for really short keys and some standard + signature schemes, so don't check if the unpadded data is + small. */ + if(r > 42 && 3*8*r >= BN_num_bits(rsa->n)) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT); + goto err; + } break; case RSA_X931_PADDING: r=RSA_padding_check_X931(to,num,buf,i,num); diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_err.c b/crypto/openssl-0.9/crypto/rsa/rsa_err.c index cfb1e908aa..584adb0205 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_err.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_err.c @@ -88,7 +88,7 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, -{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_PADDING_ADD_PKCS1_PSS"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, @@ -100,13 +100,13 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, -{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, +{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_PRINT_FP"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, -{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_VERIFY_PKCS1_PSS"}, +{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, {0,NULL} }; @@ -141,17 +141,18 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, -{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, +{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, +{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, -{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, {0,NULL} }; diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_gen.c b/crypto/openssl-0.9/crypto/rsa/rsa_gen.c index 383d6095f5..742f8b18e5 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_gen.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_gen.c @@ -183,8 +183,11 @@ err: RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); ok=0; } - BN_CTX_end(ctx); - BN_CTX_free(ctx); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return ok; } diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_lib.c b/crypto/openssl-0.9/crypto/rsa/rsa_lib.c index 533a711eda..66cd15ff6d 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_lib.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_lib.c @@ -412,6 +412,8 @@ err: BN_CTX_end(ctx); if (in_ctx == NULL) BN_CTX_free(ctx); + if(rsa->e == NULL) + BN_free(e); return ret; } diff --git a/crypto/openssl-0.9/crypto/rsa/rsa_sign.c b/crypto/openssl-0.9/crypto/rsa/rsa_sign.c index 230ec6d7ea..71aabeea1b 100644 --- a/crypto/openssl-0.9/crypto/rsa/rsa_sign.c +++ b/crypto/openssl-0.9/crypto/rsa/rsa_sign.c @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); diff --git a/crypto/openssl-0.9/crypto/store/str_meth.c b/crypto/openssl-0.9/crypto/store/str_meth.c index 648c08d76d..a46de03a26 100644 --- a/crypto/openssl-0.9/crypto/store/str_meth.c +++ b/crypto/openssl-0.9/crypto/store/str_meth.c @@ -65,8 +65,10 @@ STORE_METHOD *STORE_create_method(char *name) STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); if (store_method) + { memset(store_method, 0, sizeof(*store_method)); - store_method->name = BUF_strdup(name); + store_method->name = BUF_strdup(name); + } return store_method; } diff --git a/crypto/openssl-0.9/crypto/x509/x509_r2x.c b/crypto/openssl-0.9/crypto/x509/x509_r2x.c index fb8a78dabe..254a14693d 100644 --- a/crypto/openssl-0.9/crypto/x509/x509_r2x.c +++ b/crypto/openssl-0.9/crypto/x509/x509_r2x.c @@ -89,8 +89,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) } xn=X509_REQ_get_subject_name(r); - X509_set_subject_name(ret,X509_NAME_dup(xn)); - X509_set_issuer_name(ret,X509_NAME_dup(xn)); + if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) + goto err; + if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) + goto err; if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) goto err; diff --git a/crypto/openssl-0.9/crypto/x509/x509_vpm.c b/crypto/openssl-0.9/crypto/x509/x509_vpm.c index 82cff88bf0..5e69259a79 100644 --- a/crypto/openssl-0.9/crypto/x509/x509_vpm.c +++ b/crypto/openssl-0.9/crypto/x509/x509_vpm.c @@ -172,6 +172,15 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, x509_verify_param_copy(trust, 0); x509_verify_param_copy(depth, -1); + /* If overwrite or check time not set, copy across */ + + if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) + { + dest->check_time = src->check_time; + dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; + /* Don't need to copy flag: that is done below */ + } + if (inh_flags & X509_VP_FLAG_RESET_FLAGS) dest->flags = 0; diff --git a/crypto/openssl-0.9/crypto/x509v3/pcy_tree.c b/crypto/openssl-0.9/crypto/x509v3/pcy_tree.c index 62eea0c4ab..1c68ce3352 100644 --- a/crypto/openssl-0.9/crypto/x509v3/pcy_tree.c +++ b/crypto/openssl-0.9/crypto/x509v3/pcy_tree.c @@ -631,6 +631,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, break; } + if (!tree) goto error; ret = tree_evaluate(tree); if (ret <= 0) diff --git a/crypto/openssl-0.9/crypto/x509v3/v3err.c b/crypto/openssl-0.9/crypto/x509v3/v3err.c index e96bd62b40..451645f1f3 100644 --- a/crypto/openssl-0.9/crypto/x509v3/v3err.c +++ b/crypto/openssl-0.9/crypto/x509v3/v3err.c @@ -94,12 +94,12 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, -{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, +{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_ADD_ID_ASC"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, -{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, +{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, @@ -120,10 +120,10 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, -{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, +{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_GET_SECTION"}, {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, -{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, +{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_PARSE_LIST"}, {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, {0,NULL} diff --git a/crypto/openssl-0.9/crypto/x509v3/x509v3.h b/crypto/openssl-0.9/crypto/x509v3/x509v3.h index 555820fc1f..34429828f0 100644 --- a/crypto/openssl-0.9/crypto/x509v3/x509v3.h +++ b/crypto/openssl-0.9/crypto/x509v3/x509v3.h @@ -651,7 +651,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_POLICY_SECTION 131 #define X509V3_F_PROCESS_PCI_VALUE 150 #define X509V3_F_R2I_CERTPOL 130 -#define X509V3_F_R2I_PCI 149 +#define X509V3_F_R2I_PCI 155 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 diff --git a/crypto/openssl-0.9/crypto/x86cpuid.pl b/crypto/openssl-0.9/crypto/x86cpuid.pl index 4a58651f0f..c53c9bc998 100644 --- a/crypto/openssl-0.9/crypto/x86cpuid.pl +++ b/crypto/openssl-0.9/crypto/x86cpuid.pl @@ -153,6 +153,45 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &ret (); &function_end_B("OPENSSL_atomic_add"); +# This function can become handy under Win32 in situations when +# we don't know which calling convention, __stdcall or __cdecl(*), +# indirect callee is using. In C it can be deployed as +# +#ifdef OPENSSL_CPUID_OBJ +# type OPENSSL_indirect_call(void *f,...); +# ... +# OPENSSL_indirect_call(func,[up to $max arguments]); +#endif +# +# (*) it's designed to work even for __fastcall if number of +# arguments is 1 or 2! +&function_begin_B("OPENSSL_indirect_call"); + { + my $i,$max=7; # $max has to be chosen as 4*n-1 + # in order to preserve eventual + # stack alignment + &push ("ebp"); + &mov ("ebp","esp"); + &sub ("esp",$max*4); + &mov ("ecx",&DWP(12,"ebp")); + &mov (&DWP(0,"esp"),"ecx"); + &mov ("edx",&DWP(16,"ebp")); + &mov (&DWP(4,"esp"),"edx"); + for($i=2;$i<$max;$i++) + { + # Some copies will be redundant/bogus... + &mov ("eax",&DWP(12+$i*4,"ebp")); + &mov (&DWP(0+$i*4,"esp"),"eax"); + } + &call_ptr (&DWP(8,"ebp"));# make the call... + &mov ("esp","ebp"); # ... and just restore the stack pointer + # without paying attention to what we called, + # (__cdecl *func) or (__stdcall *one). + &pop ("ebp"); + &ret (); + } +&function_end_B("OPENSSL_indirect_call"); + &initseg("OPENSSL_cpuid_setup"); &asm_finish(); diff --git a/crypto/openssl-0.9/doc/openssl.txt b/crypto/openssl-0.9/doc/openssl.txt index 37730b2cbd..f8817b0a71 100644 --- a/crypto/openssl-0.9/doc/openssl.txt +++ b/crypto/openssl-0.9/doc/openssl.txt @@ -778,7 +778,7 @@ called. The X509V3_EXT_METHOD structure is described below. -strut { +struct { int ext_nid; int ext_flags; X509V3_EXT_NEW ext_new; diff --git a/crypto/openssl-0.9/doc/ssleay.txt b/crypto/openssl-0.9/doc/ssleay.txt index d44d2f04a0..c75312911f 100644 --- a/crypto/openssl-0.9/doc/ssleay.txt +++ b/crypto/openssl-0.9/doc/ssleay.txt @@ -4295,7 +4295,7 @@ X-Status: Loading client certs into MSIE 3.01 =================================== -This document conatains all the information necessary to succesfully set up +This document contains all the information necessary to successfully set up some scripts to issue client certs to Microsoft Internet Explorer. It includes the required knowledge about the model MSIE uses for client certification and includes complete sample scripts ready to play with. The diff --git a/crypto/openssl-0.9/doc/standards.txt b/crypto/openssl-0.9/doc/standards.txt index f6675b574b..bda55d1581 100644 --- a/crypto/openssl-0.9/doc/standards.txt +++ b/crypto/openssl-0.9/doc/standards.txt @@ -88,10 +88,17 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: INFORMATIONAL) +3713 A Description of the Camellia Encryption Algorithm. M. Matsui, + J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) + (Status: INFORMATIONAL) + 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) +4132 Addition of Camellia Cipher Suites to Transport Layer Security + (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 + bytes) (Status: PROPOSED STANDARD) Related: -------- @@ -250,7 +257,11 @@ STARTTLS documents. Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) - "Securing FTP with TLS", 01/27/2000, +3657 Use of the Camellia Encryption Algorithm in Cryptographic + Message Syntax (CMS). S. Moriai, A. Kato. January 2004. + (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) + +"Securing FTP with TLS", 01/27/2000, To be implemented: diff --git a/crypto/openssl-0.9/e_os2.h b/crypto/openssl-0.9/e_os2.h index 1cbdf5be40..9da0b65448 100644 --- a/crypto/openssl-0.9/e_os2.h +++ b/crypto/openssl-0.9/e_os2.h @@ -84,6 +84,13 @@ extern "C" { /* ---------------------- Microsoft operating systems ---------------------- */ +/* Note that MSDOS actually denotes 32-bit environments running on top of + MS-DOS, such as DJGPP one. */ +#if defined(OPENSSL_SYSNAME_MSDOS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MSDOS +#endif + /* For 32 bit environment, there seems to be the CygWin environment and then all the others that try to do the same thing Microsoft does... */ #if defined(OPENSSL_SYSNAME_UWIN) diff --git a/crypto/openssl-0.9/engines/e_cswift.c b/crypto/openssl-0.9/engines/e_cswift.c index d5f1d4e05f..bc65179846 100644 --- a/crypto/openssl-0.9/engines/e_cswift.c +++ b/crypto/openssl-0.9/engines/e_cswift.c @@ -744,6 +744,12 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx int to_return = 0; const RSA_METHOD * def_rsa_method; + if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) + { + CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS); + goto err; + } + /* Try the limits of RSA (2048 bits) */ if(BN_num_bytes(rsa->p) > 128 || BN_num_bytes(rsa->q) > 128 || @@ -764,11 +770,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx); } - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS); - goto err; - } to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1, rsa->iqmp, ctx); err: @@ -1089,7 +1090,7 @@ static int cswift_rand_bytes(unsigned char *buf, int num) if (swrc != SW_OK) { char tmpbuf[20]; - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", swrc); ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); goto err; diff --git a/crypto/openssl-0.9/engines/e_sureware.c b/crypto/openssl-0.9/engines/e_sureware.c index 424b82fd98..58fa9a98ee 100644 --- a/crypto/openssl-0.9/engines/e_sureware.c +++ b/crypto/openssl-0.9/engines/e_sureware.c @@ -976,11 +976,13 @@ static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA if (!p_surewarehk_Dsa_Sign) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED); + goto err; } /* extract ref to private key */ else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx))) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS); + goto err; } else { diff --git a/crypto/openssl-0.9/ssl/d1_clnt.c b/crypto/openssl-0.9/ssl/d1_clnt.c index f10b34bd70..e8b60a45d2 100644 --- a/crypto/openssl-0.9/ssl/d1_clnt.c +++ b/crypto/openssl-0.9/ssl/d1_clnt.c @@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=time(NULL),l; + unsigned long Time=(unsigned long)time(NULL),l; long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; @@ -544,7 +544,7 @@ int dtls1_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); diff --git a/crypto/openssl-0.9/ssl/d1_enc.c b/crypto/openssl-0.9/ssl/d1_enc.c index 42997eaee9..cbff7495c5 100644 --- a/crypto/openssl-0.9/ssl/d1_enc.c +++ b/crypto/openssl-0.9/ssl/d1_enc.c @@ -146,7 +146,10 @@ int dtls1_enc(SSL *s, int send) fprintf(stderr, "%s:%d: rec->data != rec->input\n", __FILE__, __LINE__); else if ( EVP_CIPHER_block_size(ds->cipher) > 1) - RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)); + { + if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) + return -1; + } } } else diff --git a/crypto/openssl-0.9/ssl/d1_pkt.c b/crypto/openssl-0.9/ssl/d1_pkt.c index 892b889708..be6ee32326 100644 --- a/crypto/openssl-0.9/ssl/d1_pkt.c +++ b/crypto/openssl-0.9/ssl/d1_pkt.c @@ -197,7 +197,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority) memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); - ssl3_setup_buffers(s); + if (!ssl3_setup_buffers(s)) + { + SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + OPENSSL_free(rdata); + pitem_free(item); + return(0); + } return(1); } diff --git a/crypto/openssl-0.9/ssl/d1_srvr.c b/crypto/openssl-0.9/ssl/d1_srvr.c index 180fc6e646..475e6095fd 100644 --- a/crypto/openssl-0.9/ssl/d1_srvr.c +++ b/crypto/openssl-0.9/ssl/d1_srvr.c @@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, int dtls1_accept(SSL *s) { BUF_MEM *buf; - unsigned long l,Time=time(NULL); + unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; long num1; int ret= -1; @@ -666,7 +666,7 @@ int dtls1_send_server_hello(SSL *s) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ diff --git a/crypto/openssl-0.9/ssl/s23_clnt.c b/crypto/openssl-0.9/ssl/s23_clnt.c index 8bac26c5ac..ed4ee72393 100644 --- a/crypto/openssl-0.9/ssl/s23_clnt.c +++ b/crypto/openssl-0.9/ssl/s23_clnt.c @@ -88,7 +88,7 @@ IMPLEMENT_ssl23_meth_func(SSLv23_client_method, int ssl23_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=time(NULL); + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; @@ -236,7 +236,7 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; diff --git a/crypto/openssl-0.9/ssl/s23_meth.c b/crypto/openssl-0.9/ssl/s23_meth.c index c88569d32c..950d9aab3d 100644 --- a/crypto/openssl-0.9/ssl/s23_meth.c +++ b/crypto/openssl-0.9/ssl/s23_meth.c @@ -63,13 +63,21 @@ static SSL_METHOD *ssl23_get_method(int ver); static SSL_METHOD *ssl23_get_method(int ver) { +#ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_method()); - else if (ver == SSL3_VERSION) + else +#endif +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) return(SSLv3_method()); - else if (ver == TLS1_VERSION) + else +#endif +#ifndef OPENSSL_NO_TLS1 + if (ver == TLS1_VERSION) return(TLSv1_method()); else +#endif return(NULL); } diff --git a/crypto/openssl-0.9/ssl/s23_srvr.c b/crypto/openssl-0.9/ssl/s23_srvr.c index 5cd00f850e..da4f377e76 100644 --- a/crypto/openssl-0.9/ssl/s23_srvr.c +++ b/crypto/openssl-0.9/ssl/s23_srvr.c @@ -140,7 +140,7 @@ IMPLEMENT_ssl23_meth_func(SSLv23_server_method, int ssl23_accept(SSL *s) { BUF_MEM *buf; - unsigned long Time=time(NULL); + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; diff --git a/crypto/openssl-0.9/ssl/s2_clnt.c b/crypto/openssl-0.9/ssl/s2_clnt.c index 0c9e24d5c4..efb52485a7 100644 --- a/crypto/openssl-0.9/ssl/s2_clnt.c +++ b/crypto/openssl-0.9/ssl/s2_clnt.c @@ -144,7 +144,7 @@ IMPLEMENT_ssl2_meth_func(SSLv2_client_method, int ssl2_connect(SSL *s) { - unsigned long l=time(NULL); + unsigned long l=(unsigned long)time(NULL); BUF_MEM *buf=NULL; int ret= -1; void (*cb)(const SSL *ssl,int type,int val)=NULL; diff --git a/crypto/openssl-0.9/ssl/s2_lib.c b/crypto/openssl-0.9/ssl/s2_lib.c index d2cce7546d..def3a6e89a 100644 --- a/crypto/openssl-0.9/ssl/s2_lib.c +++ b/crypto/openssl-0.9/ssl/s2_lib.c @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ -#if 1 +#if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, diff --git a/crypto/openssl-0.9/ssl/s2_srvr.c b/crypto/openssl-0.9/ssl/s2_srvr.c index 247cc89155..27d71a2e09 100644 --- a/crypto/openssl-0.9/ssl/s2_srvr.c +++ b/crypto/openssl-0.9/ssl/s2_srvr.c @@ -144,7 +144,7 @@ IMPLEMENT_ssl2_meth_func(SSLv2_server_method, int ssl2_accept(SSL *s) { - unsigned long l=time(NULL); + unsigned long l=(unsigned long)time(NULL); BUF_MEM *buf=NULL; int ret= -1; long num1; diff --git a/crypto/openssl-0.9/ssl/s3_clnt.c b/crypto/openssl-0.9/ssl/s3_clnt.c index eb7e87f9b1..26788858d7 100644 --- a/crypto/openssl-0.9/ssl/s3_clnt.c +++ b/crypto/openssl-0.9/ssl/s3_clnt.c @@ -159,7 +159,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=time(NULL),l; + unsigned long Time=(unsigned long)time(NULL),l; long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; @@ -541,7 +541,7 @@ int ssl3_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) goto err; @@ -1211,12 +1211,12 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just two bytes. + * and the ECParameters in this case is just three bytes. */ - param_len=2; + param_len=3; if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || - ((curve_nid = curve_id2nid(*(p + 1))) == 0)) + ((curve_nid = curve_id2nid(*(p + 2))) == 0)) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); @@ -1246,7 +1246,7 @@ int ssl3_get_key_exchange(SSL *s) goto f_err; } - p+=2; + p+=3; /* Next, get the encoded ECPoint */ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || @@ -1614,22 +1614,6 @@ int ssl3_get_server_done(SSL *s) } -#ifndef OPENSSL_NO_ECDH -static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) - { -#ifndef OPENSSL_NO_SHA - if (*outlen < SHA_DIGEST_LENGTH) - return NULL; - else - *outlen = SHA_DIGEST_LENGTH; - return SHA1(in, inlen, out); -#else - return NULL; -#endif /* OPENSSL_NO_SHA */ - } -#endif /* OPENSSL_NO_ECDH */ - int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; @@ -2027,14 +2011,7 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } - /* If field size is not more than 24 octets, then use SHA-1 hash of result; - * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; - * this is new with this version of the Internet Draft). - */ - if (field_size <= 24 * 8) - n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); - else - n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); + n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, diff --git a/crypto/openssl-0.9/ssl/s3_lib.c b/crypto/openssl-0.9/ssl/s3_lib.c index 33e10770dd..0eff243c12 100644 --- a/crypto/openssl-0.9/ssl/s3_lib.c +++ b/crypto/openssl-0.9/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -901,8 +901,272 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, + +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (128-bit portion) */ + + /* Cipher 41 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 42 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 43 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 44 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 45 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 46 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + +#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES + /* New TLS Export CipherSuites from expired ID */ +#if 0 + /* Cipher 60 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 61 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +#endif + /* Cipher 62 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 63 */ + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 64 */ + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 65 */ + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + 0, + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 66 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, + TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif + +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (256-bit portion) */ + + /* Cipher 84 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 85 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 86 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 87 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 88 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 89 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + #ifndef OPENSSL_NO_ECDH - /* Cipher 47 */ + /* Cipher C001 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, @@ -916,7 +1180,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 48 */ + /* Cipher C002 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, @@ -930,21 +1194,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 49 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA, - SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - - /* Cipher 4A */ + /* Cipher C003 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, @@ -958,7 +1208,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 4B */ + /* Cipher C004 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, @@ -972,7 +1222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 4C */ + /* Cipher C005 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -986,12 +1236,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 4D */ + /* Cipher C006 */ { 1, - TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, - TLS1_CK_ECDH_RSA_WITH_NULL_SHA, - SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1000,12 +1250,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 4E */ + /* Cipher C007 */ { 1, - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, - SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1014,26 +1264,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 4F */ + /* Cipher C008 */ { 1, - TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA, - SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - - /* Cipher 50 */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1042,12 +1278,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 51 */ + /* Cipher C009 */ { 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1056,12 +1292,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 52 */ + /* Cipher C00A */ { 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -1070,258 +1306,194 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 53 */ + /* Cipher C00B */ { 1, - TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, - TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, - SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP40, + TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, + TLS1_CK_ECDH_RSA_WITH_NULL_SHA, + SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, + 0, + 0, 0, - 40, - 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 54 */ + /* Cipher C00C */ { 1, - TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, - TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, + TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, + SSL_NOT_EXP, 0, - 56, + 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 55 */ - { + /* Cipher C00D */ + { 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP, - 0, - 0, + TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, - }, + }, - /* Cipher 56 */ - { + /* Cipher C00E */ + { 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP, + TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, - }, + }, - /* Cipher 57 */ + /* Cipher C00F */ { 1, - TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA, - SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_LOW, + TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, - 56, - 56, + 256, + 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 58 */ + /* Cipher C010 */ { 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, + 0, + 0, 0, - 168, - 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 59 */ + /* Cipher C011 */ { 1, - TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, - TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, - SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP40, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, 0, - 40, - 56, + 128, + 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 5A */ + /* Cipher C012 */ { 1, - TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA, - TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA, - SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP40, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, - 40, - 128, + 168, + 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 5B */ - /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ + + /* Cipher C013 */ { 1, - TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, - TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP40, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, - 40, + 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, - /* Cipher 5C */ - /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ + /* Cipher C014 */ { 1, - TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, - TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, 0, - 56, - 128, + 256, + 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -#endif /* OPENSSL_NO_ECDH */ - -#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ - /* Cipher 60 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 61 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 62 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 63 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 64 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, + /* Cipher C015 */ + { + 1, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, + 0, + 0, + 0, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, - /* Cipher 65 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, + + /* Cipher C016 */ + { + 1, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, - /* Cipher 66 */ + + /* Cipher C017 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS - }, -#endif + 1, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 168, + 168, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, -#ifndef OPENSSL_NO_ECDH - /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy - * are not yet specified in the ECC/TLS draft but our code - * allows them to be implemented very easily. To add such - * a cipher suite, one needs to add two constant definitions - * to tls1.h and a new structure in this file as shown below. We - * illustrate the process for the made-up cipher - * ECDHE-ECDSA-AES128-SHA. - */ + /* Cipher C018 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1330,22 +1502,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, - /* Cipher 78 XXX: Another made-up ECC cipher suite that - * offers forward secrecy (ECDHE-RSA-AES128-SHA). - */ + /* Cipher C019 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, - 128, - 128, + 256, + 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -#endif /* !OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_ECDH */ + /* end of list */ }; diff --git a/crypto/openssl-0.9/ssl/s3_srvr.c b/crypto/openssl-0.9/ssl/s3_srvr.c index f762480a02..a8c5df822c 100644 --- a/crypto/openssl-0.9/ssl/s3_srvr.c +++ b/crypto/openssl-0.9/ssl/s3_srvr.c @@ -164,7 +164,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_server_method, int ssl3_accept(SSL *s) { BUF_MEM *buf; - unsigned long l,Time=time(NULL); + unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; long num1; int ret= -1; @@ -1038,7 +1038,7 @@ int ssl3_send_server_hello(SSL *s) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; @@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s) /* XXX: For now, we only support named (not * generic) curves in ECDH ephemeral key exchanges. - * In this situation, we need three additional bytes + * In this situation, we need four additional bytes * to encode the entire ServerECDHParams * structure. */ - n = 3 + encodedlen; + n = 4 + encodedlen; /* We'll generate the serverKeyExchange message * explicitly so we can set these to NULLs @@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[0]=NULL; r[1]=NULL; r[2]=NULL; + r[3]=NULL; } else #endif /* !OPENSSL_NO_ECDH */ @@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s) { /* XXX: For now, we only support named (not generic) curves. * In this situation, the serverKeyExchange message has: - * [1 byte CurveType], [1 byte CurveName] + * [1 byte CurveType], [2 byte CurveName] * [1 byte length of encoded point], followed by * the actual encoded point itself */ *p = NAMED_CURVE_TYPE; p += 1; + *p = 0; + p += 1; *p = curve_id; p += 1; *p = encodedlen; @@ -1637,23 +1640,6 @@ err: return(-1); } - -#ifndef OPENSSL_NO_ECDH -static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) - { -#ifndef OPENSSL_NO_SHA - if (*outlen < SHA_DIGEST_LENGTH) - return NULL; - else - *outlen = SHA_DIGEST_LENGTH; - return SHA1(in, inlen, out); -#else - return NULL; -#endif /* OPENSSL_NO_SHA */ - } -#endif /* OPENSSL_NO_ECDH */ - int ssl3_get_client_key_exchange(SSL *s) { int i,al,ok; @@ -2116,8 +2102,13 @@ int ssl3_get_client_key_exchange(SSL *s) goto f_err; } - EC_POINT_copy(clnt_ecpoint, - EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)); + if (EC_POINT_copy(clnt_ecpoint, + EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } ret = 2; /* Skip certificate verify processing */ } else @@ -2156,14 +2147,7 @@ int ssl3_get_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } - /* If field size is not more than 24 octets, then use SHA-1 hash of result; - * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; - * this is new with this version of the Internet Draft). - */ - if (field_size <= 24 * 8) - i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); - else - i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); + i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/crypto/openssl-0.9/ssl/ssl.h b/crypto/openssl-0.9/ssl/ssl.h index 1a96f04df0..83f1fee804 100644 --- a/crypto/openssl-0.9/ssl/ssl.h +++ b/crypto/openssl-0.9/ssl/ssl.h @@ -109,7 +109,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -282,6 +282,7 @@ extern "C" { #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" #define SSL_TXT_AES "AES" +#define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" @@ -315,7 +316,11 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#ifdef OPENSSL_NO_CAMELLIA +# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#else +# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:-ECCdraft:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 @@ -1543,35 +1548,35 @@ void ERR_load_SSL_strings(void); /* Function codes. */ #define SSL_F_CLIENT_CERTIFICATE 100 -#define SSL_F_CLIENT_FINISHED 238 +#define SSL_F_CLIENT_FINISHED 167 #define SSL_F_CLIENT_HELLO 101 #define SSL_F_CLIENT_MASTER_KEY 102 #define SSL_F_D2I_SSL_SESSION 103 -#define SSL_F_DO_DTLS1_WRITE 1003 +#define SSL_F_DO_DTLS1_WRITE 245 #define SSL_F_DO_SSL3_WRITE 104 -#define SSL_F_DTLS1_ACCEPT 1004 -#define SSL_F_DTLS1_BUFFER_RECORD 1005 -#define SSL_F_DTLS1_CLIENT_HELLO 1006 -#define SSL_F_DTLS1_CONNECT 1007 -#define SSL_F_DTLS1_ENC 1008 -#define SSL_F_DTLS1_GET_HELLO_VERIFY 1009 -#define SSL_F_DTLS1_GET_MESSAGE 1010 -#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 1011 -#define SSL_F_DTLS1_GET_RECORD 1012 -#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 1013 -#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 1014 -#define SSL_F_DTLS1_PROCESS_RECORD 1015 -#define SSL_F_DTLS1_READ_BYTES 1016 -#define SSL_F_DTLS1_READ_FAILED 1001 -#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 1017 -#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 1018 -#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 1019 -#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 1020 -#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 1002 -#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 1021 -#define SSL_F_DTLS1_SEND_SERVER_HELLO 1022 -#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 1023 -#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 1024 +#define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_BUFFER_RECORD 247 +#define SSL_F_DTLS1_CLIENT_HELLO 248 +#define SSL_F_DTLS1_CONNECT 249 +#define SSL_F_DTLS1_ENC 250 +#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +#define SSL_F_DTLS1_GET_MESSAGE 252 +#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +#define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +#define SSL_F_DTLS1_PROCESS_RECORD 257 +#define SSL_F_DTLS1_READ_BYTES 258 +#define SSL_F_DTLS1_READ_FAILED 259 +#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 #define SSL_F_GET_CLIENT_FINISHED 105 #define SSL_F_GET_CLIENT_HELLO 106 #define SSL_F_GET_CLIENT_MASTER_KEY 107 @@ -1655,7 +1660,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CTRL 232 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 -#define SSL_F_SSL_CTX_SET_CIPHER_LIST 1026 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 #define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 @@ -1678,7 +1683,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 -#define SSL_F_SSL_PEEK 1025 +#define SSL_F_SSL_PEEK 270 #define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 @@ -1686,7 +1691,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_SESSION_PRINT_FP 190 #define SSL_F_SSL_SESS_CERT_NEW 225 #define SSL_F_SSL_SET_CERT 191 -#define SSL_F_SSL_SET_CIPHER_LIST 1027 +#define SSL_F_SSL_SET_CIPHER_LIST 271 #define SSL_F_SSL_SET_FD 192 #define SSL_F_SSL_SET_PKEY 193 #define SSL_F_SSL_SET_PURPOSE 227 @@ -1729,9 +1734,9 @@ void ERR_load_SSL_strings(void); #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 -#define SSL_R_BAD_ECC_CERT 1117 -#define SSL_R_BAD_ECDSA_SIGNATURE 1112 -#define SSL_R_BAD_ECPOINT 1113 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECDSA_SIGNATURE 305 +#define SSL_R_BAD_ECPOINT 306 #define SSL_R_BAD_HELLO_REQUEST 105 #define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 @@ -1763,50 +1768,49 @@ void ERR_load_SSL_strings(void); #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 #define SSL_R_COMPRESSION_FAILURE 141 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 1120 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 #define SSL_R_CONNECTION_TYPE_NOT_SET 144 -#define SSL_R_COOKIE_MISMATCH 2002 +#define SSL_R_COOKIE_MISMATCH 308 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 -#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 -#define SSL_R_ILLEGAL_PADDING 1110 +#define SSL_R_ILLEGAL_PADDING 283 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 -#define SSL_R_KEY_ARG_TOO_LONG 1112 -#define SSL_R_KRB5 1104 -#define SSL_R_KRB5_C_CC_PRINC 1094 -#define SSL_R_KRB5_C_GET_CRED 1095 -#define SSL_R_KRB5_C_INIT 1096 -#define SSL_R_KRB5_C_MK_REQ 1097 -#define SSL_R_KRB5_S_BAD_TICKET 1098 -#define SSL_R_KRB5_S_INIT 1099 -#define SSL_R_KRB5_S_RD_REQ 1108 -#define SSL_R_KRB5_S_TKT_EXPIRED 1105 -#define SSL_R_KRB5_S_TKT_NYV 1106 -#define SSL_R_KRB5_S_TKT_SKEW 1107 +#define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KRB5 285 +#define SSL_R_KRB5_C_CC_PRINC 286 +#define SSL_R_KRB5_C_GET_CRED 287 +#define SSL_R_KRB5_C_INIT 288 +#define SSL_R_KRB5_C_MK_REQ 289 +#define SSL_R_KRB5_S_BAD_TICKET 290 +#define SSL_R_KRB5_S_INIT 291 +#define SSL_R_KRB5_S_RD_REQ 292 +#define SSL_R_KRB5_S_TKT_EXPIRED 293 +#define SSL_R_KRB5_S_TKT_NYV 294 +#define SSL_R_KRB5_S_TKT_SKEW 295 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -#define SSL_R_MASTER_KEY_TOO_LONG 1112 -#define SSL_R_MESSAGE_TOO_LONG 1111 +#define SSL_R_MESSAGE_TOO_LONG 296 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 @@ -1817,7 +1821,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 #define SSL_R_MISSING_RSA_SIGNING_CERT 170 #define SSL_R_MISSING_TMP_DH_KEY 171 -#define SSL_R_MISSING_TMP_ECDH_KEY 1114 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 #define SSL_R_MISSING_TMP_RSA_KEY 172 #define SSL_R_MISSING_TMP_RSA_PKEY 173 #define SSL_R_MISSING_VERIFY_MESSAGE 174 @@ -1844,6 +1848,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NULL_SSL_CTX 195 #define SSL_R_NULL_SSL_METHOD_PASSED 196 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 #define SSL_R_PACKET_LENGTH_TOO_LONG 198 #define SSL_R_PATH_TOO_LONG 270 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 @@ -1859,11 +1864,11 @@ void ERR_load_SSL_strings(void); #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 #define SSL_R_PUBLIC_KEY_NOT_RSA 210 #define SSL_R_READ_BIO_NOT_SET 211 -#define SSL_R_READ_TIMEOUT_EXPIRED 2001 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 -#define SSL_R_RECORD_TOO_SMALL 1093 +#define SSL_R_RECORD_TOO_SMALL 298 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 @@ -1872,8 +1877,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -1884,20 +1889,15 @@ void ERR_load_SSL_strings(void); #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 -#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 @@ -1916,10 +1916,10 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 1115 +#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 1116 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 @@ -1940,8 +1940,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNKNOWN_STATE 255 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 1118 -#define SSL_R_UNSUPPORTED_OPTION 1091 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_WRITE_BIO_NOT_SET 260 diff --git a/crypto/openssl-0.9/ssl/ssl_algs.c b/crypto/openssl-0.9/ssl/ssl_algs.c index ac82d45a9c..3d93c5ab78 100644 --- a/crypto/openssl-0.9/ssl/ssl_algs.c +++ b/crypto/openssl-0.9/ssl/ssl_algs.c @@ -82,6 +82,15 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); #endif + + +/* The Camellia algorithm is registered in the management table of EVP. */ +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_256_cbc()); +#endif + + #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif diff --git a/crypto/openssl-0.9/ssl/ssl_asn1.c b/crypto/openssl-0.9/ssl/ssl_asn1.c index c274b94953..d129acc329 100644 --- a/crypto/openssl-0.9/ssl/ssl_asn1.c +++ b/crypto/openssl-0.9/ssl/ssl_asn1.c @@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } else - ret->time=time(NULL); + ret->time=(unsigned long)time(NULL); ai.length=0; M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); diff --git a/crypto/openssl-0.9/ssl/ssl_cert.c b/crypto/openssl-0.9/ssl/ssl_cert.c index 7908dcccdb..fb080093e5 100644 --- a/crypto/openssl-0.9/ssl/ssl_cert.c +++ b/crypto/openssl-0.9/ssl/ssl_cert.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -73,12 +73,12 @@ * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. + * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written @@ -87,7 +87,7 @@ * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -102,6 +102,11 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. @@ -130,21 +135,28 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) { static volatile int ssl_x509_store_ctx_idx= -1; + int got_write_lock = 0; + + CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if (ssl_x509_store_ctx_idx < 0) { - /* any write lock will do; usually this branch - * will only be taken once anyway */ + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + got_write_lock = 1; if (ssl_x509_store_ctx_idx < 0) { ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( 0,"SSL for verify callback",NULL,NULL,NULL); } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } + + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + else + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + return ssl_x509_store_ctx_idx; } @@ -296,7 +308,7 @@ CERT *ssl_cert_dup(CERT *cert) return(ret); -#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */ +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif #ifndef OPENSSL_NO_RSA diff --git a/crypto/openssl-0.9/ssl/ssl_ciph.c b/crypto/openssl-0.9/ssl/ssl_ciph.c index cdd7a9ae74..496b0d245b 100644 --- a/crypto/openssl-0.9/ssl/ssl_ciph.c +++ b/crypto/openssl-0.9/ssl/ssl_ciph.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by @@ -75,6 +128,11 @@ #define SSL_ENC_AES128_IDX 7 #define SSL_ENC_AES256_IDX 8 #define SSL_ENC_NUM_IDX 9 +#define SSL_ENC_CAMELLIA128_IDX 9 +#define SSL_ENC_CAMELLIA256_IDX 10 +#undef SSL_ENC_NUM_IDX +#define SSL_ENC_NUM_IDX 11 + static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ NULL,NULL,NULL,NULL,NULL,NULL, @@ -141,6 +199,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, @@ -185,6 +244,10 @@ void ssl_load_ciphers(void) EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= EVP_get_cipherbyname(SN_aes_256_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= + EVP_get_cipherbyname(SN_camellia_128_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= + EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -203,36 +266,46 @@ static int sk_comp_cmp(const SSL_COMP * const *a, static void load_builtin_compressions(void) { - if (ssl_comp_methods != NULL) - return; + int got_write_lock = 0; - CRYPTO_w_lock(CRYPTO_LOCK_SSL); + CRYPTO_r_lock(CRYPTO_LOCK_SSL); if (ssl_comp_methods == NULL) { - SSL_COMP *comp = NULL; - - MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) + CRYPTO_r_unlock(CRYPTO_LOCK_SSL); + CRYPTO_w_lock(CRYPTO_LOCK_SSL); + got_write_lock = 1; + + if (ssl_comp_methods == NULL) { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) + SSL_COMP *comp = NULL; + + MemCheck_off(); + ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); + if (ssl_comp_methods != NULL) { - comp->method=COMP_zlib(); - if (comp->method - && comp->method->type == NID_undef) - OPENSSL_free(comp); - else + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { - comp->id=SSL_COMP_ZLIB_IDX; - comp->name=comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods,comp); + comp->method=COMP_zlib(); + if (comp->method + && comp->method->type == NID_undef) + OPENSSL_free(comp); + else + { + comp->id=SSL_COMP_ZLIB_IDX; + comp->name=comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods,comp); + } } } + MemCheck_on(); } - MemCheck_on(); } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + else + CRYPTO_r_unlock(CRYPTO_LOCK_SSL); } #endif @@ -293,6 +366,15 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, default: i=-1; break; } break; + case SSL_CAMELLIA: + switch(c->alg_bits) + { + case 128: i=SSL_ENC_CAMELLIA128_IDX; break; + case 256: i=SSL_ENC_CAMELLIA256_IDX; break; + default: i=-1; break; + } + break; + default: i= -1; break; @@ -381,6 +463,7 @@ static unsigned long ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; + mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -482,7 +565,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, +static void ssl_cipher_apply_rule(unsigned long cipher_id, + unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, int rule, int strength_bits, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) @@ -508,11 +592,19 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, cp = curr->cipher; + /* If explicit cipher suite match that one only */ + + if (cipher_id) + { + if (cp->id != cipher_id) + continue; + } + /* * Selection criteria is either the number of strength_bits * or the algorithm used. */ - if (strength_bits == -1) + else if (strength_bits == -1) { ma = mask & cp->algorithms; ma_s = mask_strength & cp->algo_strength; @@ -543,8 +635,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, { if (!curr->active) { - ll_append_tail(&head, curr, &tail); - curr->active = 1; + int add_this_cipher = 1; + + if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) + { + /* Make sure "ECCdraft" ciphersuites are activated only if + * *explicitly* requested, but not implicitly (such as + * as part of the "AES" alias). */ + + add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; + } + + if (add_this_cipher) + { + ll_append_tail(&head, curr, &tail); + curr->active = 1; + } } } /* Move the added cipher to this location */ @@ -625,7 +731,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, */ for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, + ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i, co_list, head_p, tail_p); OPENSSL_free(number_uses); @@ -639,6 +745,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, unsigned long algorithms, mask, algo_strength, mask_strength; const char *l, *start, *buf; int j, multi, found, rule, retval, ok, buflen; + unsigned long cipher_id = 0; char ch; retval = 1; @@ -728,6 +835,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; + cipher_id = 0; while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && @@ -742,6 +850,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!found) break; /* ignore this entry */ + if (ca_list[j]->valid) + { + cipher_id = ca_list[j]->id; + break; + } + /* New algorithms: * 1 - any old restrictions apply outside new mask * 2 - any new restrictions apply outside old mask @@ -785,7 +899,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, } else if (found) { - ssl_cipher_apply_rule(algorithms, mask, + ssl_cipher_apply_rule(cipher_id, algorithms, mask, algo_strength, mask_strength, rule, -1, co_list, head_p, tail_p); } @@ -1050,6 +1164,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) default: enc="AES(?""?""?)"; break; } break; + case SSL_CAMELLIA: + switch(cipher->strength_bits) + { + case 128: enc="Camellia(128)"; break; + case 256: enc="Camellia(256)"; break; + default: enc="Camellia(?""?""?)"; break; + } + break; + default: enc="unknown"; break; diff --git a/crypto/openssl-0.9/ssl/ssl_err.c b/crypto/openssl-0.9/ssl/ssl_err.c index 282f1a6755..4a4ba68526 100644 --- a/crypto/openssl-0.9/ssl/ssl_err.c +++ b/crypto/openssl-0.9/ssl/ssl_err.c @@ -204,7 +204,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, -{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, +{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_LOAD_CLIENT_CA_FILE"}, {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, @@ -336,7 +336,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, -{ERR_REASON(SSL_R_MASTER_KEY_TOO_LONG) ,"master key too long"}, {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, @@ -375,6 +374,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, +{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, @@ -415,12 +415,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE),"sslv3 alert peer error certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE),"sslv3 alert peer error no certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER),"sslv3 alert peer error no cipher"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"sslv3 alert peer error unsupported certificate type"}, {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE),"sslv3 alert unknown remote error type"}, {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, @@ -472,7 +467,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, -{ERR_REASON(SSL_R_UNSUPPORTED_OPTION) ,"unsupported option"}, {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, diff --git a/crypto/openssl-0.9/ssl/ssl_lib.c b/crypto/openssl-0.9/ssl/ssl_lib.c index dfc1bad52a..28c90fc68e 100644 --- a/crypto/openssl-0.9/ssl/ssl_lib.c +++ b/crypto/openssl-0.9/ssl/ssl_lib.c @@ -1901,7 +1901,7 @@ void ssl_update_cache(SSL *s,int mode) ?s->ctx->stats.sess_connect_good :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) { - SSL_CTX_flush_sessions(s->ctx,time(NULL)); + SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL)); } } } diff --git a/crypto/openssl-0.9/ssl/ssl_locl.h b/crypto/openssl-0.9/ssl/ssl_locl.h index 0bebaf02bc..786d9886b4 100644 --- a/crypto/openssl-0.9/ssl/ssl_locl.h +++ b/crypto/openssl-0.9/ssl/ssl_locl.h @@ -278,7 +278,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x043F8000L +#define SSL_ENC_MASK 0x0C3F8000L #define SSL_DES 0x00008000L #define SSL_3DES 0x00010000L #define SSL_RC4 0x00020000L @@ -287,6 +287,7 @@ #define SSL_eFZA 0x00100000L #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L +#define SSL_CAMELLIA 0x08000000L #define SSL_MAC_MASK 0x00c00000L #define SSL_MD5 0x00400000L @@ -298,7 +299,7 @@ #define SSL_SSLV3 0x02000000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 07ffffff - 5 bits left to go. */ +/* we have used 0fffffff - 4 bits left to go. */ /* * Export and cipher strength information. For each cipher we have to decide diff --git a/crypto/openssl-0.9/ssl/ssl_sess.c b/crypto/openssl-0.9/ssl/ssl_sess.c index 5d00a98a74..2f26593c70 100644 --- a/crypto/openssl-0.9/ssl/ssl_sess.c +++ b/crypto/openssl-0.9/ssl/ssl_sess.c @@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void) ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references=1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time=time(NULL); + ss->time=(unsigned long)time(NULL); ss->prev=NULL; ss->next=NULL; ss->compress_meth=0; @@ -389,7 +389,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); #endif - if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ + if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ { s->ctx->stats.sess_timeout++; /* remove it from the cache */ diff --git a/crypto/openssl-0.9/ssl/t1_enc.c b/crypto/openssl-0.9/ssl/t1_enc.c index c544c76495..e0ce681574 100644 --- a/crypto/openssl-0.9/ssl/t1_enc.c +++ b/crypto/openssl-0.9/ssl/t1_enc.c @@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send) { ii=i=rec->data[l-1]; /* padding_length */ i++; - if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) + /* NB: if compression is in operation the first packet + * may not be of even length so the padding bug check + * cannot be performed. This bug workaround has been + * around since SSLeay so hopefully it is either fixed + * now or no buggy implementation supports compression + * [steve] + */ + if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) + && !s->expand) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, diff --git a/crypto/openssl-0.9/ssl/tls1.h b/crypto/openssl-0.9/ssl/tls1.h index be15445384..e5f9aa1ef6 100644 --- a/crypto/openssl-0.9/ssl/tls1.h +++ b/crypto/openssl-0.9/ssl/tls1.h @@ -78,7 +78,7 @@ extern "C" { #endif -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 @@ -125,51 +125,51 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001). - * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C - * are defined twice so we define ECDH_ECDSA_EXPORT cipher - * suites to use 5B and 5C instead (this may change with future - * updates to the IETF draft). - */ -/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of - * ciphersuites, but does not define numbers for all of them - * because of possible conflicts with other Internet Drafts; - * most numbers are still subject to change. */ -#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 -#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C - -#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D -#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E -#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F -#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054 - -#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055 -#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056 -#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057 -#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A - -/* XXX: ECC ciphersuites offering forward secrecy are not yet specified - * in the ECC/TLS draft but our code allows them to be implemented - * very easily. To add such a cipher suite, one needs to add two constant - * definitions to this file and a new structure in s3_lib.c. We illustrate - * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and - * ECDHE-RSA-AES128-SHA. - */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078 +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 /* XXX * Inconsistency alert: @@ -204,43 +204,57 @@ extern "C" { /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA" #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" -/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for - * illustration only. - */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +/* Camellia ciphersuites form RFC4132 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_ECDSA_SIGN 5 -#define TLS_CT_RSA_FIXED_ECDH 6 -#define TLS_CT_ECDSA_FIXED_ECDH 7 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 #define TLS_CT_NUMBER 7 #define TLS1_FINISH_MAC_LENGTH 12 -- 2.41.0