proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-14 12:27:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update openssl to 1.0.2g

Browse Source 
Signed-off-by: Gary Lin <glin@suse.com>
This commit is contained in:
Gary Lin 2016-03-17 14:59:04 +08:00 committed by Peter Jones
parent 7b9281af14
commit 0297aa3cf3
94 changed files with 1242 additions and 913 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cryptlib/Include/openssl/aes.h
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

42
Cryptlib/Include/openssl/asn1_mac.h
View File

@ -70,7 +70,7 @@ extern "C" {
# endif
# define ASN1_MAC_H_err(f,r,line) \
ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
# define M_ASN1_D2I_vars(a,type,func) \
ASN1_const_CTX c; \
@ -81,7 +81,7 @@ extern "C" {
c.error=ERR_R_NESTED_ASN1_ERROR; \
if ((a == NULL) || ((*a) == NULL)) \
{ if ((ret=(type)func()) == NULL) \
{ c.line=__LINE__; goto err; } } \
{ c.line=OPENSSL_LINE; goto err; } } \
else ret=(*a);
# define M_ASN1_D2I_Init() \
@ -90,7 +90,7 @@ extern "C" {
# define M_ASN1_D2I_Finish_2(a) \
if (!asn1_const_Finish(&c)) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
*(const unsigned char **)pp=c.p; \
if (a != NULL) (*a)=ret; \
return(ret);
@ -105,7 +105,7 @@ err:\
# define M_ASN1_D2I_start_sequence() \
if (!asn1_GetSequence(&c,&length)) \
{ c.line=__LINE__; goto err; }
{ c.line=OPENSSL_LINE; goto err; }
/* Begin reading ASN1 without a surrounding sequence */
# define M_ASN1_D2I_begin() \
c.slen = length;
@ -129,21 +129,21 @@ err:\
# define M_ASN1_D2I_get(b, func) \
c.q=c.p; \
if (func(&(b),&c.p,c.slen) == NULL) \
{c.line=__LINE__; goto err; } \
{c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
/* Don't use this with d2i_ASN1_BOOLEAN() */
# define M_ASN1_D2I_get_x(type,b,func) \
c.q=c.p; \
if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
{c.line=__LINE__; goto err; } \
{c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
/* use this instead () */
# define M_ASN1_D2I_get_int(b,func) \
c.q=c.p; \
if (func(&(b),&c.p,c.slen) < 0) \
{c.line=__LINE__; goto err; } \
{c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
# define M_ASN1_D2I_get_opt(b,func,type) \
@ -164,7 +164,7 @@ err:\
M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
c.q=c.p; \
if (func(&(b),&c.p,c.slen) == NULL) \
{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
{c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
c.slen-=(c.p-c.q);\
M_ASN1_next_prev=_tmp;
@ -258,20 +258,20 @@ err:\
c.q=c.p; \
if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
(void (*)())free_func,a,b) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
c.q=c.p; \
if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
free_func,a,b) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
# define M_ASN1_D2I_get_set_strings(r,func,a,b) \
c.q=c.p; \
if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
c.slen-=(c.p-c.q);
# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
@ -285,16 +285,16 @@ err:\
Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
if (Tinf & 0x80) \
{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
Tlen = c.slen - (c.p - c.q) - 2; \
if (func(&(r),&c.p,Tlen) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
Tlen = c.slen - (c.p - c.q); \
if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
{ c.error=ERR_R_MISSING_ASN1_EOS; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
}\
c.slen-=(c.p-c.q); \
}
@ -310,18 +310,18 @@ err:\
Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
if (Tinf & 0x80) \
{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
Tlen = c.slen - (c.p - c.q) - 2; \
if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
(void (*)())free_func, \
b,V_ASN1_UNIVERSAL) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
Tlen = c.slen - (c.p - c.q); \
if(!ASN1_check_infinite_end(&c.p, Tlen)) \
{ c.error=ERR_R_MISSING_ASN1_EOS; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
}\
c.slen-=(c.p-c.q); \
}
@ -337,17 +337,17 @@ err:\
Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
if (Tinf & 0x80) \
{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
Tlen = c.slen - (c.p - c.q) - 2; \
if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
free_func,b,V_ASN1_UNIVERSAL) == NULL) \
{ c.line=__LINE__; goto err; } \
{ c.line=OPENSSL_LINE; goto err; } \
if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
Tlen = c.slen - (c.p - c.q); \
if(!ASN1_check_infinite_end(&c.p, Tlen)) \
{ c.error=ERR_R_MISSING_ASN1_EOS; \
c.line=__LINE__; goto err; } \
c.line=OPENSSL_LINE; goto err; } \
}\
c.slen-=(c.p-c.q); \
}
@ -355,7 +355,7 @@ err:\
/* New macros */
# define M_ASN1_New_Malloc(ret,type) \
if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
{ c.line=__LINE__; goto err2; }
{ c.line=OPENSSL_LINE; goto err2; }
# define M_ASN1_New(arg,func) \
if (((arg)=func()) == NULL) return(NULL)

12
Cryptlib/Include/openssl/bio.h
View File

@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
/* BIO_s_accept_socket() */
/* BIO_s_accept() */
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
/* BIO_s_accept() and BIO_s_connect() */
# define BIO_do_connect(b) BIO_do_handshake(b)
# define BIO_do_accept(b) BIO_do_handshake(b)
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
/* BIO_s_file() */
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
/* BIO_s_fd() and BIO_s_file() */
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
@ -646,10 +650,10 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
asn1_ps_func **psuffix_free);
# ifndef OPENSSL_NO_FP_API
BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int close_flag);
# ifndef OPENSSL_NO_FP_API
# define BIO_s_file_internal BIO_s_file
# endif
BIO *BIO_new(BIO_METHOD *type);
@ -685,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret);
BIO_METHOD *BIO_s_mem(void);
BIO *BIO_new_mem_buf(void *buf, int len);
BIO *BIO_new_mem_buf(const void *buf, int len);
BIO_METHOD *BIO_s_socket(void);
BIO_METHOD *BIO_s_connect(void);
BIO_METHOD *BIO_s_accept(void);

14
Cryptlib/Include/openssl/bn.h
View File

@ -125,6 +125,7 @@
#ifndef HEADER_BN_H
# define HEADER_BN_H
# include <limits.h>
# include <openssl/e_os2.h>
# ifndef OPENSSL_NO_FP_API
# include <stdio.h> /* FILE */
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
/* library internal functions */
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
# define bn_expand(a,bits) \
( \
bits > (INT_MAX - BN_BITS2 + 1) ? \
NULL \
: \
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
(a) \
: \
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
)
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
# ifndef OPENSSL_NO_DEPRECATED

2
Cryptlib/Include/openssl/camellia.h
View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia.h */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

10
Cryptlib/Include/openssl/conf.h
View File

@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
int CONF_set_default_method(CONF_METHOD *meth);
void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
# ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
long *eline);
# endif
# ifndef OPENSSL_NO_FP_API
LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
long *eline);
@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
void CONF_free(LHASH_OF(CONF_VALUE) *conf);
#ifndef OPENSSL_NO_FP_API
int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
#endif
int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
void OPENSSL_config(const char *config_name);
@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
void NCONF_free(CONF *conf);
void NCONF_free_data(CONF *conf);
# ifndef OPENSSL_NO_STDIO
int NCONF_load(CONF *conf, const char *file, long *eline);
# endif
# ifndef OPENSSL_NO_FP_API
int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
# endif
@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
long *result);
#ifndef OPENSSL_NO_FP_API
int NCONF_dump_fp(const CONF *conf, FILE *out);
#endif
int NCONF_dump_bio(const CONF *conf, BIO *out);
# if 0 /* The following function has no error
@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
int CONF_modules_load(const CONF *cnf, const char *appname,
unsigned long flags);
#ifndef OPENSSL_NO_STDIO
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
#endif
void CONF_modules_unload(int all);
void CONF_modules_finish(void);
void CONF_modules_free(void);

32
Cryptlib/Include/openssl/crypto.h
View File

@ -235,15 +235,15 @@ typedef struct openssl_item_st {
# ifndef OPENSSL_NO_LOCKING
# ifndef CRYPTO_w_lock
# define CRYPTO_w_lock(type) \
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
# define CRYPTO_w_unlock(type) \
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
# define CRYPTO_r_lock(type) \
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
# define CRYPTO_r_unlock(type) \
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
# define CRYPTO_add(addr,amount,type) \
CRYPTO_add_lock(addr,amount,type,NULL,0)
CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
# endif
# else
# define CRYPTO_w_lock(a)
@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
# define is_MemCheck_on() CRYPTO_is_mem_check_on()
# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,NULL,0)
CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_realloc_clean(addr,old_num,num) \
CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_remalloc(addr,num) \
CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_freeFunc CRYPTO_free
# define OPENSSL_free(addr) CRYPTO_free(addr)
# define OPENSSL_malloc_locked(num) \
CRYPTO_malloc_locked((int)num,NULL,0)
CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
const char *SSLeay_version(int type);
@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
# define CRYPTO_push_info(info) \
CRYPTO_push_info_(info, NULL, 0);
CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@ -605,14 +605,14 @@ void OPENSSL_init(void);
# define fips_md_init_ctx(alg, cx) \
int alg##_Init(cx##_CTX *c) \
{ \
if (FIPS_mode()) OpenSSLDie(NULL, 0, \
if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
return private_##alg##_Init(c); \
} \
int private_##alg##_Init(cx##_CTX *c)
# define fips_cipher_abort(alg) \
if (FIPS_mode()) OpenSSLDie(NULL, 0, \
if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
"Low level API call to cipher " #alg " forbidden in FIPS mode!")
# else
@ -628,7 +628,7 @@ void OPENSSL_init(void);
* into a defined order as the return value when a != b is undefined, other
* than to be non-zero.
*/
int CRYPTO_memcmp(const void *a, const void *b, size_t len);
int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
/* BEGIN ERROR CODES */
/*

2
Cryptlib/Include/openssl/des_old.h
View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.h */
/*-
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

5
Cryptlib/Include/openssl/dh.h
View File

@ -174,6 +174,7 @@ struct dh_st {
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
@ -239,11 +240,13 @@ DH *DH_get_1024_160(void);
DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# endif
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@ -336,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
/* KDF types */
# define EVP_PKEY_DH_KDF_NONE 1
# ifndef OPENSSL_NO_CMS
# define EVP_PKEY_DH_KDF_X9_42 2
# endif
/* BEGIN ERROR CODES */
/*

2
Cryptlib/Include/openssl/dso.h
View File

@ -1,4 +1,4 @@
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
/* dso.h */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

66
Cryptlib/Include/openssl/err.h
View File

@ -200,39 +200,39 @@ typedef struct err_state_st {
# define ERR_LIB_USER 128
# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
/*
* Borland C seems too stupid to be able to shift and do longs in the

2
Cryptlib/Include/openssl/evp.h
View File

@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
#ifndef OPENSSL_NO_UI
int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
const char *prompt, int verify);
void EVP_set_pw_prompt(const char *prompt);
char *EVP_get_pw_prompt(void);
#endif
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
const unsigned char *salt, const unsigned char *data,

2
Cryptlib/Include/openssl/kssl.h
View File

@ -1,4 +1,4 @@
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
/* ssl/kssl.h */
/*
* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
* 2000. project 2000.

28
Cryptlib/Include/openssl/opensslconf.h
View File

@ -92,6 +92,9 @@ extern "C" {
#ifndef OPENSSL_NO_POSIX_IO
# define OPENSSL_NO_POSIX_IO
#endif
#ifndef OPENSSL_NO_PQUEUE
# define OPENSSL_NO_PQUEUE
#endif
#ifndef OPENSSL_NO_RC2
# define OPENSSL_NO_RC2
#endif
@ -143,12 +146,18 @@ extern "C" {
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
#ifndef OPENSSL_NO_TS
# define OPENSSL_NO_TS
#endif
#ifndef OPENSSL_NO_UI
# define OPENSSL_NO_UI
#endif
#ifndef OPENSSL_NO_UNIT_TEST
# define OPENSSL_NO_UNIT_TEST
#endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@ -254,6 +263,9 @@ extern "C" {
# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)
# define NO_POSIX_IO
# endif
# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
# define NO_PQUEUE
# endif
# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
# define NO_RC2
# endif
@ -305,12 +317,18 @@ extern "C" {
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
# define NO_TS
# endif
# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
# define NO_UI
# endif
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
# define NO_UNIT_TEST
# endif
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
# define NO_WEAK_SSL_CIPHERS
# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@ -318,6 +336,16 @@ extern "C" {
/* crypto/opensslconf.h.in */
#ifndef OPENSSL_FILE
#ifdef OPENSSL_NO_FILENAMES
#define OPENSSL_FILE ""
#define OPENSSL_LINE 0
#else
#define OPENSSL_FILE __FILE__
#define OPENSSL_LINE __LINE__
#endif
#endif
/* Generate 80386 code? */
#undef I386_ONLY

6
Cryptlib/Include/openssl/opensslv.h
View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1000205fL
# define OPENSSL_VERSION_NUMBER 0x1000207fL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips 3 Dec 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g-fips 1 Mar 2016"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e 3 Dec 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g 1 Mar 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

5
Cryptlib/Include/openssl/pem.h
View File

@ -418,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
pem_password_cb *cd, void *u);
# endif
#ifndef OPENSSL_NO_FP_API
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write(FILE *fp, const char *name, const char *hdr,
@ -429,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
int klen, pem_password_cb *callback, void *u);
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
#endif
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
EVP_MD *md_type, unsigned char **ek, int *ekl,
@ -495,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
#ifndef OPENSSL_NO_FP_API
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen,
pem_password_cb *cb, void *u);
@ -511,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
#endif
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);

11
Cryptlib/Include/openssl/srp.h
View File

@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st {
DECLARE_STACK_OF(SRP_gN_cache)
typedef struct SRP_user_pwd_st {
/* Owned by us. */
char *id;
BIGNUM *s;
BIGNUM *v;
/* Not owned by us. */
const BIGNUM *g;
const BIGNUM *N;
/* Owned by us. */
char *info;
} SRP_user_pwd;
DECLARE_STACK_OF(SRP_user_pwd)
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
typedef struct SRP_VBASE_st {
STACK_OF(SRP_user_pwd) *users_pwd;
STACK_OF(SRP_gN_cache) *gN_cache;
@ -114,8 +119,14 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
int SRP_VBASE_free(SRP_VBASE *vb);
#ifndef OPENSSL_NO_STDIO
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
#endif
/* This method ignores the configured seed and fails for an unknown user. */
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,

5
Cryptlib/Include/openssl/ssl.h
View File

@ -625,7 +625,7 @@ struct ssl_session_st {
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
/* If set, always create a new key when using tmp_ecdh parameters */
# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Does nothing: retained for compatibiity */
# define SSL_OP_EPHEMERAL_RSA 0x0
@ -2092,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_set1_sigalgs_list(ctx, s) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
@ -3056,6 +3056,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SERVERHELLO_TLSEXT 275
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
# define SSL_R_SHORT_READ 219
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
# define SSL_R_SRP_A_CALC 361

33
Cryptlib/Include/openssl/ts.h
View File

@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
TS_REQ *TS_REQ_dup(TS_REQ *a);
#ifndef OPENSSL_NO_FP_API
TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
#endif
TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
#ifndef OPENSSL_NO_FP_API
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
#endif
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
TS_RESP *TS_RESP_new(void);
void TS_RESP_free(TS_RESP *a);
@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
TS_RESP *TS_RESP_dup(TS_RESP *a);
#ifndef OPENSSL_NO_FP_API
TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
#endif
TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
TS_STATUS_INFO *TS_STATUS_INFO_new(void);
void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
long length);
TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
#ifndef OPENSSL_NO_FP_API
TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
#endif
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
TS_ACCURACY *TS_ACCURACY_new(void);
void TS_ACCURACY_free(TS_ACCURACY *a);
@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
* ts/ts_conf.c
*/
#ifndef OPENSSL_NO_STDIO
X509 *TS_CONF_load_cert(const char *file);
STACK_OF(X509) *TS_CONF_load_certs(const char *file);
EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
#endif
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx);
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device);
int TS_CONF_set_default_engine(const char *name);
#ifndef OPENSSL_NO_STDIO
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx);
int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
int TS_CONF_set_signer_key(CONF *conf, const char *section,
const char *key, const char *pass,
TS_RESP_CTX *ctx);
#endif
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx);
int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
# define TS_F_TS_CHECK_SIGNING_CERTS 103
# define TS_F_TS_CHECK_STATUS_INFO 104
# define TS_F_TS_COMPUTE_IMPRINT 145
# define TS_F_TS_CONF_INVALID 151
# define TS_F_TS_CONF_LOAD_CERT 153
# define TS_F_TS_CONF_LOAD_CERTS 154
# define TS_F_TS_CONF_LOAD_KEY 155
# define TS_F_TS_CONF_LOOKUP_FAIL 152
# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
# define TS_F_TS_GET_STATUS_TEXT 105
# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
/* Reason codes. */
# define TS_R_BAD_PKCS7_TYPE 132
# define TS_R_BAD_TYPE 133
# define TS_R_CANNOT_LOAD_CERT 137
# define TS_R_CANNOT_LOAD_KEY 138
# define TS_R_CERTIFICATE_VERIFY_ERROR 100
# define TS_R_COULD_NOT_SET_ENGINE 127
# define TS_R_COULD_NOT_SET_TIME 115
@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
# define TS_R_UNACCEPTABLE_POLICY 125
# define TS_R_UNSUPPORTED_MD_ALGORITHM 126
# define TS_R_UNSUPPORTED_VERSION 113
# define TS_R_VAR_BAD_VALUE 135
# define TS_R_VAR_LOOKUP_FAILURE 136
# define TS_R_WRONG_CONTENT_TYPE 114
#ifdef __cplusplus

2
Cryptlib/Include/openssl/ui.h
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

2
Cryptlib/Include/openssl/ui_compat.h
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

5
Cryptlib/Include/openssl/x509_vfy.h
View File

@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
# define X509_V_OK 0
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
# define X509_V_ERR_UNSPECIFIED 1
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
# define X509_V_ERR_UNABLE_TO_GET_CRL 3
@ -492,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
#ifndef OPENSSL_NO_STDIO
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
#endif
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);

3
Cryptlib/Include/openssl/x509v3.h
View File

@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
#ifndef OPENSSL_NO_FP_API
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
#endif
int X509V3_extensions_print(BIO *out, char *title,
STACK_OF(X509_EXTENSION) *exts,
unsigned long flag, int indent);

2
Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cbc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cfb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_core.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*

2
Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ctr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ecb.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_ige.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ige.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_locl.h
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_misc.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_misc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ofb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/asn1/a_strex.c
View File

@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
return 1;
}
#ifndef OPENSSL_NO_FP_API
static int send_fp_chars(void *arg, const void *buf, int len)
{
if (!arg)
@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
return 0;
return 1;
}
#endif
typedef int char_io (void *arg, const void *buf, int len);

9
Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
View File

@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
OPENSSL_cleanse(pkey->private_key->data, rsalen);
if (cb == NULL)
#ifndef OPENSSL_NO_UI
cb = EVP_read_pw_string;
#else
i = 1;
else
#endif
i = cb((char *)buf, 256, "Enter Private Key password:", 1);
if (i != 0) {
ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
goto err;
}
if (cb == NULL)
#ifndef OPENSSL_NO_UI
cb = EVP_read_pw_string;
#else
goto err;
#endif
if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
goto err;

14
Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
View File

@ -717,7 +717,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
long plen;
char cst, inf, free_cont = 0;
const unsigned char *p;
BUF_MEM buf;
BUF_MEM buf = { 0, NULL, 0 };
const unsigned char *cont = NULL;
long len;
if (!pval) {
@ -793,7 +793,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
} else {
len = p - cont + plen;
p += plen;
buf.data = NULL;
}
} else if (cst) {
if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
@ -802,9 +801,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
return 0;
}
buf.length = 0;
buf.max = 0;
buf.data = NULL;
/* Free any returned 'buf' content */
free_cont = 1;
/*
* Should really check the internal tags are correct but some things
* may get this wrong. The relevant specs say that constructed string
@ -812,18 +811,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
* So instead just check for UNIVERSAL class and ignore the tag.
*/
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
free_cont = 1;
goto err;
}
len = buf.length;
/* Append a final null to string */
if (!BUF_MEM_grow_clean(&buf, len + 1)) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
return 0;
goto err;
}
buf.data[len] = 0;
cont = (const unsigned char *)buf.data;
free_cont = 1;
} else {
cont = p;
len = plen;
@ -831,6 +828,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
}
/* We now have content length and type: translate into a structure */
/* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
goto err;

175
Cryptlib/OpenSSL/crypto/bio/b_print.c
View File

@ -125,16 +125,16 @@
# define LLONG long
#endif
static void fmtstr(char **, char **, size_t *, size_t *,
static int fmtstr(char **, char **, size_t *, size_t *,
const char *, int, int, int);
static void fmtint(char **, char **, size_t *, size_t *,
static int fmtint(char **, char **, size_t *, size_t *,
LLONG, int, int, int, int);
#ifndef OPENSSL_SYS_UEFI
static void fmtfp(char **, char **, size_t *, size_t *,
static int fmtfp(char **, char **, size_t *, size_t *,
LDOUBLE, int, int, int);
#endif
static void doapr_outch(char **, char **, size_t *, size_t *, int);
static void _dopr(char **sbuffer, char **buffer,
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
const char *format, va_list args);
@ -167,7 +167,7 @@ static void _dopr(char **sbuffer, char **buffer,
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
static void
static int
_dopr(char **sbuffer,
char **buffer,
size_t *maxlen,
@ -200,7 +200,8 @@ _dopr(char **sbuffer,
if (ch == '%')
state = DP_S_FLAGS;
else
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
return 0;
ch = *format++;
break;
case DP_S_FLAGS:
@ -308,8 +309,9 @@ _dopr(char **sbuffer,
value = va_arg(args, int);
break;
}
fmtint(sbuffer, buffer, &currlen, maxlen,
value, 10, min, max, flags);
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
max, flags))
return 0;
break;
case 'X':
flags |= DP_F_UP;
@ -332,9 +334,10 @@ _dopr(char **sbuffer,
value = (LLONG) va_arg(args, unsigned int);
break;
}
fmtint(sbuffer, buffer, &currlen, maxlen, value,
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
min, max, flags);
min, max, flags))
return 0;
break;
#ifndef OPENSSL_SYS_UEFI
case 'f':
@ -342,8 +345,9 @@ _dopr(char **sbuffer,
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
fmtfp(sbuffer, buffer, &currlen, maxlen,
fvalue, min, max, flags);
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
flags))
return 0;
break;
case 'E':
flags |= DP_F_UP;
@ -363,8 +367,9 @@ _dopr(char **sbuffer,
break;
#endif
case 'c':
doapr_outch(sbuffer, buffer, &currlen, maxlen,
va_arg(args, int));
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
va_arg(args, int)))
return 0;
break;
case 's':
strvalue = va_arg(args, char *);
@ -374,13 +379,15 @@ _dopr(char **sbuffer,
else
max = *maxlen;
}
fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
flags, min, max);
if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
flags, min, max))
return 0;
break;
case 'p':
value = (long)va_arg(args, void *);
fmtint(sbuffer, buffer, &currlen, maxlen,
value, 16, min, max, flags | DP_F_NUM);
if (!fmtint(sbuffer, buffer, &currlen, maxlen,
value, 16, min, max, flags | DP_F_NUM))
return 0;
break;
case 'n': /* XXX */
if (cflags == DP_C_SHORT) {
@ -402,7 +409,8 @@ _dopr(char **sbuffer,
}
break;
case '%':
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
return 0;
break;
case 'w':
/* not supported yet, treat as next char */
@ -426,46 +434,56 @@ _dopr(char **sbuffer,
*truncated = (currlen > *maxlen - 1);
if (*truncated)
currlen = *maxlen - 1;
doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
return 0;
*retlen = currlen - 1;
return;
return 1;
}
static void
static int
fmtstr(char **sbuffer,
char **buffer,
size_t *currlen,
size_t *maxlen, const char *value, int flags, int min, int max)
{
int padlen, strln;
int padlen;
size_t strln;
int cnt = 0;
if (value == 0)
value = "<NULL>";
for (strln = 0; value[strln]; ++strln) ;
strln = strlen(value);
if (strln > INT_MAX)
strln = INT_MAX;
padlen = min - strln;
if (padlen < 0)
if (min < 0 || padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen;
while ((padlen > 0) && (cnt < max)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
--padlen;
++cnt;
}
while (*value && (cnt < max)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
return 0;
++cnt;
}
while ((padlen < 0) && (cnt < max)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++padlen;
++cnt;
}
return 1;
}
static void
static int
fmtint(char **sbuffer,
char **buffer,
size_t *currlen,
@ -525,37 +543,44 @@ fmtint(char **sbuffer,
/* spaces */
while (spadlen > 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
--spadlen;
}
/* sign */
if (signvalue)
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
return 0;
/* prefix */
while (*prefix) {
doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
return 0;
prefix++;
}
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
return 0;
--zpadlen;
}
}
/* digits */
while (place > 0)
doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
while (place > 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
return 0;
}
/* left justified spaces */
while (spadlen < 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++spadlen;
}
return;
return 1;
}
#ifndef OPENSSL_SYS_UEFI
@ -587,7 +612,7 @@ static long roundv(LDOUBLE value)
return intpart;
}
static void
static int
fmtfp(char **sbuffer,
char **buffer,
size_t *currlen,
@ -666,48 +691,62 @@ fmtfp(char **sbuffer,
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
return 0;
--padlen;
signvalue = 0;
}
while (padlen > 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
return 0;
--padlen;
}
}
while (padlen > 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
--padlen;
}
if (signvalue)
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
return 0;
while (iplace > 0)
doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
while (iplace > 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
return 0;
}
/*
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
if (max > 0 || (flags & DP_F_NUM)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
return 0;
while (fplace > 0)
doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
while (fplace > 0) {
if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
fconvert[--fplace]))
return 0;
}
}
while (zpadlen > 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
return 0;
--zpadlen;
}
while (padlen < 0) {
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++padlen;
}
return 1;
}
#endif
static void
#define BUFFER_INC 1024
static int
doapr_outch(char **sbuffer,
char **buffer, size_t *currlen, size_t *maxlen, int c)
{
@ -718,24 +757,25 @@ doapr_outch(char **sbuffer,
assert(*currlen <= *maxlen);
if (buffer && *currlen == *maxlen) {
*maxlen += 1024;
if (*maxlen > INT_MAX - BUFFER_INC)
return 0;
*maxlen += BUFFER_INC;
if (*buffer == NULL) {
*buffer = OPENSSL_malloc(*maxlen);
if (!*buffer) {
/* Panic! Can't really do anything sensible. Just return */
return;
}
if (*buffer == NULL)
return 0;
if (*currlen > 0) {
assert(*sbuffer != NULL);
memcpy(*buffer, *sbuffer, *currlen);
}
*sbuffer = NULL;
} else {
*buffer = OPENSSL_realloc(*buffer, *maxlen);
if (!*buffer) {
/* Panic! Can't really do anything sensible. Just return */
return;
}
char *tmpbuf;
tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
if (tmpbuf == NULL)
return 0;
*buffer = tmpbuf;
}
}
@ -746,7 +786,7 @@ doapr_outch(char **sbuffer,
(*buffer)[(*currlen)++] = (char)c;
}
return;
return 1;
}
/***************************************************************************/
@ -778,7 +818,11 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
dynbuf = NULL;
CRYPTO_push_info("doapr()");
_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
args)) {
OPENSSL_free(dynbuf);
return -1;
}
if (dynbuf) {
ret = BIO_write(bio, dynbuf, (int)retlen);
OPENSSL_free(dynbuf);
@ -813,7 +857,8 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
size_t retlen;
int truncated;
_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
return -1;
if (truncated)
/*

2
Cryptlib/OpenSSL/crypto/bio/bss_bio.c
View File

@ -1,4 +1,4 @@
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
/* crypto/bio/bss_bio.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*

21
Cryptlib/OpenSSL/crypto/bio/bss_conn.c
View File

@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
int *ip;
const char **pptr;
const char **pptr = NULL;
long ret = 1;
BIO_CONNECT *data;
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_CONNECT:
if (ptr != NULL) {
pptr = (const char **)ptr;
}
if (b->init) {
if (pptr != NULL) {
ret = 1;
if (num == 0) {
*pptr = data->param_hostname;
} else if (num == 1) {
*pptr = data->param_port;
} else if (num == 2) {
*pptr = (char *)&(data->ip[0]);
} else if (num == 3) {
*((int *)ptr) = data->port;
} else {
ret = 0;
}
if ((!b->init) || (ptr == NULL))
}
if (num == 3) {
ret = data->port;
}
} else {
if (pptr != NULL)
*pptr = "not initialized";
ret = 1;
ret = 0;
}
break;
case BIO_C_SET_CONNECT:

2
Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
View File

@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
switch (cmd) {
case BIO_CTRL_RESET:
num = 0;
case BIO_C_FILE_SEEK:
ret = 0;
break;
case BIO_C_FILE_TELL:
case BIO_CTRL_INFO:
ret = 0;
break;

17
Cryptlib/OpenSSL/crypto/bio/bss_file.c
View File

@ -467,23 +467,6 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str)
return (ret);
}
# else
BIO_METHOD *BIO_s_file(void)
{
return NULL;
}
BIO *BIO_new_file(const char *filename, const char *mode)
{
return NULL;
}
BIO *BIO_new_fp(FILE *stream, int close_flag)
{
return NULL;
}
# endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */

6
Cryptlib/OpenSSL/crypto/bio/bss_mem.c
View File

@ -91,7 +91,8 @@ BIO_METHOD *BIO_s_mem(void)
return (&mem_method);
}
BIO *BIO_new_mem_buf(void *buf, int len)
BIO *BIO_new_mem_buf(const void *buf, int len)
{
BIO *ret;
BUF_MEM *b;
@ -105,7 +106,8 @@ BIO *BIO_new_mem_buf(void *buf, int len)
if (!(ret = BIO_new(BIO_s_mem())))
return NULL;
b = (BUF_MEM *)ret->ptr;
b->data = buf;
/* Cast away const and trust in the MEM_RDONLY flag. */
b->data = (void *)buf;
b->length = sz;
b->max = sz;
ret->flags |= BIO_FLAGS_MEM_RDONLY;

14
Cryptlib/OpenSSL/crypto/bn/bn.h
View File

@ -125,6 +125,7 @@
#ifndef HEADER_BN_H
# define HEADER_BN_H
# include <limits.h>
# include <openssl/e_os2.h>
# ifndef OPENSSL_NO_FP_API
# include <stdio.h> /* FILE */
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
/* library internal functions */
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
# define bn_expand(a,bits) \
( \
bits > (INT_MAX - BN_BITS2 + 1) ? \
NULL \
: \
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
(a) \
: \
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
)
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
# ifndef OPENSSL_NO_DEPRECATED

134
Cryptlib/OpenSSL/crypto/bn/bn_exp.c
View File

@ -110,6 +110,7 @@
*/
#include "cryptlib.h"
#include "constant_time_locl.h"
#include "bn_lcl.h"
#include <stdlib.h>
@ -282,9 +283,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(r);
} else {
ret = BN_one(r);
}
return ret;
}
@ -418,7 +424,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else {
ret = BN_one(rr);
}
return ret;
}
@ -595,15 +607,17 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
unsigned char *buf, int idx,
int width)
int window)
{
size_t i, j;
int i, j;
int width = 1 << window;
BN_ULONG *table = (BN_ULONG *)buf;
if (top > b->top)
top = b->top; /* this works because 'buf' is explicitly
* zeroed */
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
buf[j] = ((unsigned char *)b->d)[i];
for (i = 0, j = idx; i < top; i++, j += width) {
table[j] = b->d[i];
}
return 1;
@ -611,15 +625,51 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
unsigned char *buf, int idx,
int width)
int window)
{
size_t i, j;
int i, j;
int width = 1 << window;
volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
if (bn_wexpand(b, top) == NULL)
return 0;
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
((unsigned char *)b->d)[i] = buf[j];
if (window <= 3) {
for (i = 0; i < top; i++, table += width) {
BN_ULONG acc = 0;
for (j = 0; j < width; j++) {
acc |= table[j] &
((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
}
b->d[i] = acc;
}
} else {
int xstride = 1 << (window - 2);
BN_ULONG y0, y1, y2, y3;
i = idx >> (window - 2); /* equivalent of idx / xstride */
idx &= xstride - 1; /* equivalent of idx % xstride */
y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
for (i = 0; i < top; i++, table += width) {
BN_ULONG acc = 0;
for (j = 0; j < xstride; j++) {
acc |= ( (table[j + 0 * xstride] & y0) |
(table[j + 1 * xstride] & y1) |
(table[j + 2 * xstride] & y2) |
(table[j + 3 * xstride] & y3) )
& ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
}
b->d[i] = acc;
}
}
b->top = top;
@ -639,7 +689,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
* precomputation memory layout to limit data-dependency to a minimum to
* protect secret exponents (cf. the hyper-threading timing attacks pointed
* out by Colin Percival,
* http://www.daemong-consideredperthreading-considered-harmful/)
* http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
@ -671,7 +721,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else {
ret = BN_one(rr);
}
return ret;
}
@ -732,8 +788,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (window >= 5) {
window = 5; /* ~5% improvement for RSA2048 sign, and even
* for RSA4096 */
if ((top & 7) == 0)
powerbufLen += 2 * top * sizeof(m->d[0]);
/* reserve space for mont->N.d[] copy */
powerbufLen += top * sizeof(mont->N.d[0]);
}
#endif
(void)0;
@ -954,7 +1010,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BN_ULONG *not_used, const BN_ULONG *np,
const BN_ULONG *n0, int num);
BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2;
BN_ULONG *n0 = mont->n0, *np;
/*
* BN_to_montgomery can contaminate words above .top [in
@ -965,11 +1021,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
for (i = tmp.top; i < top; i++)
tmp.d[i] = 0;
if (top & 7)
np2 = np;
else
for (np2 = am.d + top, i = 0; i < top; i++)
np2[2 * i] = np[i];
/*
* copy mont->N.d[] to improve cache locality
*/
for (np = am.d + top, i = 0; i < top; i++)
np[i] = mont->N.d[i];
bn_scatter5(tmp.d, top, powerbuf, 0);
bn_scatter5(am.d, am.top, powerbuf, 1);
@ -979,7 +1035,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
# if 0
for (i = 3; i < 32; i++) {
/* Calculate a^i = a^(i-1) * a */
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
bn_scatter5(tmp.d, top, powerbuf, i);
}
# else
@ -990,7 +1046,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
for (i = 3; i < 8; i += 2) {
int j;
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
bn_scatter5(tmp.d, top, powerbuf, i);
for (j = 2 * i; j < 32; j *= 2) {
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
@ -998,13 +1054,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
}
for (; i < 16; i += 2) {
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
bn_scatter5(tmp.d, top, powerbuf, i);
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
bn_scatter5(tmp.d, top, powerbuf, 2 * i);
}
for (; i < 32; i += 2) {
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
bn_scatter5(tmp.d, top, powerbuf, i);
}
# endif
@ -1033,11 +1089,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
while (bits >= 0) {
wvalue = bn_get_bits5(p->d, bits - 4);
bits -= 5;
bn_power5(tmp.d, tmp.d, powerbuf, np2, n0, top, wvalue);
bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
}
}
ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np2, n0, top);
ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
tmp.top = top;
bn_correct_top(&tmp);
if (ret) {
@ -1048,9 +1104,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
} else
#endif
{
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
goto err;
/*
@ -1062,15 +1118,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (window > 1) {
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
(&tmp, top, powerbuf, 2, numPowers))
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
window))
goto err;
for (i = 3; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
(&tmp, top, powerbuf, i, numPowers))
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
window))
goto err;
}
}
@ -1078,8 +1134,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
bits--;
for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
(&tmp, top, powerbuf, wvalue, numPowers))
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
window))
goto err;
/*
@ -1099,8 +1155,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/*
* Fetch the appropriate pre-computed value from the pre-buf
*/
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
(&am, top, powerbuf, wvalue, numPowers))
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
window))
goto err;
/* Multiply the result into the intermediate result */
@ -1182,8 +1238,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else
} else {
ret = BN_one(rr);
}
return ret;
}
if (a == 0) {
@ -1297,9 +1354,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(r);
} else {
ret = BN_one(r);
}
return ret;
}

14
Cryptlib/OpenSSL/crypto/bn/bn_prime.c
View File

@ -131,7 +131,7 @@
static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
const BIGNUM *a1_odd, int k, BN_CTX *ctx,
BN_MONT_CTX *mont);
static int probable_prime(BIGNUM *rnd, int bits);
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
static int probable_prime_dh(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem,
BN_CTX *ctx);
@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
BIGNUM *t;
int found = 0;
int i, j, c1 = 0;
BN_CTX *ctx;
BN_CTX *ctx = NULL;
prime_t *mods = NULL;
int checks = BN_prime_checks_for_size(bits);
mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
if (mods == NULL)
goto err;
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL) {
if (!probable_prime(ret, bits))
if (!probable_prime(ret, bits, mods))
goto err;
} else {
if (safe) {
@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
/* we have a prime :-) */
found = 1;
err:
OPENSSL_free(mods);
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
return 1;
}
static int probable_prime(BIGNUM *rnd, int bits)
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
{
int i;
prime_t mods[NUMPRIMES];
BN_ULONG delta, maxdelta;
again:

17
Cryptlib/OpenSSL/crypto/bn/bn_print.c
View File

@ -58,6 +58,7 @@
#include <stdio.h>
#include <ctype.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include "bn_lcl.h"
@ -189,7 +190,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
a++;
}
for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
continue;
if (i > INT_MAX/4)
goto err;
num = i + neg;
if (bn == NULL)
@ -204,7 +209,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
BN_zero(ret);
}
/* i is the number of hex digests; */
/* i is the number of hex digits */
if (bn_expand(ret, i * 4) == NULL)
goto err;
@ -260,7 +265,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
a++;
}
for (i = 0; isdigit((unsigned char)a[i]); i++) ;
for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
continue;
if (i > INT_MAX/4)
goto err;
num = i + neg;
if (bn == NULL)
@ -278,7 +287,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
BN_zero(ret);
}
/* i is the number of digests, a bit of an over expand; */
/* i is the number of digits, a bit of an over expand */
if (bn_expand(ret, i * 4) == NULL)
goto err;

1
Cryptlib/OpenSSL/crypto/bn/bn_recp.c
View File

@ -65,6 +65,7 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp)
BN_init(&(recp->N));
BN_init(&(recp->Nr));
recp->num_bits = 0;
recp->shift = 0;
recp->flags = 0;
}

8
Cryptlib/OpenSSL/crypto/cmac/cmac.c
View File

@ -160,6 +160,14 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
return 0;
}
/* Switch to FIPS cipher implementation if possible */
if (cipher != NULL) {
const EVP_CIPHER *fcipher;
fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
if (fcipher != NULL)
cipher = fcipher;
}
/*
* Other algorithm blocking will be done in FIPS_cmac_init, via
* FIPS_cipherinit().

5
Cryptlib/OpenSSL/crypto/conf/conf_def.c
View File

@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
static int def_load(CONF *conf, const char *name, long *line)
{
#ifdef OPENSSL_NO_STDIO
CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
return 0;
#else
int ret;
BIO *in = NULL;
@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
BIO_free(in);
return ret;
#endif
}
static int def_load_bio(CONF *conf, BIO *in, long *line)

4
Cryptlib/OpenSSL/crypto/conf/conf_lib.c
View File

@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
return 1;
}
#ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
long *eline)
{
@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
return ltmp;
}
#endif
#ifndef OPENSSL_NO_FP_API
LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
conf->meth->destroy_data(conf);
}
#ifndef OPENSSL_NO_STDIO
int NCONF_load(CONF *conf, const char *file, long *eline)
{
if (conf == NULL) {
@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
return conf->meth->load(conf, file, eline);
}
#endif
#ifndef OPENSSL_NO_FP_API
int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)

2
Cryptlib/OpenSSL/crypto/conf/conf_mod.c
View File

@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
}
#ifndef OPENSSL_NO_STDIO
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags)
{
@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
return ret;
}
#endif
static int module_run(const CONF *cnf, char *name, char *value,
unsigned long flags)

2
Cryptlib/OpenSSL/crypto/conf/conf_sap.c
View File

@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
ENGINE_load_builtin_engines();
#endif
ERR_clear_error();
#ifndef OPENSSL_NO_STDIO
CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
#endif
openssl_configured = 1;
}

17
Cryptlib/OpenSSL/crypto/cryptlib.c
View File

@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
return (0);
}
pointer->references = 1;
pointer->data = dynlock_create_callback(__FILE__, __LINE__);
pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
if (pointer->data == NULL) {
OPENSSL_free(pointer);
CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
if (i == -1) {
dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
OPENSSL_free(pointer);
} else
i += 1; /* to avoid 0 */
@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
if (pointer) {
dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
OPENSSL_free(pointer);
}
}
@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
}
# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
#include <stdio.h>
# define OPENSSL_CPUID_SETUP
# if defined(_WIN32)
typedef unsigned __int64 IA32CAP;
@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
#else
void OPENSSL_showfatal(const char *fmta, ...)
{
#ifndef OPENSSL_NO_STDIO
va_list ap;
va_start(ap, fmta);
vfprintf(stderr, fmta, ap);
va_end(ap);
#endif
}
int OPENSSL_isservice(void)
@ -1011,16 +1014,18 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
#endif
}
#ifndef OPENSSL_NO_STDIO
void *OPENSSL_stderr(void)
{
return stderr;
}
#endif
int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
{
size_t i;
const unsigned char *a = in_a;
const unsigned char *b = in_b;
const volatile unsigned char *a = in_a;
const volatile unsigned char *b = in_b;
unsigned char x = 0;
for (i = 0; i < len; i++)

2
Cryptlib/OpenSSL/crypto/cryptlib.h
View File

@ -101,7 +101,9 @@ extern "C" {
void OPENSSL_cpuid_setup(void);
extern unsigned int OPENSSL_ia32cap_P[];
void OPENSSL_showfatal(const char *fmta, ...);
#ifndef OPENSSL_NO_STDIO
void *OPENSSL_stderr(void);
#endif
extern int OPENSSL_NONPIC_relocated;
#ifdef __cplusplus

2
Cryptlib/OpenSSL/crypto/des/des_old.c
View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.c */
/*-
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

2
Cryptlib/OpenSSL/crypto/des/des_old2.c
View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.c */
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The

4
Cryptlib/OpenSSL/crypto/des/read2pwd.c
View File

@ -114,6 +114,10 @@
#include <openssl/ui.h>
#include <openssl/crypto.h>
#ifndef BUFSIZ
#define BUFSIZ 256
#endif
int DES_read_password(DES_cblock *key, const char *prompt, int verify)
{
int ok;

34
Cryptlib/OpenSSL/crypto/dh/dh_check.c
View File

@ -151,23 +151,37 @@ int DH_check(const DH *dh, int *ret)
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
int ok = 0;
BIGNUM *q = NULL;
BIGNUM *tmp = NULL;
BN_CTX *ctx = NULL;
*ret = 0;
q = BN_new();
if (q == NULL)
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
BN_set_word(q, 1);
if (BN_cmp(pub_key, q) <= 0)
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL || !BN_set_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) <= 0)
*ret |= DH_CHECK_PUBKEY_TOO_SMALL;
BN_copy(q, dh->p);
BN_sub_word(q, 1);
if (BN_cmp(pub_key, q) >= 0)
if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) >= 0)
*ret |= DH_CHECK_PUBKEY_TOO_LARGE;
if (dh->q != NULL) {
/* Check pub_key^q == 1 mod p */
if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
goto err;
if (!BN_is_one(tmp))
*ret |= DH_CHECK_PUBKEY_INVALID;
}
ok = 1;
err:
if (q != NULL)
BN_free(q);
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return (ok);
}

16
Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c
View File

@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DH_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
#ifdef OPENSSL_NO_CMS
if (p1 != EVP_PKEY_DH_KDF_NONE)
#else
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
#endif
return -2;
dctx->kdf_type = p1;
return 1;
@ -448,10 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
*keylen = ret;
return 1;
} else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
#ifdef OPENSSL_NO_CMS
return 0;
#else
}
#ifndef OPENSSL_NO_CMS
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
unsigned char *Z = NULL;
size_t Zlen = 0;
if (!dctx->kdf_outlen || !dctx->kdf_oid)
@ -481,9 +485,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
OPENSSL_free(Z);
}
return ret;
#endif
}
return 1;
#endif
return 0;
}
const EVP_PKEY_METHOD dh_pkey_meth = {

2
Cryptlib/OpenSSL/crypto/dso/dso_dl.c
View File

@ -1,4 +1,4 @@
/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_dl.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2000.

2
Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
View File

@ -1,4 +1,4 @@
/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_dlfcn.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

3
Cryptlib/OpenSSL/crypto/dso/dso_lib.c
View File

@ -1,4 +1,4 @@
/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_lib.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
@ -122,6 +122,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
ret->meth = meth;
ret->references = 1;
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
sk_void_free(ret->meth_data);
OPENSSL_free(ret);
ret = NULL;
}

2
Cryptlib/OpenSSL/crypto/dso/dso_vms.c
View File

@ -1,4 +1,4 @@
/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_vms.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2000.

2
Cryptlib/OpenSSL/crypto/dso/dso_win32.c
View File

@ -1,4 +1,4 @@
/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_win32.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

2
Cryptlib/OpenSSL/crypto/evp/e_camellia.c
View File

@ -1,4 +1,4 @@
/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_camellia.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

11
Cryptlib/OpenSSL/crypto/evp/e_des.c
View File

@ -71,12 +71,13 @@ typedef struct {
DES_key_schedule ks;
} ks;
union {
void (*cbc) (const void *, void *, size_t, const void *, void *);
void (*cbc) (const void *, void *, size_t,
const DES_key_schedule *, unsigned char *);
} stream;
} EVP_DES_KEY;
# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
/* ---------^^^ this is not a typo, just a way to detect that
/* ----------^^^ this is not a typo, just a way to detect that
* assembler support was in general requested... */
# include "sparc_arch.h"
@ -86,9 +87,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
void des_t4_key_expand(const void *key, DES_key_schedule *ks);
void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
DES_key_schedule *ks, unsigned char iv[8]);
const DES_key_schedule *ks, unsigned char iv[8]);
void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
DES_key_schedule *ks, unsigned char iv[8]);
const DES_key_schedule *ks, unsigned char iv[8]);
# endif
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -130,7 +131,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
if (dat->stream.cbc) {
if (dat->stream.cbc != NULL) {
(*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
return 1;
}

13
Cryptlib/OpenSSL/crypto/evp/e_des3.c
View File

@ -75,7 +75,8 @@ typedef struct {
DES_key_schedule ks[3];
} ks;
union {
void (*cbc) (const void *, void *, size_t, const void *, void *);
void (*cbc) (const void *, void *, size_t,
const DES_key_schedule *, unsigned char *);
} stream;
} DES_EDE_KEY;
# define ks1 ks.ks[0]
@ -93,9 +94,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
void des_t4_key_expand(const void *key, DES_key_schedule *ks);
void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
DES_key_schedule *ks, unsigned char iv[8]);
const DES_key_schedule ks[3], unsigned char iv[8]);
void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
DES_key_schedule *ks, unsigned char iv[8]);
const DES_key_schedule ks[3], unsigned char iv[8]);
# endif
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -162,7 +163,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
# endif /* KSSL_DEBUG */
if (dat->stream.cbc) {
(*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv);
(*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv);
return 1;
}
@ -395,7 +396,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
int rv = -1;
if (inl < 24)
return -1;
if (!out)
if (out == NULL)
return inl - 16;
memcpy(ctx->iv, wrap_iv, 8);
/* Decrypt first block which will end up as icv */
@ -438,7 +439,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char sha1tmp[SHA_DIGEST_LENGTH];
if (!out)
if (out == NULL)
return inl + 16;
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + 8, in, inl);

2
Cryptlib/OpenSSL/crypto/evp/e_old.c
View File

@ -1,4 +1,4 @@
/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_old.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2004.

2
Cryptlib/OpenSSL/crypto/evp/e_seed.c
View File

@ -1,4 +1,4 @@
/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_seed.c */
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/evp/evp_key.c
View File

@ -63,6 +63,7 @@
#include <openssl/evp.h>
#include <openssl/ui.h>
#ifndef OPENSSL_NO_UI
/* should be init to zeros. */
static char prompt_string[80];
@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
OPENSSL_cleanse(buff, BUFSIZ);
return ret;
}
#endif /* OPENSSL_NO_UI */
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
const unsigned char *salt, const unsigned char *data,

2
Cryptlib/OpenSSL/crypto/mem_clr.c
View File

@ -1,4 +1,4 @@
/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/mem_clr.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2002.

41
Cryptlib/OpenSSL/crypto/modes/ctr128.c
View File

@ -67,23 +67,20 @@
/* increment counter (128-bit int) by 1 */
static void ctr128_inc(unsigned char *counter)
{
u32 n = 16;
u8 c;
u32 n = 16, c = 1;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c)
return;
c += counter[n];
counter[n] = (u8)c;
c >>= 8;
} while (n);
}
#if !defined(OPENSSL_SMALL_FOOTPRINT)
static void ctr128_inc_aligned(unsigned char *counter)
{
size_t *data, c, n;
size_t *data, c, d, n;
const union {
long one;
char little;
@ -91,20 +88,19 @@ static void ctr128_inc_aligned(unsigned char *counter)
1
};
if (is_endian.little) {
if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
ctr128_inc(counter);
return;
}
data = (size_t *)counter;
c = 1;
n = 16 / sizeof(size_t);
do {
--n;
c = data[n];
++c;
data[n] = c;
if (c)
return;
d = data[n] += c;
/* did addition carry? */
c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
} while (n);
}
#endif
@ -144,14 +140,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
}
# if defined(STRICT_ALIGNMENT)
if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
0)
if (((size_t)in | (size_t)out | (size_t)ecount_buf)
% sizeof(size_t) != 0)
break;
# endif
while (len >= 16) {
(*block) (ivec, ecount_buf, key);
ctr128_inc_aligned(ivec);
for (; n < 16; n += sizeof(size_t))
for (n = 0; n < 16; n += sizeof(size_t))
*(size_t *)(out + n) =
*(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
len -= 16;
@ -189,16 +185,13 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
/* increment upper 96 bits of 128-bit counter by 1 */
static void ctr96_inc(unsigned char *counter)
{
u32 n = 12;
u8 c;
u32 n = 12, c = 1;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c)
return;
c += counter[n];
counter[n] = (u8)c;
c >>= 8;
} while (n);
}

2
Cryptlib/OpenSSL/crypto/o_dir.c
View File

@ -1,4 +1,4 @@
/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_dir.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2004.

2
Cryptlib/OpenSSL/crypto/o_dir.h
View File

@ -1,4 +1,4 @@
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_dir.h */
/*
* Copied from Richard Levitte's (richard@levitte.org) LP library. All
* symbol names have been changed, with permission from the author.

2
Cryptlib/OpenSSL/crypto/o_str.c
View File

@ -1,4 +1,4 @@
/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_str.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2003.

2
Cryptlib/OpenSSL/crypto/o_str.h
View File

@ -1,4 +1,4 @@
/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_str.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2003.

2
Cryptlib/OpenSSL/crypto/o_time.c
View File

@ -1,4 +1,4 @@
/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_time.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

2
Cryptlib/OpenSSL/crypto/o_time.h
View File

@ -1,4 +1,4 @@
/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/o_time.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

2
Cryptlib/OpenSSL/crypto/pem/pem_lib.c
View File

@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
int PEM_def_callback(char *buf, int num, int w, void *key)
{
#ifdef OPENSSL_NO_FP_API
#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)
/*
* We should not ever call the default callback routine from windows.
*/

4
Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
View File

@ -69,10 +69,12 @@
static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
#ifndef OPENSSL_NO_FP_API
static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
#endif
/*
* These functions write a private key in PKCS#8 format: it is a "drop in"
* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'

54
Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
View File

@ -64,6 +64,9 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#define BUFFERSIZE 4096
static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
@ -255,7 +258,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
char *buf = NULL;
int bufsiz;
int i, j = 0, k, ret = 0;
BIO *p7bio = NULL;
BIO *tmpin = NULL, *tmpout = NULL;
@ -275,6 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
return 0;
}
#if 0
/*
* NB: this test commented out because some versions of Netscape
* illegally include zero length content when signing data. Also
* Microsoft Authenticode includes a SpcIndirectDataContent data
* structure which describes the content to be protected by the
* signature, rather than directly embedding that content. So
* Authenticode implementations are also expected to use
* PKCS7_verify() with explicit external data, on non-detached
* PKCS#7 signatures.
*
* In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
* introduced to disable this sanity check. For the 1.0.2 branch
* this change is not acceptable, so the check remains completely
* commented out (as it has been for a long time).
*/
/* Check for data and content: two sets of data */
if (!PKCS7_get_detached(p7) && indata) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
return 0;
}
#endif
sinfos = PKCS7_get_signer_info(p7);
@ -350,14 +375,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
} else
tmpout = out;
bufsiz = 4096;
buf = OPENSSL_malloc(bufsiz);
if (buf == NULL) {
/* We now have to 'read' from p7bio to calculate digests etc. */
if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;) {
i = BIO_read(p7bio, buf, bufsiz);
i = BIO_read(p7bio, buf, BUFFERSIZE);
if (i <= 0)
break;
if (tmpout)
@ -388,16 +412,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ret = 1;
err:
OPENSSL_free(buf);
if (tmpin == indata) {
if (indata)
BIO_pop(p7bio);
}
BIO_free_all(p7bio);
sk_X509_free(signers);
if (buf != NULL) {
OPENSSL_free(buf);
}
return ret;
}
@ -510,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{
BIO *tmpmem;
int ret, i;
char buf[4096];
char *buf = NULL;
if (!p7) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@ -554,9 +575,13 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
}
BIO_free_all(bread);
return ret;
} else {
}
if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
for (;;) {
i = BIO_read(tmpmem, buf, sizeof(buf));
i = BIO_read(tmpmem, buf, BUFFERSIZE);
if (i <= 0) {
ret = 1;
if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
@ -571,7 +596,8 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
break;
}
}
err:
OPENSSL_free(buf);
BIO_free_all(tmpmem);
return ret;
}
}

2
Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c
View File

@ -1,4 +1,4 @@
/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/rc4/rc4_utl.c */
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*

4
Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
View File

@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2;
}
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash)
{
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss;
}
#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;
@ -864,9 +864,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
X509_ALGOR_free(maskHash);
return rv;
}
#endif
#ifndef OPENSSL_NO_CMS
static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
{
const EVP_MD *md, *mgf1md;

2
Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
View File

@ -1,4 +1,4 @@
/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
/* crypto/rsa/rsa_chk.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/stack/stack.c
View File

@ -360,7 +360,7 @@ void *sk_set(_STACK *st, int i, void *value)
void sk_sort(_STACK *st)
{
if (st && !st->sorted) {
if (st && !st->sorted && st->comp != NULL) {
int (*comp_func) (const void *, const void *);
/*

2
Cryptlib/OpenSSL/crypto/ui/ui_compat.c
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui_compat.c */
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*

2
Cryptlib/OpenSSL/crypto/ui/ui_lib.c
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui_lib.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

2
Cryptlib/OpenSSL/crypto/ui/ui_locl.h
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

6
Cryptlib/OpenSSL/crypto/ui/ui_util.c
View File

@ -1,4 +1,4 @@
/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui_util.c */
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
@ -56,6 +56,10 @@
#include <string.h>
#include "ui_locl.h"
#ifndef BUFSIZ
#define BUFSIZ 256
#endif
int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
int verify)
{

109
Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
View File

@ -194,6 +194,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
int num, j, retry;
int (*cb) (int xok, X509_STORE_CTX *xctx);
STACK_OF(X509) *sktmp = NULL;
int trust = X509_TRUST_UNTRUSTED;
int err;
if (ctx->cert == NULL) {
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
return -1;
@ -216,7 +219,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (((ctx->chain = sk_X509_new_null()) == NULL) ||
(!sk_X509_push(ctx->chain, ctx->cert))) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
goto end;
ok = -1;
goto err;
}
CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
ctx->last_untrusted = 1;
@ -225,7 +229,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->untrusted != NULL
&& (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
goto end;
ok = -1;
goto err;
}
num = sk_X509_num(ctx->chain);
@ -249,7 +254,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0)
goto end;
goto err;
/*
* If successful for now free up cert so it will be picked up
* again later.
@ -266,7 +271,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (xtmp != NULL) {
if (!sk_X509_push(ctx->chain, xtmp)) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
goto end;
ok = -1;
goto err;
}
CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
(void)sk_X509_delete_ptr(sktmp, xtmp);
@ -314,7 +320,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
bad_chain = 1;
ok = cb(0, ctx);
if (!ok)
goto end;
goto err;
} else {
/*
* We have a match: replace certificate with store
@ -347,25 +353,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0)
goto end;
goto err;
if (ok == 0)
break;
x = xtmp;
if (!sk_X509_push(ctx->chain, x)) {
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
ok = 0;
goto end;
ok = -1;
goto err;
}
num++;
}
/* we now have our chain, lets check it... */
i = check_trust(ctx);
if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) {
/* Callback already issued */
ok = 0;
goto err;
}
/* If explicitly rejected error */
if (i == X509_TRUST_REJECTED)
goto end;
/*
* If it's not explicitly trusted then check if there is an alternative
* chain that could be used. We only do this if we haven't already
@ -373,14 +380,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* chain checking
*/
retry = 0;
if (i != X509_TRUST_TRUSTED
if (trust != X509_TRUST_TRUSTED
&& !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
&& !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
if (ok < 0)
goto end;
goto err;
/* Check if we found an alternate chain */
if (ok > 0) {
/*
@ -410,7 +417,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* self signed certificate in which case we've indicated an error already
* and set bad_chain == 1
*/
if (i != X509_TRUST_TRUSTED && !bad_chain) {
if (trust != X509_TRUST_TRUSTED && !bad_chain) {
if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
if (ctx->last_untrusted >= num)
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@ -431,26 +438,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
bad_chain = 1;
ok = cb(0, ctx);
if (!ok)
goto end;
goto err;
}
/* We have the chain complete: now we need to check its purpose */
ok = check_chain_extensions(ctx);
if (!ok)
goto end;
goto err;
/* Check name constraints */
ok = check_name_constraints(ctx);
if (!ok)
goto end;
goto err;
ok = check_id(ctx);
if (!ok)
goto end;
goto err;
/* We may as well copy down any DSA parameters that are required */
X509_get_pubkey_parameters(NULL, ctx->chain);
@ -462,16 +469,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = ctx->check_revocation(ctx);
if (!ok)
goto end;
goto err;
i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
ctx->param->flags);
if (i != X509_V_OK) {
ctx->error = i;
if (err != X509_V_OK) {
ctx->error = err;
ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
ok = cb(0, ctx);
if (!ok)
goto end;
goto err;
}
/* At this point, we have a chain and need to verify it */
@ -480,25 +487,28 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
else
ok = internal_verify(ctx);
if (!ok)
goto end;
goto err;
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
goto end;
goto err;
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
goto err;
#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
ok = ctx->check_policy(ctx);
if (!ok)
goto end;
goto err;
if (0) {
end:
err:
/* Ensure we return an error */
if (ok > 0)
ok = 0;
X509_get_pubkey_parameters(NULL, ctx->chain);
}
if (sktmp != NULL)
@ -2287,9 +2297,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx->current_reasons = 0;
ctx->tree = NULL;
ctx->parent = NULL;
/* Zero ex_data to make sure we're cleanup-safe */
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
ctx->param = X509_VERIFY_PARAM_new();
if (!ctx->param) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
@ -2298,7 +2309,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
/*
* Inherit callbacks and flags from X509_STORE if not set use defaults.
*/
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
@ -2306,6 +2316,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if (store) {
ctx->verify_cb = store->verify_cb;
/* Seems to always be 0 in OpenSSL, else must be idempotent */
ctx->cleanup = store->cleanup;
} else
ctx->cleanup = 0;
@ -2316,7 +2327,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if (ret == 0) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
goto err;
}
if (store && store->check_issued)
@ -2371,19 +2382,18 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx->check_policy = check_policy;
/*
* This memset() can't make any sense anyway, so it's removed. As
* X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
* corresponding "new" here and remove this bogus initialisation.
*/
/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
&(ctx->ex_data))) {
OPENSSL_free(ctx);
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
&ctx->ex_data))
return 1;
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
err:
/*
* On error clean up allocated storage, if the store context was not
* allocated with X509_STORE_CTX_new() this is our last chance to do so.
*/
X509_STORE_CTX_cleanup(ctx);
return 0;
}
/*
@ -2399,8 +2409,17 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
{
if (ctx->cleanup)
/*
* We need to be idempotent because, unfortunately, free() also calls
* cleanup(), so the natural call sequence new(), init(), cleanup(), free()
* calls cleanup() for the same object twice! Thus we must zero the
* pointers below after they're freed!
*/
/* Seems to always be 0 in OpenSSL, do this at most once. */
if (ctx->cleanup != NULL) {
ctx->cleanup(ctx);
ctx->cleanup = NULL;
}
if (ctx->param != NULL) {
if (ctx->parent == NULL)
X509_VERIFY_PARAM_free(ctx->param);

4
Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
View File

@ -94,11 +94,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
* Refuse names with embedded NUL bytes, except perhaps as final byte.
* XXX: Do we need to push an error onto the error stack?
*/
if (namelen == 0)
if (namelen == 0 || name == NULL)
namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
return 0;
if (name && name[namelen - 1] == '\0')
if (namelen > 0 && name[namelen - 1] == '\0')
--namelen;
if (mode == SET_HOST && id->hosts) {

2
Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h
View File

@ -127,7 +127,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_idp,
&v3_alt[2],
&v3_freshest_crl,
#ifndef OPENSSL_SYS_UEFI
#ifndef OPENSSL_NO_SCT
&v3_ct_scts[0],
&v3_ct_scts[1],
#endif

4
Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
View File

@ -1,4 +1,4 @@
/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
/* v3_pci.c */
/*
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (richard@levitte.org)
@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
goto err;
}
OPENSSL_free(tmp_data2);
#ifndef OPENSSL_NO_STDIO
} else if (strncmp(val->value, "file:", 5) == 0) {
unsigned char buf[2048];
int n;
@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
X509V3_conf_err(val);
goto err;
}
#endif /* !OPENSSL_NO_STDIO */
} else if (strncmp(val->value, "text:", 5) == 0) {
val_len = strlen(val->value + 5);
tmp_data = OPENSSL_realloc((*policy)->data,

2
Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
View File

@ -1,4 +1,4 @@
/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
/* v3_pcia.c */
/*
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (richard@levitte.org)

3
Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
View File

@ -841,7 +841,8 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
state = LABEL_START;
++dots;
} else if (p[i] == '-') {
if ((state & LABEL_HYPHEN) != 0)
/* no domain/subdomain starts with '-' */
if ((state & LABEL_START) != 0)
return NULL;
state |= LABEL_HYPHEN;
} else