proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-10-31 08:49:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update OpenSSL

Browse Source
This commit is contained in:
Matthew Garrett 2012-07-02 12:33:42 -04:00
parent 5b1bf5583c
commit e21cbf4d9b
137 changed files with 2292 additions and 1811 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Cryptlib/Include/openssl/asn1.h
View File

@ -344,6 +344,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
((void*) (1 ? p : (type*)0))
#define CHECKED_PPTR_OF(type, p) \
((void**) (1 ? p : (type**)0))
#define CHECKED_PTR_OF_TO_CHAR(type, p) \
((char*) (1 ? p : (type*)0))
#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
@ -933,12 +935,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
#define ASN1_dup_of(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
CHECKED_D2I_OF(type, d2i), \
CHECKED_PTR_OF(type, x)))
CHECKED_PTR_OF_TO_CHAR(type, x)))
#define ASN1_dup_of_const(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
CHECKED_D2I_OF(type, d2i), \
CHECKED_PTR_OF(const type, x)))
CHECKED_PTR_OF_TO_CHAR(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
@ -1049,7 +1051,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask);
int ASN1_STRING_set_default_mask_asc(char *p);
int ASN1_STRING_set_default_mask_asc(const char *p);
unsigned long ASN1_STRING_get_default_mask(void);
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask);
@ -1158,7 +1160,6 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_VERIFY 137
#define ASN1_F_B64_READ_ASN1 208
#define ASN1_F_B64_WRITE_ASN1 209
#define ASN1_F_BIO_NEW_NDEF 212
#define ASN1_F_BITSTR_CB 180
#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
#define ASN1_F_BN_TO_ASN1_INTEGER 139
@ -1264,6 +1265,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_INVALID_MIME_TYPE 200
#define ASN1_R_INVALID_MODIFIER 186
#define ASN1_R_INVALID_NUMBER 187
#define ASN1_R_INVALID_OBJECT_ENCODING 212
#define ASN1_R_INVALID_SEPARATOR 131
#define ASN1_R_INVALID_TIME_FORMAT 132
#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133

19
Cryptlib/Include/openssl/bio.h
View File

@ -145,6 +145,7 @@ extern "C" {
/* #endif */
#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
* MTU. want to use this
@ -156,8 +157,11 @@ extern "C" {
* previous write
* operation */
#define BIO_CTRL_DGRAM_GET_PEER 46
#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
/* modifiers */
#define BIO_FP_READ 0x02
@ -318,6 +322,15 @@ DECLARE_STACK_OF(BIO)
typedef struct bio_f_buffer_ctx_struct
{
/* Buffers are setup like this:
*
* <---------------------- size ----------------------->
* +---------------------------------------------------+
* | consumed | remaining | free space |
* +---------------------------------------------------+
* <-- off --><------- len ------->
*/
/* BIO *bio; */ /* this is now in the BIO struct */
int ibuf_size; /* how big is the input buffer */
int obuf_size; /* how big is the output buffer */
@ -405,7 +418,7 @@ typedef struct bio_f_buffer_ctx_struct
#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@ -414,7 +427,7 @@ typedef struct bio_f_buffer_ctx_struct
#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
#define BIO_BIND_NORMAL 0
@ -541,6 +554,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
#define BIO_dgram_send_timedout(b) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
#define BIO_dgram_get_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)

12
Cryptlib/Include/openssl/cast.h
View File

@ -87,17 +87,17 @@ typedef struct cast_key_st
void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
#endif
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
int enc);
void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
CAST_KEY *ks, unsigned char *iv, int enc);
const CAST_KEY *ks, unsigned char *iv, int enc);
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc);
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num);
#ifdef __cplusplus

6
Cryptlib/Include/openssl/crypto.h
View File

@ -588,15 +588,15 @@ int OPENSSL_isservice(void);
#endif /* def OPENSSL_FIPS */
#define OPENSSL_HAVE_INIT 1
void OPENSSL_init(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_CRYPTO_strings(void);
#define OPENSSL_HAVE_INIT 1
void OPENSSL_init(void);
/* Error codes for the CRYPTO functions. */
/* Function codes. */

51
Cryptlib/Include/openssl/dtls1.h
View File

@ -62,6 +62,18 @@
#include <openssl/buffer.h>
#include <openssl/pqueue.h>
#ifdef OPENSSL_SYS_VMS
#include <resource.h>
#include <sys/timeb.h>
#endif
#ifdef OPENSSL_SYS_WIN32
/* Needed for struct timeval */
#include <winsock.h>
#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
#include <sys/timeval.h>
#else
#include <sys/time.h>
#endif
#ifdef __cplusplus
extern "C" {
@ -76,7 +88,7 @@ extern "C" {
#endif
/* lengths of messages */
#define DTLS1_COOKIE_LENGTH 32
#define DTLS1_COOKIE_LENGTH 256
#define DTLS1_RT_HEADER_LENGTH 13
@ -101,6 +113,19 @@ typedef struct dtls1_bitmap_st
PQ_64BIT max_seq_num; /* max record number seen so far */
} DTLS1_BITMAP;
struct dtls1_retransmit_state
{
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
const EVP_MD *write_hash; /* used for mac generation */
#ifndef OPENSSL_NO_COMP
COMP_CTX *compress; /* compression */
#else
char *compress;
#endif
SSL_SESSION *session;
unsigned short epoch;
};
struct hm_header_st
{
unsigned char type;
@ -109,6 +134,7 @@ struct hm_header_st
unsigned long frag_off;
unsigned long frag_len;
unsigned int is_ccs;
struct dtls1_retransmit_state saved_retransmit_state;
};
struct ccs_header_st
@ -139,6 +165,7 @@ typedef struct hm_fragment_st
{
struct hm_header_st msg_header;
unsigned char *fragment;
unsigned char *reassembly;
} hm_fragment;
typedef struct dtls1_state_st
@ -168,6 +195,9 @@ typedef struct dtls1_state_st
unsigned short handshake_read_seq;
/* save last sequence number for retransmissions */
unsigned char last_write_sequence[8];
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
@ -178,13 +208,29 @@ typedef struct dtls1_state_st
/* Buffered (sent) handshake records */
pqueue sent_messages;
unsigned int mtu; /* max wire packet size */
/* Buffered application records.
* Only for records between CCS and Finished
* to prevent either protocol violation or
* unnecessary message loss.
*/
record_pqueue buffered_app_data;
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
/* Indicates when the last handshake msg sent will timeout */
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
@ -193,6 +239,7 @@ typedef struct dtls1_state_st
unsigned int handshake_fragment_len;
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
} DTLS1_STATE;

3
Cryptlib/Include/openssl/engine.h
View File

@ -339,9 +339,11 @@ void ENGINE_load_ubsec(void);
void ENGINE_load_cryptodev(void);
void ENGINE_load_padlock(void);
void ENGINE_load_builtin_engines(void);
#ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
#endif
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
@ -767,6 +769,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_DSO_NOT_FOUND 132
#define ENGINE_R_ENGINES_SECTION_ERROR 148
#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101
#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
#define ENGINE_R_ENGINE_SECTION_ERROR 149
#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128

141
Cryptlib/Include/openssl/obj_mac.h
View File

@ -122,7 +122,7 @@
#define SN_wap_wsg "wap-wsg"
#define NID_wap_wsg 679
#define OBJ_wap_wsg OBJ_wap,13L
#define OBJ_wap_wsg OBJ_wap,1L
#define SN_selected_attribute_types "selected-attribute-types"
#define LN_selected_attribute_types "Selected Attribute Types"
@ -2049,6 +2049,7 @@
#define NID_stateOrProvinceName 16
#define OBJ_stateOrProvinceName OBJ_X509,8L
#define SN_streetAddress "street"
#define LN_streetAddress "streetAddress"
#define NID_streetAddress 660
#define OBJ_streetAddress OBJ_X509,9L
@ -2063,6 +2064,7 @@
#define NID_organizationalUnitName 18
#define OBJ_organizationalUnitName OBJ_X509,11L
#define SN_title "title"
#define LN_title "title"
#define NID_title 106
#define OBJ_title OBJ_X509,12L
@ -2071,10 +2073,114 @@
#define NID_description 107
#define OBJ_description OBJ_X509,13L
#define LN_searchGuide "searchGuide"
#define NID_searchGuide 859
#define OBJ_searchGuide OBJ_X509,14L
#define LN_businessCategory "businessCategory"
#define NID_businessCategory 860
#define OBJ_businessCategory OBJ_X509,15L
#define LN_postalAddress "postalAddress"
#define NID_postalAddress 861
#define OBJ_postalAddress OBJ_X509,16L
#define LN_postalCode "postalCode"
#define NID_postalCode 661
#define OBJ_postalCode OBJ_X509,17L
#define LN_postOfficeBox "postOfficeBox"
#define NID_postOfficeBox 862
#define OBJ_postOfficeBox OBJ_X509,18L
#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName"
#define NID_physicalDeliveryOfficeName 863
#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L
#define LN_telephoneNumber "telephoneNumber"
#define NID_telephoneNumber 864
#define OBJ_telephoneNumber OBJ_X509,20L
#define LN_telexNumber "telexNumber"
#define NID_telexNumber 865
#define OBJ_telexNumber OBJ_X509,21L
#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier"
#define NID_teletexTerminalIdentifier 866
#define OBJ_teletexTerminalIdentifier OBJ_X509,22L
#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber"
#define NID_facsimileTelephoneNumber 867
#define OBJ_facsimileTelephoneNumber OBJ_X509,23L
#define LN_x121Address "x121Address"
#define NID_x121Address 868
#define OBJ_x121Address OBJ_X509,24L
#define LN_internationaliSDNNumber "internationaliSDNNumber"
#define NID_internationaliSDNNumber 869
#define OBJ_internationaliSDNNumber OBJ_X509,25L
#define LN_registeredAddress "registeredAddress"
#define NID_registeredAddress 870
#define OBJ_registeredAddress OBJ_X509,26L
#define LN_destinationIndicator "destinationIndicator"
#define NID_destinationIndicator 871
#define OBJ_destinationIndicator OBJ_X509,27L
#define LN_preferredDeliveryMethod "preferredDeliveryMethod"
#define NID_preferredDeliveryMethod 872
#define OBJ_preferredDeliveryMethod OBJ_X509,28L
#define LN_presentationAddress "presentationAddress"
#define NID_presentationAddress 873
#define OBJ_presentationAddress OBJ_X509,29L
#define LN_supportedApplicationContext "supportedApplicationContext"
#define NID_supportedApplicationContext 874
#define OBJ_supportedApplicationContext OBJ_X509,30L
#define SN_member "member"
#define NID_member 875
#define OBJ_member OBJ_X509,31L
#define SN_owner "owner"
#define NID_owner 876
#define OBJ_owner OBJ_X509,32L
#define LN_roleOccupant "roleOccupant"
#define NID_roleOccupant 877
#define OBJ_roleOccupant OBJ_X509,33L
#define SN_seeAlso "seeAlso"
#define NID_seeAlso 878
#define OBJ_seeAlso OBJ_X509,34L
#define LN_userPassword "userPassword"
#define NID_userPassword 879
#define OBJ_userPassword OBJ_X509,35L
#define LN_userCertificate "userCertificate"
#define NID_userCertificate 880
#define OBJ_userCertificate OBJ_X509,36L
#define LN_cACertificate "cACertificate"
#define NID_cACertificate 881
#define OBJ_cACertificate OBJ_X509,37L
#define LN_authorityRevocationList "authorityRevocationList"
#define NID_authorityRevocationList 882
#define OBJ_authorityRevocationList OBJ_X509,38L
#define LN_certificateRevocationList "certificateRevocationList"
#define NID_certificateRevocationList 883
#define OBJ_certificateRevocationList OBJ_X509,39L
#define LN_crossCertificatePair "crossCertificatePair"
#define NID_crossCertificatePair 884
#define OBJ_crossCertificatePair OBJ_X509,40L
#define SN_name "name"
#define LN_name "name"
#define NID_name 173
@ -2085,6 +2191,7 @@
#define NID_givenName 99
#define OBJ_givenName OBJ_X509,42L
#define SN_initials "initials"
#define LN_initials "initials"
#define NID_initials 101
#define OBJ_initials OBJ_X509,43L
@ -2102,6 +2209,38 @@
#define NID_dnQualifier 174
#define OBJ_dnQualifier OBJ_X509,46L
#define LN_enhancedSearchGuide "enhancedSearchGuide"
#define NID_enhancedSearchGuide 885
#define OBJ_enhancedSearchGuide OBJ_X509,47L
#define LN_protocolInformation "protocolInformation"
#define NID_protocolInformation 886
#define OBJ_protocolInformation OBJ_X509,48L
#define LN_distinguishedName "distinguishedName"
#define NID_distinguishedName 887
#define OBJ_distinguishedName OBJ_X509,49L
#define LN_uniqueMember "uniqueMember"
#define NID_uniqueMember 888
#define OBJ_uniqueMember OBJ_X509,50L
#define LN_houseIdentifier "houseIdentifier"
#define NID_houseIdentifier 889
#define OBJ_houseIdentifier OBJ_X509,51L
#define LN_supportedAlgorithms "supportedAlgorithms"
#define NID_supportedAlgorithms 890
#define OBJ_supportedAlgorithms OBJ_X509,52L
#define LN_deltaRevocationList "deltaRevocationList"
#define NID_deltaRevocationList 891
#define OBJ_deltaRevocationList OBJ_X509,53L
#define SN_dmdName "dmdName"
#define NID_dmdName 892
#define OBJ_dmdName OBJ_X509,54L
#define LN_pseudonym "pseudonym"
#define NID_pseudonym 510
#define OBJ_pseudonym OBJ_X509,65L

6
Cryptlib/Include/openssl/opensslv.h
View File

@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x009080cfL
#define OPENSSL_VERSION_NUMBER 0x0090817fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l-fips 5 Nov 2009"
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l 5 Nov 2009"
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

7
Cryptlib/Include/openssl/pkcs12.h
View File

@ -232,9 +232,14 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
const EVP_MD *md_type);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, const EVP_MD *md_type);
#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
/* Rename these functions to avoid name clashes on NetWare OS */
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
#else
unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
char *uni2asc(unsigned char *uni, int unilen);
#endif
DECLARE_ASN1_FUNCTIONS(PKCS12)
DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

1
Cryptlib/Include/openssl/pqueue.h
View File

@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */

68
Cryptlib/Include/openssl/safestack.h
View File

@ -127,7 +127,7 @@ STACK_OF(type) \
sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \
(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \
pp, length, \
CHECKED_D2I_OF(type, d2i_func), \
CHECKED_SK_FREE_FUNC(type, free_func), \
@ -678,28 +678,6 @@ STACK_OF(type) \
#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
#define sk_EVP_PKEY_ASN1_METHOD_new(st) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
@ -1008,50 +986,6 @@ STACK_OF(type) \
#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))

53
Cryptlib/Include/openssl/ssl.h
View File

@ -485,6 +485,8 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
@ -510,9 +512,13 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
/* Permit unsafe legacy renegotiation */
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
@ -561,17 +567,25 @@ typedef struct ssl_session_st
#define SSL_CTX_set_options(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
#define SSL_CTX_clear_options(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_CTX_get_options(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_set_options(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
#define SSL_clear_options(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_get_options(ssl) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_CTX_set_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
#define SSL_CTX_clear_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_CTX_get_mode(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
#define SSL_clear_mode(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_set_mode(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
#define SSL_get_mode(ssl) \
@ -579,6 +593,8 @@ typedef struct ssl_session_st
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@ -1269,6 +1285,21 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
#endif
#define DTLS_CTRL_GET_TIMEOUT 73
#define DTLS_CTRL_HANDLE_TIMEOUT 74
#define DTLS_CTRL_LISTEN 75
#define SSL_CTRL_GET_RI_SUPPORT 76
#define SSL_CTRL_CLEAR_OPTIONS 77
#define SSL_CTRL_CLEAR_MODE 78
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
#define DTLSv1_listen(ssl, peer) \
SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
@ -1519,7 +1550,7 @@ long SSL_get_default_timeout(const SSL *s);
int SSL_library_init(void );
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
SSL *SSL_dup(SSL *ssl);
@ -1649,7 +1680,9 @@ void ERR_load_SSL_strings(void);
#define SSL_F_DO_DTLS1_WRITE 245
#define SSL_F_DO_SSL3_WRITE 104
#define SSL_F_DTLS1_ACCEPT 246
#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280
#define SSL_F_DTLS1_BUFFER_RECORD 247
#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293
#define SSL_F_DTLS1_CLIENT_HELLO 248
#define SSL_F_DTLS1_CONNECT 249
#define SSL_F_DTLS1_ENC 250
@ -1657,6 +1690,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_DTLS1_GET_MESSAGE 252
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
#define SSL_F_DTLS1_GET_RECORD 254
#define SSL_F_DTLS1_HANDLE_TIMEOUT 282
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
@ -1702,9 +1736,11 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL2_SET_CERTIFICATE 126
#define SSL_F_SSL2_WRITE 127
#define SSL_F_SSL3_ACCEPT 128
#define SSL_F_SSL3_ADD_CERT_TO_BUF 281
#define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292
#define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_CONNECT 132
#define SSL_F_SSL3_CTRL 213
@ -1742,9 +1778,11 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
#define SSL_F_SSL3_WRITE_BYTES 158
#define SSL_F_SSL3_WRITE_PENDING 159
#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285
#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286
#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273
#define SSL_F_SSL_BAD_METHOD 160
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
@ -1786,6 +1824,10 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287
#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290
#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289
#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291
#define SSL_F_SSL_PEEK 270
#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275
#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276
@ -1885,6 +1927,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_DTLS_MESSAGE_TOO_BIG 318
#define SSL_R_DUPLICATE_COMPRESSION_ID 309
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
@ -1933,6 +1976,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 325
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
@ -1952,7 +1996,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
#define SSL_R_NO_PUBLICKEY 192
#define SSL_R_NO_RENEGOTIATION 318
#define SSL_R_NO_RENEGOTIATION 319
#define SSL_R_NO_SHARED_CIPHER 193
#define SSL_R_NO_VERIFY_CALLBACK 194
#define SSL_R_NULL_SSL_CTX 195
@ -1980,10 +2024,14 @@ void ERR_load_SSL_strings(void);
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_RECORD_TOO_SMALL 298
#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320
#define SSL_R_RENEGOTIATION_ENCODING_ERR 321
#define SSL_R_RENEGOTIATION_MISMATCH 322
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324
#define SSL_R_SERVERHELLO_TLSEXT 224
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
#define SSL_R_SHORT_READ 219
@ -2053,6 +2101,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
#define SSL_R_UNKNOWN_SSL_VERSION 254
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315

21
Cryptlib/Include/openssl/ssl3.h
View File

@ -129,6 +129,9 @@
extern "C" {
#endif
/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
#define SSL3_CK_SCSV 0x030000FF
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
@ -330,7 +333,17 @@ typedef struct ssl3_buffer_st
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
* renegotiation, so effectively limits the client to one restart
* per negotiation. This limits the possibility of a DDoS
* attack where the client handshakes in a loop using SGC to
* restart. Servers which permit renegotiation can still be
* effected, but we can't prevent that.
*/
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
typedef struct ssl3_state_st
{
@ -441,6 +454,12 @@ typedef struct ssl3_state_st
int cert_request;
} tmp;
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
unsigned char previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
} SSL3_STATE;

20
Cryptlib/Include/openssl/symhacks.h
View File

@ -60,6 +60,11 @@
/* Hacks to solve the problem with linkers incapable of handling very long
symbol names. In the case of VMS, the limit is 31 characters on VMS for
VAX. */
/* Note that this affects util/libeay.num and util/ssleay.num... you may
change those manually, but that's not recommended, as those files are
controlled centrally and updated on Unix, and the central definition
may disagree with yours, which in turn may come with shareable library
incompatibilities. */
#ifdef OPENSSL_SYS_VMS
/* Hack a long name in crypto/cryptlib.c */
@ -137,6 +142,8 @@
#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers
#undef X509_STORE_CTX_get_explicit_policy
#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy
#undef X509_STORE_CTX_get0_current_issuer
#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer
/* Hack some long CRYPTO names */
#undef CRYPTO_set_dynlock_destroy_callback
@ -174,6 +181,15 @@
#undef SSL_COMP_get_compression_methods
#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
#undef ssl_add_clienthello_renegotiate_ext
#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext
#undef ssl_add_serverhello_renegotiate_ext
#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext
#undef ssl_parse_clienthello_renegotiate_ext
#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext
#undef ssl_parse_serverhello_renegotiate_ext
#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
@ -365,6 +381,10 @@
#undef cms_SignerIdentifier_get0_signer_id
#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id
/* Hack some long DTLS1 names */
#undef dtls1_retransmit_buffered_messages
#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs
#endif /* defined OPENSSL_SYS_VMS */

7
Cryptlib/Include/openssl/tls1.h
View File

@ -115,6 +115,9 @@ extern "C" {
#define TLSEXT_TYPE_ec_point_formats 11
#define TLSEXT_TYPE_session_ticket 35
/* Temporary extension type */
#define TLSEXT_TYPE_renegotiate 0xff01
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
@ -169,9 +172,9 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)

2
Cryptlib/Include/openssl/x509.h
View File

@ -116,6 +116,7 @@ extern "C" {
/* Under Win32 these are defined in wincrypt.h */
#undef X509_NAME
#undef X509_CERT_PAIR
#undef X509_EXTENSIONS
#endif
#define X509_FILETYPE_PEM 1
@ -255,6 +256,7 @@ typedef struct x509_cinf_st
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
ASN1_ENCODING enc;
} X509_CINF;
/* This stuff is certificate "auxiliary info"

3
Cryptlib/Include/openssl/x509_vfy.h
View File

@ -363,6 +363,9 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
/* Notify callback that policy is OK */
#define X509_V_FLAG_NOTIFY_POLICY 0x800
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
#define X509_VP_FLAG_DEFAULT 0x1
#define X509_VP_FLAG_OVERWRITE 0x2
#define X509_VP_FLAG_RESET_FLAGS 0x4

1
Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
View File

@ -201,7 +201,6 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
assert(in && out && key && ivec && num);
assert(*num == 0);
memset(out,0,(length+7)/8);
for(n=0 ; n < length ; ++n)
{
c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

12
Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
View File

@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);

54
Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
View File

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1_mac.h>
@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
BUF_MEM *b;
unsigned char *p;
int i;
int ret=-1;
ASN1_const_CTX c;
int want=HEADER_SIZE;
size_t want=HEADER_SIZE;
int eos=0;
#if defined(__GNUC__) && defined(__ia64)
/* pathetic compiler bug in all known versions as of Nov. 2002 */
long off=0;
#else
int off=0;
#endif
int len=0;
size_t off=0;
size_t len=0;
b=BUF_MEM_new();
if (b == NULL)
@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
want-=(len-off);
if (!BUF_MEM_grow_clean(b,len+want))
if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
@ -181,8 +176,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
goto err;
}
if (i > 0)
{
if (len+i < len)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
goto err;
}
len+=i;
}
}
/* else data already loaded */
p=(unsigned char *)&(b->data[off]);
@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
/* no data body so go round again */
eos++;
if (eos < 0)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
goto err;
}
want=HEADER_SIZE;
}
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
else
{
/* suck in c.slen bytes of data */
want=(int)c.slen;
want=c.slen;
if (want > (len-off))
{
want-=(len-off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len+want < len)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
/* This can't overflow because
* |len+want| didn't overflow. */
len+=i;
want -= i;
want-=i;
}
}
off+=(int)c.slen;
if (off + c.slen < off)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
goto err;
}
off+=c.slen;
if (eos <= 0)
{
break;
@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
}
}
if (off > INT_MAX)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
goto err;
}
*pb = b;
return off;
err:
if (b != NULL) BUF_MEM_free(b);
return(ret);
return -1;
}

3
Cryptlib/OpenSSL/crypto/asn1/a_int.c
View File

@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
{
ASN1_INTEGER *ret=NULL;
const unsigned char *p;
unsigned char *to,*s;
unsigned char *s;
long len;
int inf,tag,xclass;
int i;
@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
i=ERR_R_MALLOC_FAILURE;
goto err;
}
to=s;
ret->type=V_ASN1_INTEGER;
if(len) {
if ((*p == 0) && (len != 1))

2
Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
View File

@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int str_type;
int ret;
char free_out;
int outform, outlen;
int outform, outlen = 0;
ASN1_STRING *dest;
unsigned char *p;
int nchar;

13
Cryptlib/OpenSSL/crypto/asn1/a_object.c
View File

@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
goto err;
}
if (!use_bn && l > (ULONG_MAX / 10L))
if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
{
use_bn = 1;
if (!bl)
@ -291,6 +291,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ASN1_OBJECT *ret=NULL;
const unsigned char *p;
int i;
/* Sanity check OID encoding: can't have leading 0x80 in
* subidentifiers, see: X.690 8.19.2
*/
for (i = 0, p = *pp; i < len; i++, p++)
{
if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
return NULL;
}
}
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */

17
Cryptlib/OpenSSL/crypto/asn1/a_strex.c
View File

@ -74,6 +74,11 @@
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
/* Three IO functions for sending data to memory, a BIO and
* and a FILE pointer.
@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch
if(!io_ch(arg, tmphex, 3)) return -1;
return 3;
}
/* If we get this far and do any escaping at all must escape
* the escape character itself: backslash.
*/
if (chtmp == '\\' && flags & ESC_FLAGS) {
if(!io_ch(arg, "\\\\", 2)) return -1;
return 2;
}
if(!io_ch(arg, &chtmp, 1)) return -1;
return 1;
}
@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
4, -1, 2 /* 28-30 */
};
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
/* This is the main function, print out an
* ASN1_STRING taking note of various escape
* and display options. Returns number of

2
Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
View File

@ -96,7 +96,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
* default: the default value, Printable, T61, BMP.
*/
int ASN1_STRING_set_default_mask_asc(char *p)
int ASN1_STRING_set_default_mask_asc(const char *p)
{
unsigned long mask;
char *end;

2
Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
View File

@ -132,7 +132,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_NEW_NDEF"},
{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
@ -241,6 +240,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},

9
Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
View File

@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
/* Allocate buffer for new encoding */
new_der = OPENSSL_malloc(len);
if (!new_der)
goto err;
/* Generate tagged encoding */
@ -446,6 +448,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
int derlen;
int i, is_set;
sk = sk_ASN1_TYPE_new_null();
if (!sk)
goto bad;
if (section)
{
if (!cnf)
@ -458,7 +462,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
if (!typ)
goto bad;
sk_ASN1_TYPE_push(sk, typ);
if (!sk_ASN1_TYPE_push(sk, typ))
goto bad;
typ = NULL;
}
}
@ -474,6 +479,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
V_ASN1_UNIVERSAL, is_set);
der = OPENSSL_malloc(derlen);
if (!der)
goto bad;
p = der;
i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
V_ASN1_UNIVERSAL, is_set);

2
Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
View File

@ -246,7 +246,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
if (ii < 0)
{
if (BIO_write(bp,"Bad boolean\n",12))
if (BIO_write(bp,"Bad boolean\n",12) <= 0)
goto end;
}
BIO_printf(bp,":%d",ii);

7
Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
View File

@ -418,9 +418,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
strcmp(hdr->value, "application/pkcs7-signature")) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
ERR_add_error_data(2, "type: ", hdr->value);
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}
@ -790,12 +790,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
if (!(*a)->name || !(*b)->name)
return !!(*a)->name - !!(*b)->name;
return(strcmp((*a)->name, (*b)->name));
}
static int mime_param_cmp(const MIME_PARAM * const *a,
const MIME_PARAM * const *b)
{
if (!(*a)->param_name || !(*b)->param_name)
return !!(*a)->param_name - !!(*b)->param_name;
return(strcmp((*a)->param_name, (*b)->param_name));
}

3
Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
View File

@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int sgckey)
{
RSA *ret=NULL;
const unsigned char *p, *kp;
const unsigned char *p;
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
p = *pp;
@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
goto err;
}
kp = enckey->enckey->digest->data;
if (cb == NULL)
cb=EVP_read_pw_string;
if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;

3
Cryptlib/OpenSSL/crypto/asn1/t_crl.c
View File

@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, n;
int i;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
else BIO_printf(out,"NONE");
BIO_printf(out,"\n");
n=X509_CRL_get_ext_count(x);
X509V3_extensions_print(out, "CRL extensions",
x->crl->extensions, 0, 8);

17
Cryptlib/OpenSSL/crypto/asn1/t_x509.c
View File

@ -379,6 +379,8 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
int gmt=0;
int i;
int y=0,M=0,d=0,h=0,m=0,s=0;
char *f = NULL;
int f_len = 0;
i=tm->length;
v=(char *)tm->data;
@ -396,10 +398,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
if (tm->length >= 14 &&
(v[12] >= '0') && (v[12] <= '9') &&
(v[13] >= '0') && (v[13] <= '9'))
{
s= (v[12]-'0')*10+(v[13]-'0');
/* Check for fractions of seconds. */
if (tm->length >= 15 && v[14] == '.')
{
int l = tm->length;
f = &v[14]; /* The decimal point. */
f_len = 1;
while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
++f_len;
}
}
if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
return(0);
else
return(1);

3
Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
View File

@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int i;
int otag;
int ret = 0;
ASN1_VALUE *pchval, **pchptr, *ptmpval;
ASN1_VALUE **pchptr, *ptmpval;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err;
}
/* CHOICE type, try each possibility in turn */
pchval = NULL;
p = *in;
for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
{

4
Cryptlib/OpenSSL/crypto/asn1/x_name.c
View File

@ -196,7 +196,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
*val = nm.a;
*in = p;
return ret;
err:
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}

9
Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
View File

@ -367,7 +367,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
goto err;
}
/* Check to see if another thread set key->pkey first */
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
if (key->pkey)
{
EVP_PKEY_free(ret);
ret = key->pkey;
}
else
key->pkey = ret;
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
return(ret);
err:

4
Cryptlib/OpenSSL/crypto/asn1/x_x509.c
View File

@ -63,7 +63,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
ASN1_SEQUENCE(X509_CINF) = {
ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
} ASN1_SEQUENCE_END(X509_CINF)
} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
/* X509 top level structure needs a bit of customisation */

15
Cryptlib/OpenSSL/crypto/bio/bf_buff.c
View File

@ -209,7 +209,7 @@ start:
/* add to buffer and return */
if (i >= inl)
{
memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
ctx->obuf_len+=inl;
return(num+inl);
}
@ -219,7 +219,7 @@ start:
{
if (i > 0) /* lets fill it up if we can */
{
memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
in+=i;
inl-=i;
num+=i;
@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_BUFF_NUM_LINES:
ret=0;
p1=ctx->ibuf;
for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
for (i=0; i<ctx->ibuf_len; i++)
{
if (p1[i] == '\n') ret++;
if (p1[ctx->ibuf_off + i] == '\n') ret++;
}
break;
case BIO_CTRL_WPENDING:
@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
for (;;)
{
BIO_clear_retry_flags(b);
if (ctx->obuf_len > ctx->obuf_off)
if (ctx->obuf_len > 0)
{
r=BIO_write(b->next_bio,
&(ctx->obuf[ctx->obuf_off]),
ctx->obuf_len-ctx->obuf_off);
ctx->obuf_len);
#if 0
fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
#endif
BIO_copy_next_retry(b);
if (r <= 0) return((long)r);
ctx->obuf_off+=r;
ctx->obuf_len-=r;
}
else
{

2
Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
View File

@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
static int nbiof_read(BIO *b, char *out, int outl)
{
NBIO_TEST *nt;
int ret=0;
#if 1
int num;
@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl)
if (out == NULL) return(0);
if (b->next_bio == NULL) return(0);
nt=(NBIO_TEST *)b->ptr;
BIO_clear_retry_flags(b);
#if 1

4
Cryptlib/OpenSSL/crypto/bio/bio_lib.c
View File

@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
int BIO_free(BIO *a)
{
int ret=0,i;
int i;
if (a == NULL) return(0);
@ -133,7 +133,7 @@ int BIO_free(BIO *a)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
ret=a->method->destroy(a);
a->method->destroy(a);
OPENSSL_free(a);
return(1);
}

240
Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
View File

@ -57,7 +57,6 @@
*
*/
#ifndef OPENSSL_NO_DGRAM
#include <stdio.h>
#include <errno.h>
@ -65,8 +64,15 @@
#include "cryptlib.h"
#include <openssl/bio.h>
#ifndef OPENSSL_NO_DGRAM
#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
#include <sys/timeb.h>
#endif
#ifdef OPENSSL_SYS_LINUX
#define IP_MTU 14 /* linux is lame */
#endif
#ifdef WATT32
#define sock_write SockWrite /* Watt-32 uses same names */
@ -84,6 +90,8 @@ static int dgram_clear(BIO *bio);
static int BIO_dgram_should_retry(int s);
static void get_current_time(struct timeval *t);
static BIO_METHOD methods_dgramp=
{
BIO_TYPE_DGRAM,
@ -104,6 +112,8 @@ typedef struct bio_dgram_data_st
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
struct timeval next_timeout;
struct timeval socket_timeout;
} bio_dgram_data;
BIO_METHOD *BIO_s_datagram(void)
@ -166,6 +176,99 @@ static int dgram_clear(BIO *a)
return(1);
}
static void dgram_adjust_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
int sz = sizeof(int);
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
{
struct timeval timenow, timeleft;
/* Read current socket timeout */
#ifdef OPENSSL_SYS_WINDOWS
int timeout;
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, &sz) < 0)
{ perror("getsockopt"); }
else
{
data->socket_timeout.tv_sec = timeout / 1000;
data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
}
#else
if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
&(data->socket_timeout), (void *)&sz) < 0)
{ perror("getsockopt"); }
#endif
/* Get current time */
get_current_time(&timenow);
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
timeleft.tv_sec -= timenow.tv_sec;
timeleft.tv_usec -= timenow.tv_usec;
if (timeleft.tv_usec < 0)
{
timeleft.tv_sec--;
timeleft.tv_usec += 1000000;
}
if (timeleft.tv_sec < 0)
{
timeleft.tv_sec = 0;
timeleft.tv_usec = 1;
}
/* Adjust socket timeout if next handhake message timer
* will expire earlier.
*/
if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
(data->socket_timeout.tv_sec > timeleft.tv_sec) ||
(data->socket_timeout.tv_sec == timeleft.tv_sec &&
data->socket_timeout.tv_usec >= timeleft.tv_usec))
{
#ifdef OPENSSL_SYS_WINDOWS
timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
}
}
#endif
}
static void dgram_reset_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
{
#ifdef OPENSSL_SYS_WINDOWS
int timeout = data->socket_timeout.tv_sec * 1000 +
data->socket_timeout.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
}
#endif
}
static int dgram_read(BIO *b, char *out, int outl)
{
int ret=0;
@ -183,13 +286,14 @@ static int dgram_read(BIO *b, char *out, int outl)
* but this is not universal. Cast to (void *) to avoid
* compiler warnings.
*/
dgram_adjust_rcv_timeout(b);
ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
if ( ! data->connected && ret > 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
if ( ! data->connected && ret >= 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
BIO_clear_retry_flags(b);
if (ret <= 0)
if (ret < 0)
{
if (BIO_dgram_should_retry(ret))
{
@ -197,6 +301,8 @@ static int dgram_read(BIO *b, char *out, int outl)
data->_errno = get_last_socket_error();
}
}
dgram_reset_rcv_timeout(b);
}
return(ret);
}
@ -219,7 +325,7 @@ static int dgram_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
if (ret <= 0)
{
if (BIO_sock_should_retry(ret))
if (BIO_dgram_should_retry(ret))
{
BIO_set_retry_write(b);
data->_errno = get_last_socket_error();
@ -240,8 +346,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
int *ip;
struct sockaddr *to = NULL;
bio_dgram_data *data = NULL;
#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
long sockopt_val = 0;
unsigned int sockopt_len = 0;
#endif
#ifdef OPENSSL_SYS_LINUX
socklen_t addr_len;
struct sockaddr_storage addr;
#endif
data = (bio_dgram_data *)b->ptr;
@ -300,25 +412,91 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
#endif
break;
/* (Linux)kernel sets DF bit on outgoing IP packets */
#ifdef IP_MTU_DISCOVER
case BIO_CTRL_DGRAM_MTU_DISCOVER:
#ifdef OPENSSL_SYS_LINUX
addr_len = (socklen_t)sizeof(struct sockaddr_storage);
memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
{
ret = 0;
break;
}
sockopt_len = sizeof(sockopt_val);
switch (addr.ss_family)
{
case AF_INET:
sockopt_val = IP_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
case AF_INET6:
sockopt_val = IPV6_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
default:
ret = -1;
break;
}
ret = -1;
#else
break;
#endif
case BIO_CTRL_DGRAM_QUERY_MTU:
#ifdef OPENSSL_SYS_LINUX
addr_len = (socklen_t)sizeof(struct sockaddr_storage);
memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
{
ret = 0;
break;
}
sockopt_len = sizeof(sockopt_val);
switch (addr.ss_family)
{
case AF_INET:
if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{ ret = 0; }
{
ret = 0;
}
else
{
data->mtu = sockopt_val;
/* we assume that the transport protocol is UDP and no
* IP options are used.
*/
data->mtu = sockopt_val - 8 - 20;
ret = data->mtu;
}
break;
case AF_INET6:
if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{
ret = 0;
}
else
{
/* we assume that the transport protocol is UDP and no
* IPV6 options are used.
*/
data->mtu = sockopt_val - 8 - 40;
ret = data->mtu;
}
break;
default:
ret = 0;
break;
}
#else
ret = 0;
#endif
break;
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
ret = 576 - 20 - 8;
break;
case BIO_CTRL_DGRAM_GET_MTU:
return data->mtu;
break;
@ -340,11 +518,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
memset(&(data->peer), 0x00, sizeof(struct sockaddr));
}
break;
case BIO_CTRL_DGRAM_GET_PEER:
to = (struct sockaddr *) ptr;
memcpy(to, &(data->peer), sizeof(struct sockaddr));
ret = sizeof(struct sockaddr);
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
memcpy(&(data->peer), to, sizeof(struct sockaddr));
break;
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
break;
#if defined(SO_RCVTIMEO)
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
#ifdef OPENSSL_SYS_WINDOWS
@ -471,9 +658,13 @@ static int BIO_dgram_should_retry(int i)
{
err=get_last_socket_error();
#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
if ((i == -1) && (err == 0))
return(1);
#if defined(OPENSSL_SYS_WINDOWS)
/* If the socket return value (i) is -1
* and err is unexpectedly 0 at this point,
* the error code was overwritten by
* another system call before this error
* handling is called.
*/
#endif
return(BIO_dgram_non_fatal_error(err));
@ -507,10 +698,6 @@ int BIO_dgram_non_fatal_error(int err)
# endif
#endif
#if defined(ENOTCONN)
case ENOTCONN:
#endif
#ifdef EINTR
case EINTR:
#endif
@ -533,11 +720,6 @@ int BIO_dgram_non_fatal_error(int err)
case EALREADY:
#endif
/* DF bit set, and packet larger than MTU */
#ifdef EMSGSIZE
case EMSGSIZE:
#endif
return(1);
/* break; */
default:
@ -545,4 +727,22 @@ int BIO_dgram_non_fatal_error(int err)
}
return(0);
}
static void get_current_time(struct timeval *t)
{
#ifdef OPENSSL_SYS_WIN32
struct _timeb tb;
_ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#elif defined(OPENSSL_SYS_VMS)
struct timeb tb;
ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#else
gettimeofday(t, NULL);
#endif
}
#endif

15
Cryptlib/OpenSSL/crypto/bio/bss_file.c
View File

@ -272,9 +272,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_clear_flags(b,BIO_FLAGS_UPLINK);
#endif
#endif
#ifdef UP_fsetmode
#ifdef UP_fsetmod
if (b->flags&BIO_FLAGS_UPLINK)
UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');
UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
else
#endif
{
@ -404,11 +404,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
buf[0]='\0';
if (bp->flags&BIO_FLAGS_UPLINK)
UP_fgets(buf,size,bp->ptr);
{
if (!UP_fgets(buf,size,bp->ptr))
goto err;
}
else
fgets(buf,size,(FILE *)bp->ptr);
{
if (!fgets(buf,size,(FILE *)bp->ptr))
goto err;
}
if (buf[0] != '\0')
ret=strlen(buf);
err:
return(ret);
}

37
Cryptlib/OpenSSL/crypto/bn/bn_blind.c
View File

@ -123,7 +123,7 @@ struct bn_blinding_st
BIGNUM *mod; /* just a reference */
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
* used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
unsigned int counter;
int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -157,7 +157,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGN
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
ret->counter = BN_BLINDING_COUNTER;
/* Set the counter to the special value -1
* to indicate that this is never-used fresh blinding
* that does not need updating before first use. */
ret->counter = -1;
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
@ -186,7 +189,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
goto err;
}
if (--(b->counter) == 0 && b->e != NULL &&
if (b->counter == -1)
b->counter = 0;
if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
!(b->flags & BN_BLINDING_NO_RECREATE))
{
/* re-create blinding parameters */
@ -201,8 +207,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
ret=1;
err:
if (b->counter == 0)
b->counter = BN_BLINDING_COUNTER;
if (b->counter == BN_BLINDING_COUNTER)
b->counter = 0;
return(ret);
}
@ -223,6 +229,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
return(0);
}
if (b->counter == -1)
/* Fresh blinding, doesn't need updating. */
b->counter = 0;
else if (!BN_BLINDING_update(b,ctx))
return(0);
if (r != NULL)
{
if (!BN_copy(r, b->Ai)) ret=0;
@ -243,22 +255,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
int ret;
bn_check_top(n);
if ((b->A == NULL) || (b->Ai == NULL))
{
BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
return(0);
}
if (r != NULL)
ret = BN_mod_mul(n, n, r, b->mod, ctx);
else
ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
if (ret >= 0)
{
if (!BN_BLINDING_update(b,ctx))
if (b->Ai == NULL)
{
BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
return(0);
}
ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
}
bn_check_top(n);
return(ret);
}

15
Cryptlib/OpenSSL/crypto/bn/bn_div.c
View File

@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
/* The next 2 are needed so we can do a dv->d[0]|=1 later
* since BN_lshift1 will only work once there is a value :-) */
BN_zero(dv);
bn_wexpand(dv,1);
if(bn_wexpand(dv,1) == NULL) goto end;
dv->top=1;
if (!BN_lshift(D,D,nm-nd)) goto end;
@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
if (dv == NULL)
res=BN_CTX_get(ctx);
else res=dv;
if (sdiv == NULL || res == NULL) goto err;
if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
goto err;
/* First we normalise the numbers */
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@ -336,7 +337,10 @@ X) -> 0x%08X\n",
t2 -= d1;
}
#else /* !BN_LLONG */
BN_ULONG t2l,t2h,ql,qh;
BN_ULONG t2l,t2h;
#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
BN_ULONG ql,qh;
#endif
q=bn_div_words(n0,n1,d0);
#ifdef BN_DEBUG_LEVITTE
@ -560,7 +564,10 @@ X) -> 0x%08X\n",
t2 -= d1;
}
#else /* !BN_LLONG */
BN_ULONG t2l,t2h,ql,qh;
BN_ULONG t2l,t2h;
#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
BN_ULONG ql,qh;
#endif
q=bn_div_words(n0,n1,d0);
#ifdef BN_DEBUG_LEVITTE

3
Cryptlib/OpenSSL/crypto/bn/bn_exp.c
View File

@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
rr = BN_CTX_get(ctx);
else
rr = r;
if ((v = BN_CTX_get(ctx)) == NULL) goto err;
v = BN_CTX_get(ctx);
if (rr == NULL || v == NULL) goto err;
if (BN_copy(v,a) == NULL) goto err;
bits=BN_num_bits(p);

3
Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
View File

@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
r_is_one = 0;
}
}
BN_from_montgomery(rr,r,mont,ctx);
if (!BN_from_montgomery(rr,r,mont,ctx))
goto err;
ret=1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

4
Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
View File

@ -294,7 +294,8 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
if (a->top < b->top) { at = b; bt = a; }
else { at = a; bt = b; }
bn_wexpand(r, at->top);
if(bn_wexpand(r, at->top) == NULL)
return 0;
for (i = 0; i < bt->top; i++)
{
@ -606,6 +607,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
while (!BN_is_odd(u))
{
if (BN_is_zero(u)) goto err;
if (!BN_rshift1(u, u)) goto err;
if (BN_is_odd(b))
{

19
Cryptlib/OpenSSL/crypto/bn/bn_mul.c
View File

@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
int tna, int tnb, BN_ULONG *t)
{
int i,j,n2=n*2;
int c1,c2,neg,zero;
int c1,c2,neg;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
/* r=(a[0]-a[1])*(b[1]-b[0]) */
c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
zero=neg=0;
neg=0;
switch (c1*3+c2)
{
case -4:
@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
break;
case -3:
zero=1;
/* break; */
case -2:
bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
case -1:
case 0:
case 1:
zero=1;
/* break; */
case 2:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
neg=1;
break;
case 3:
zero=1;
/* break; */
case 4:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
if (i >= -1 && i <= 1)
{
int sav_j =0;
/* Find out the power of two lower or equal
to the longest of the two numbers */
if (i >= 0)
@ -1023,22 +1019,23 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
j = BN_num_bits_word((BN_ULONG)bl);
}
sav_j = j;
j = 1<<(j-1);
assert(j <= al || j <= bl);
k = j+j;
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
if (al > j || bl > j)
{
bn_wexpand(t,k*4);
bn_wexpand(rr,k*4);
if (bn_wexpand(t,k*4) == NULL) goto err;
if (bn_wexpand(rr,k*4) == NULL) goto err;
bn_mul_part_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}
else /* al <= j || bl <= j */
{
bn_wexpand(t,k*2);
bn_wexpand(rr,k*2);
if (bn_wexpand(t,k*2) == NULL) goto err;
if (bn_wexpand(rr,k*2) == NULL) goto err;
bn_mul_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}

27
Cryptlib/OpenSSL/crypto/buffer/buffer.c
View File

@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
* function is applied in several functions in this file and this limit ensures
* that the result fits in an int. */
#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@ -94,6 +99,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
char *ret;
unsigned int n;
if (len < 0)
{
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
return 0;
}
if (str->length >= len)
{
str->length=len;
@ -105,6 +115,12 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
str->length=len;
return(len);
}
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
if (len > LIMIT_BEFORE_EXPANSION)
{
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
return 0;
}
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
@ -130,6 +146,11 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
char *ret;
unsigned int n;
if (len < 0)
{
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
return 0;
}
if (str->length >= len)
{
memset(&str->data[len],0,str->length-len);
@ -142,6 +163,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
str->length=len;
return(len);
}
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
if (len > LIMIT_BEFORE_EXPANSION)
{
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
return 0;
}
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);

3
Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
View File

@ -65,7 +65,7 @@
*/
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc)
{
register CAST_LONG v0,v1,t;
@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
v0=v1=ti[0]=ti[1]=t=c=cc=0;
*num=n;
}

3
Cryptlib/OpenSSL/crypto/cast/c_ecb.c
View File

@ -63,7 +63,7 @@
const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
CAST_KEY *ks, int enc)
const CAST_KEY *ks, int enc)
{
CAST_LONG l,d[2];
@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
l=d[1]; l2n(l,out);
l=d[0]=d[1]=0;
}

13
Cryptlib/OpenSSL/crypto/cast/c_enc.c
View File

@ -59,9 +59,10 @@
#include <openssl/cast.h>
#include "cast_lcl.h"
void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
data[0]=r&0xffffffffL;
}
void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
}
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
CAST_KEY *ks, unsigned char *iv, int enc)
const CAST_KEY *ks, unsigned char *iv, int enc)
{
register CAST_LONG tin0,tin1;
register CAST_LONG tout0,tout1,xor0,xor1;
@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
tin0=tin1=tout0=tout1=xor0=xor1=0;
tin[0]=tin[1]=0;
}

3
Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
View File

@ -64,7 +64,7 @@
* 64bit block we have used is contained in *num;
*/
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num)
{
register CAST_LONG v0,v1,t;
@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
t=v0=v1=ti[0]=ti[1]=0;
*num=n;
}

3
Cryptlib/OpenSSL/crypto/comp/c_rle.c
View File

@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
{
int i;
if (olen < (ilen-1))
if (ilen == 0 || olen < (ilen-1))
{
/* ZZZZZZZZZZZZZZZZZZZZZZ */
return(-1);
@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
}
return(ilen-1);
}

17
Cryptlib/OpenSSL/crypto/comp/c_zlib.c
View File

@ -136,15 +136,6 @@ struct zlib_state
static int zlib_stateful_ex_idx = -1;
static void zlib_stateful_free_ex_data(void *obj, void *item,
CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
{
struct zlib_state *state = (struct zlib_state *)item;
inflateEnd(&state->istream);
deflateEnd(&state->ostream);
OPENSSL_free(state);
}
static int zlib_stateful_init(COMP_CTX *ctx)
{
int err;
@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx)
static void zlib_stateful_finish(COMP_CTX *ctx)
{
struct zlib_state *state =
(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
zlib_stateful_ex_idx);
inflateEnd(&state->istream);
deflateEnd(&state->ostream);
OPENSSL_free(state);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
}
@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
if (zlib_stateful_ex_idx == -1)
zlib_stateful_ex_idx =
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
0,NULL,NULL,NULL,NULL);
CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
if (zlib_stateful_ex_idx == -1)
goto err;

1
Cryptlib/OpenSSL/crypto/conf/conf_api.c
View File

@ -64,6 +64,7 @@
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>

17
Cryptlib/OpenSSL/crypto/conf/conf_def.c
View File

@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
int again;
long eline=0;
char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
/* STACK_OF(CONF_VALUE) *ts=NULL;*/
char *start,*psection,*pname;
void *h = (void *)(conf->data);
@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
bufnum=0;
again=0;
@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
buf=buff->data;
clear_comments(conf, buf);
n=strlen(buf);
s=eat_ws(conf, buf);
if (IS_EOF(conf,*s)) continue; /* blank line */
if (*s == '[')
@ -343,7 +343,7 @@ again:
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
continue;
}
else
@ -406,12 +406,12 @@ again:
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
ts=(STACK_OF(CONF_VALUE) *)tv->value;
/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
}
else
{
tv=sv;
ts=section_sk;
/* ts=section_sk;*/
}
#if 1
if (_CONF_add_string(conf, tv, v) == 0)
@ -465,9 +465,6 @@ err:
static void clear_comments(CONF *conf, char *p)
{
char *to;
to=p;
for (;;)
{
if (IS_FCOMMENT(conf,*p))

3
Cryptlib/OpenSSL/crypto/cryptlib.c
View File

@ -396,7 +396,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
ERR_remove_state(0);
break;
case DLL_PROCESS_DETACH:
break;
@ -513,7 +512,7 @@ void OPENSSL_showfatal (const char *fmta,...)
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (GetVersion() < 0x80000000 && OPENSSL_isservice())
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);

2
Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
View File

@ -62,6 +62,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
@ -155,6 +156,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
return 0;
}
#endif
RAND_seed(dgst, dlen);
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{

3
Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
View File

@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
BIGNUM *r0,*W,*X,*c,*test;
BIGNUM *g=NULL,*q=NULL,*p=NULL;
BN_MONT_CTX *mont=NULL;
int k,n=0,i,b,m=0;
int k,n=0,i,m=0;
int counter=0;
int r=0;
BN_CTX *ctx=NULL;
@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
/* "offset = 2" */
n=(bits-1)/160;
b=(bits-1)-n*160;
for (;;)
{

2
Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
View File

@ -190,7 +190,7 @@ DSA *DSA_new_method(ENGINE *engine)
ret->method_mont_p=NULL;
ret->references=1;
ret->flags=ret->meth->flags;
ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{

3
Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
View File

@ -178,7 +178,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
if (BN_cmp(s,dsa->q) > 0)
BN_sub(s,s,dsa->q);
if (!BN_sub(s,s,dsa->q))
goto err;
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret=DSA_SIG_new();

28
Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
View File

@ -237,7 +237,10 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
{
void *ptr;
DSO_FUNC_TYPE sym, *tsym = &sym;
union {
DSO_FUNC_TYPE sym;
void *dlret;
} u;
if((dso == NULL) || (symname == NULL))
{
@ -255,14 +258,14 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
*(void **)(tsym) = dlsym(ptr, symname);
if(sym == NULL)
u.dlret = dlsym(ptr, symname);
if(u.dlret == NULL)
{
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
return(NULL);
}
return(sym);
return u.sym;
}
static char *dlfcn_merger(DSO *dso, const char *filespec1,
@ -332,6 +335,15 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
return(merged);
}
#ifdef OPENSSL_SYS_MACOSX
#define DSO_ext ".dylib"
#define DSO_extlen 6
#else
#define DSO_ext ".so"
#define DSO_extlen 3
#endif
static char *dlfcn_name_converter(DSO *dso, const char *filename)
{
char *translated;
@ -342,8 +354,8 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
transform = (strstr(filename, "/") == NULL);
if(transform)
{
/* We will convert this to "%s.so" or "lib%s.so" */
rsize += 3; /* The length of ".so" */
/* We will convert this to "%s.so" or "lib%s.so" etc */
rsize += DSO_extlen; /* The length of ".so" */
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
rsize += 3; /* The length of "lib" */
}
@ -357,9 +369,9 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
if(transform)
{
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
sprintf(translated, "lib%s.so", filename);
sprintf(translated, "lib%s" DSO_ext, filename);
else
sprintf(translated, "%s.so", filename);
sprintf(translated, "%s" DSO_ext, filename);
}
else
sprintf(translated, "%s", filename);

7
Cryptlib/OpenSSL/crypto/dso/dso_win32.c
View File

@ -327,8 +327,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
memset(result, 0, sizeof(struct file_st));
position = IN_DEVICE;
if(filename[0] == '\\' && filename[1] == '\\'
|| filename[0] == '/' && filename[1] == '/')
if((filename[0] == '\\' && filename[1] == '\\')
|| (filename[0] == '/' && filename[1] == '/'))
{
position = IN_NODE;
filename += 2;
@ -347,6 +347,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
DSOerr(DSO_F_WIN32_SPLITTER,
DSO_R_INCORRECT_FILE_SYNTAX);
/*goto err;*/
OPENSSL_free(result);
return(NULL);
}
result->device = start;
@ -613,6 +614,8 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2
merged = win32_joiner(dso, filespec1_split);
}
OPENSSL_free(filespec1_split);
OPENSSL_free(filespec2_split);
return(merged);
}

11
Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
View File

@ -318,6 +318,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
int ret = 0;
size_t i;
EC_POINT *p=NULL;
EC_POINT *acc = NULL;
if (ctx == NULL)
{
@ -337,15 +338,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
if ((p = EC_POINT_new(group)) == NULL) goto err;
if ((acc = EC_POINT_new(group)) == NULL) goto err;
if (!EC_POINT_set_to_infinity(group, r)) goto err;
if (!EC_POINT_set_to_infinity(group, acc)) goto err;
if (scalar)
{
if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
if (BN_is_negative(scalar))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
for (i = 0; i < num; i++)
@ -353,13 +355,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
if (BN_is_negative(scalars[i]))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
if (!EC_POINT_copy(r, acc)) goto err;
ret = 1;
err:
if (p) EC_POINT_free(p);
if (acc) EC_POINT_free(acc);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;

15
Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
View File

@ -174,8 +174,10 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->poly[2] = src->poly[2];
dest->poly[3] = src->poly[3];
dest->poly[4] = src->poly[4];
bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
return 0;
if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
return 0;
for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
return 1;
@ -199,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
/* group->a */
if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
/* group->b */
if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
ret = 1;
@ -819,7 +821,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_
field_sqr = group->meth->field_sqr;
/* only support affine coordinates */
if (!point->Z_is_one) goto err;
if (!point->Z_is_one) return -1;
if (ctx == NULL)
{
@ -870,6 +872,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
}
if (EC_POINT_is_at_infinity(group, b))
return 1;
if (a->Z_is_one && b->Z_is_one)
{
return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;

6
Cryptlib/OpenSSL/crypto/ec/ec_key.c
View File

@ -305,6 +305,12 @@ int EC_KEY_check_key(const EC_KEY *eckey)
return 0;
}
if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
goto err;
}
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if ((point = EC_POINT_new(eckey->group)) == NULL)

6
Cryptlib/OpenSSL/crypto/ec/ec_mult.c
View File

@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
EC_POINT **p;
for (p = pre->points; *p != NULL; p++)
{
EC_POINT_clear_free(*p);
OPENSSL_cleanse(pre->points, sizeof pre->points);
OPENSSL_cleanse(p, sizeof *p);
}
OPENSSL_free(pre->points);
}
OPENSSL_cleanse(pre, sizeof pre);
OPENSSL_cleanse(pre, sizeof *pre);
OPENSSL_free(pre);
}

3
Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
View File

@ -1407,6 +1407,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
}
if (EC_POINT_is_at_infinity(group, b))
return 1;
if (a->Z_is_one && b->Z_is_one)
{
return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;

6
Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
View File

@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
{
const ECDH_METHOD *mtmp;
ECDH_DATA *ecdh;
ecdh = ecdh_check(eckey);
@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
if (ecdh == NULL)
return 0;
mtmp = ecdh->meth;
#if 0
if (mtmp->finish)
mtmp->finish(eckey);
#endif
#ifndef OPENSSL_NO_ENGINE
if (ecdh->engine)
{

2
Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
View File

@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
{
const ECDSA_METHOD *mtmp;
ECDSA_DATA *ecdsa;
ecdsa = ecdsa_check(eckey);
@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
if (ecdsa == NULL)
return 0;
mtmp = ecdsa->meth;
#ifndef OPENSSL_NO_ENGINE
if (ecdsa->engine)
{

62
Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
View File

@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
}
while (BN_is_zero(k));
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
if (!BN_add(k, k, order)) goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order)) goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
@ -212,7 +220,7 @@ err:
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
{
int ok = 0;
int ok = 0, i;
BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
const BIGNUM *ckinv;
BN_CTX *ctx = NULL;
@ -251,22 +259,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
if (8 * dgst_len > BN_num_bits(order))
{
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
i = BN_num_bits(order);
/* Need to truncate digest if it is too long: first truncate whole
* bytes.
*/
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
if (8 * dgst_len > i)
dgst_len = (i + 7)/8;
if (!BN_bin2bn(dgst, dgst_len, m))
{
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_bin2bn(dgst, dgst_len, m))
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
{
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
@ -346,7 +351,7 @@ err:
static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey)
{
int ret = -1;
int ret = -1, i;
BN_CTX *ctx;
BIGNUM *order, *u1, *u2, *m, *X;
EC_POINT *point = NULL;
@ -384,21 +389,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if (8 * dgst_len > BN_num_bits(order))
{
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
*/
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
ret = 0;
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
@ -415,11 +405,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
goto err;
}
/* digest -> m */
i = BN_num_bits(order);
/* Need to truncate digest if it is too long: first truncate whole
* bytes.
*/
if (8 * dgst_len > i)
dgst_len = (i + 7)/8;
if (!BN_bin2bn(dgst, dgst_len, m))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* u1 = m * tmp mod order */
if (!BN_mod_mul(u1, m, u2, order, ctx))
{

2
Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
View File

@ -57,6 +57,7 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/rand.h>
ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
EC_KEY *eckey)
{
ECDSA_SIG *s;
RAND_seed(dgst, dlen);
s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
if (s == NULL)
{

2
Cryptlib/OpenSSL/crypto/engine/eng_all.c
View File

@ -104,7 +104,7 @@ void ENGINE_load_builtin_engines(void)
#endif
#endif
#ifndef OPENSSL_NO_HW
#if defined(__OpenBSD__) || defined(__FreeBSD__)
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
ENGINE_load_cryptodev();
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)

17
Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
View File

@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
int ret = 0;
long do_init = -1;
STACK_OF(CONF_VALUE) *ecmds;
CONF_VALUE *ecmd;
CONF_VALUE *ecmd = NULL;
char *ctrlname, *ctrlvalue;
ENGINE *e = NULL;
int soft = 0;
@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
return 1;
}
if (!e)
return 0;
goto err;
}
/* Allow "EMPTY" to mean no value: this allows a valid
* "value" to be passed to ctrls of type NO_INPUT
@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
}
else if (!ENGINE_ctrl_cmd_string(e,
ctrlname, ctrlvalue, 0))
return 0;
goto err;
}
}
if (e && (do_init == -1) && !int_engine_init(e))
{
ecmd = NULL;
goto err;
}
ret = 1;
err:
if (ret != 1)
{
ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
if (ecmd)
ERR_add_error_data(6, "section=", ecmd->section,
", name=", ecmd->name,
", value=", ecmd->value);
}
if (e)
ENGINE_free(e);
return ret;

57
Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
View File

@ -30,9 +30,13 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
(defined(OpenBSD) || defined(__FreeBSD_version))
(defined(OpenBSD) || defined(__FreeBSD__))
#include <sys/param.h>
# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
# define HAVE_CRYPTODEV
@ -79,7 +83,7 @@ static int cryptodev_max_iv(int cipher);
static int cryptodev_key_length_valid(int cipher, int len);
static int cipher_nid_to_cryptodev(int nid);
static int get_cryptodev_ciphers(const int **cnids);
static int get_cryptodev_digests(const int **cnids);
/*static int get_cryptodev_digests(const int **cnids);*/
static int cryptodev_usable_ciphers(const int **nids);
static int cryptodev_usable_digests(const int **nids);
static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@ -100,7 +104,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
RSA *rsa);
RSA *rsa, BN_CTX *ctx);
static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@ -139,6 +143,7 @@ static struct {
{ 0, NID_undef, 0, 0, },
};
#if 0
static struct {
int id;
int nid;
@ -151,6 +156,7 @@ static struct {
{ CRYPTO_SHA1, NID_undef, },
{ 0, NID_undef, },
};
#endif
/*
* Return a fd if /dev/crypto seems usable, 0 otherwise.
@ -285,6 +291,7 @@ get_cryptodev_ciphers(const int **cnids)
return (count);
}
#if 0 /* unused */
/*
* Find out what digests /dev/crypto will let us have a session for.
* XXX note, that some of these openssl doesn't deal with yet!
@ -321,6 +328,8 @@ get_cryptodev_digests(const int **cnids)
return (count);
}
#endif
/*
* Find the useable ciphers|digests from dev/crypto - this is the first
* thing called by the engine init crud which determines what it
@ -374,7 +383,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
struct crypt_op cryp;
struct dev_crypto_state *state = ctx->cipher_data;
struct session_op *sess = &state->d_sess;
void *iiv;
const void *iiv;
unsigned char save_iv[EVP_MAX_IV_LENGTH];
if (state->d_fd < 0)
@ -398,7 +407,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (ctx->cipher->iv_len) {
cryp.iv = (caddr_t) ctx->iv;
if (!ctx->encrypt) {
iiv = (void *) in + inl - ctx->cipher->iv_len;
iiv = in + inl - ctx->cipher->iv_len;
memcpy(save_iv, iiv, ctx->cipher->iv_len);
}
} else
@ -413,7 +422,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (ctx->cipher->iv_len) {
if (ctx->encrypt)
iiv = (void *) out + inl - ctx->cipher->iv_len;
iiv = out + inl - ctx->cipher->iv_len;
else
iiv = save_iv;
memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@ -443,7 +452,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if ((state->d_fd = get_dev_crypto()) < 0)
return (0);
sess->key = (unsigned char *)key;
sess->key = (char *)key;
sess->keylen = ctx->key_len;
sess->cipher = cipher;
@ -625,7 +634,7 @@ static int
bn2crparam(const BIGNUM *a, struct crparam *crp)
{
int i, j, k;
ssize_t words, bytes, bits;
ssize_t bytes, bits;
u_char *b;
crp->crp_p = NULL;
@ -638,7 +647,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
if (b == NULL)
return (1);
crp->crp_p = b;
crp->crp_p = (char *)b;
crp->crp_nbits = bits;
for (i = 0, j = 0; i < a->top; i++) {
@ -746,24 +755,29 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
kop.crk_iparams = 3;
if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
printf("OCF asym process failed, Running in software\n");
ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
printf("OCF hardware operation cancelled. Running in Software\n");
ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
}
/* else cryptodev operation worked ok ==> ret = 1*/
err:
zapparams(&kop);
return (ret);
}
static int
cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
int r;
BN_CTX *ctx;
ctx = BN_CTX_new();
r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
BN_CTX_free(ctx);
return (r);
}
@ -795,10 +809,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
goto err;
kop.crk_iparams = 6;
if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
printf("OCF asym process failed, running in Software\n");
ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
printf("OCF hardware operation cancelled. Running in Software\n");
ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
}
/* else cryptodev operation worked ok ==> ret = 1*/
err:
zapparams(&kop);
return (ret);
@ -934,7 +956,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
kop.crk_iparams = 7;
if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
dsaret = kop.crk_status;
/*OCF success value is 0, if not zero, change dsaret to fail*/
if(0 != kop.crk_status) dsaret = 0;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
@ -994,7 +1017,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
kop.crk_iparams = 3;
kop.crk_param[3].crp_p = key;
kop.crk_param[3].crp_p = (char *)key;
kop.crk_param[3].crp_nbits = keylen * 8;
kop.crk_oparams = 1;

8
Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
View File

@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
if (ENGINE_ctrl(e, num, i, p, f))
if (ENGINE_ctrl(e, num, i, p, f) > 0)
return 1;
return 0;
}
@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
* usage of these commands is consistent across applications and
* that certain applications don't understand it one way, and
* others another. */
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
if(flags & ENGINE_CMD_FLAG_STRING)
{
/* Same explanation as above */
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
if(ENGINE_ctrl(e, num, l, NULL, NULL))
if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
return 1;
return 0;
}

3
Cryptlib/OpenSSL/crypto/engine/eng_err.c
View File

@ -1,6 +1,6 @@
/* crypto/engine/eng_err.c */
/* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -124,6 +124,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},

1
Cryptlib/OpenSSL/crypto/engine/eng_list.c
View File

@ -412,6 +412,7 @@ ENGINE *ENGINE_by_id(const char *id)
return iterator;
}
notfound:
ENGINE_free(iterator);
ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
ERR_add_error_data(2, "id=", id);
return NULL;

3
Cryptlib/OpenSSL/crypto/engine/eng_table.c
View File

@ -237,6 +237,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
#endif
return NULL;
}
ERR_set_mark();
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Check again inside the lock otherwise we could race against cleanup
* operations. But don't worry about a fprintf(stderr). */
@ -310,6 +311,6 @@ end:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* Whatever happened, any failed init()s are not failures in this
* context, so clear our error state. */
ERR_clear_error();
ERR_pop_to_mark();
return ret;
}

2
Cryptlib/OpenSSL/crypto/err/err_all.c
View File

@ -104,6 +104,7 @@
#ifndef OPENSSL_NO_JPAKE
#include <openssl/jpake.h>
#endif
#include <openssl/comp.h>
void ERR_load_crypto_strings(void)
{
@ -157,5 +158,6 @@ void ERR_load_crypto_strings(void)
#ifndef OPENSSL_NO_JPAKE
ERR_load_JPAKE_strings();
#endif
ERR_load_COMP_strings();
#endif
}

10
Cryptlib/OpenSSL/crypto/err/err_prn.c
View File

@ -79,14 +79,20 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
ERR_error_string_n(l, buf, sizeof buf);
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : "");
cb(buf2, strlen(buf2), u);
if (cb(buf2, strlen(buf2), u) <= 0)
break; /* abort outputting the error report */
}
}
#ifndef OPENSSL_NO_FP_API
static int print_fp(const char *str, size_t len, void *fp)
{
return fwrite(str, 1, len, fp);
BIO bio;
BIO_set(&bio,BIO_s_file());
BIO_set_fp(&bio,fp,BIO_NOCLOSE);
return BIO_printf(&bio, "%s", str);
}
void ERR_print_errors_fp(FILE *fp)
{

71
Cryptlib/OpenSSL/crypto/evp/bio_b64.c
View File

@ -64,7 +64,7 @@
static int b64_write(BIO *h, const char *buf, int num);
static int b64_read(BIO *h, char *buf, int size);
/*static int b64_puts(BIO *h, const char *str); */
static int b64_puts(BIO *h, const char *str);
/*static int b64_gets(BIO *h, char *str, int size); */
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int b64_new(BIO *h);
@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
BIO_TYPE_BASE64,"base64 encoding",
b64_write,
b64_read,
NULL, /* b64_puts, */
b64_puts,
NULL, /* b64_gets, */
b64_ctrl,
b64_new,
@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
bi->init=1;
bi->ptr=(char *)ctx;
bi->flags=0;
bi->num = 0;
return(1);
}
@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
BIO_clear_retry_flags(b);
if (ctx->encode != B64_DECODE)
{
ctx->encode=B64_DECODE;
@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
/* First check if there are bytes decoded/encoded */
if (ctx->buf_len > 0)
{
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
if (ctx->cont <= 0)
break;
@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
{
ret_code=i;
/* Should be continue next time we are called? */
/* Should we continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
else
{
ctx->tmp_len=0;
}
}
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
{
/* If buffer isn't full and we can retry then
* restart to read in more data.
*/
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
continue;
}
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
int z,jj;
#if 0
jj=(i>>2)<<2;
#else
jj = i & ~3; /* process per 4 */
#endif
z=EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,jj);
if (jj > 2)
@ -313,17 +324,14 @@ static int b64_read(BIO *b, char *out, int outl)
* number consumed */
if (jj != i)
{
memcpy((unsigned char *)ctx->tmp,
(unsigned char *)&(ctx->tmp[jj]),i-jj);
memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
ctx->tmp_len=i-jj;
}
ctx->buf_len=0;
if (z > 0)
{
ctx->buf_len=z;
i=1;
}
else
i=z;
}
else
@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
outl-=i;
out+=i;
}
BIO_clear_retry_flags(b);
/* BIO_clear_retry_flags(b); */
BIO_copy_next_retry(b);
return((ret == 0)?ret_code:ret);
}
static int b64_write(BIO *b, const char *in, int inl)
{
int ret=inl,n,i;
int ret=0;
int n;
int i;
BIO_B64_CTX *ctx;
ctx=(BIO_B64_CTX *)b->ptr;
@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeInit(&(ctx->base64));
}
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n=ctx->buf_len-ctx->buf_off;
while (n > 0)
{
@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return(i);
}
OPENSSL_assert(i <= n);
ctx->buf_off+=i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n-=i;
}
/* at this point all pending data has been written */
@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (ctx->tmp_len > 0)
{
OPENSSL_assert(ctx->tmp_len <= 3);
n=3-ctx->tmp_len;
/* There's a teoretical possibility for this */
/* There's a theoretical possibility for this */
if (n > inl)
n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
ret += n;
if (ctx->tmp_len < 3)
break;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,
ctx->tmp_len);
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
/* Since we're now done using the temporary
buffer, the length should be 0'd */
ctx->tmp_len=0;
@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (n < 3)
{
memcpy(&(ctx->tmp[0]),in,n);
memcpy(ctx->tmp,in,n);
ctx->tmp_len=n;
ret += n;
break;
}
n-=n%3;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)in,n);
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
}
else
@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)in,n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
inl-=n;
in+=n;
@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return((ret == 0)?i:ret);
}
OPENSSL_assert(i <= n);
n-=i;
ctx->buf_off+=i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len=0;
ctx->buf_off=0;
@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
&& (ctx->base64.num != 0))
@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
return(ret);
}
static int b64_puts(BIO *b, const char *str)
{
return b64_write(b,str,strlen(str));
}

2
Cryptlib/OpenSSL/crypto/evp/c_allc.c
View File

@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());

3
Cryptlib/OpenSSL/crypto/evp/c_alld.c
View File

@ -64,9 +64,6 @@
void OpenSSL_add_all_digests(void)
{
#ifndef OPENSSL_NO_MD2
EVP_add_digest(EVP_md2());
#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif

22
Cryptlib/OpenSSL/crypto/evp/digest.c
View File

@ -127,6 +127,7 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
if (ctx)
EVP_MD_CTX_init(ctx);
return ctx;
@ -234,6 +235,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
{
/* Same comment from evp_enc.c */
EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
ENGINE_finish(impl);
return 0;
}
/* We'll use the ENGINE's private digest definition */
@ -299,7 +301,14 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
if (type->ctx_size)
{
ctx->md_data=OPENSSL_malloc(type->ctx_size);
if (!ctx->md_data)
{
EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
}
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
@ -380,8 +389,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (out->digest->ctx_size)
{
if (tmp_buf) out->md_data = tmp_buf;
else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
if (tmp_buf)
out->md_data = tmp_buf;
else
{
out->md_data=OPENSSL_malloc(out->digest->ctx_size);
if (!out->md_data)
{
EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
return 0;
}
}
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}

1
Cryptlib/OpenSSL/crypto/evp/enc_min.c
View File

@ -279,6 +279,7 @@ skip_to_init:
case EVP_CIPH_OFB_MODE:
ctx->num = 0;
/* fall-through */
case EVP_CIPH_CBC_MODE:

3
Cryptlib/OpenSSL/crypto/evp/encode.c
View File

@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
unsigned char *d;
n=ctx->num;
@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
* lines. We process the line and then need to
* accept the '\n' */
if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
tmp2=v;
if (n > 0)
{
v=EVP_DecodeBlock(out,d,n);

6
Cryptlib/OpenSSL/crypto/evp/evp_lib.c
View File

@ -163,6 +163,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
return NID_des_cfb64;
case NID_des_ede3_cfb64:
case NID_des_ede3_cfb8:
case NID_des_ede3_cfb1:
return NID_des_cfb64;
default:
/* Check it has an OID and it is valid */
otmp = OBJ_nid2obj(nid);

41
Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
View File

@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b)
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen)
{
EVP_PBE_CTL *pbe_tmp;
if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
int i;
if (!pbe_algs)
{
pbe_algs = sk_new(pbe_cmp);
if (!pbe_algs)
{
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
}
else
{
/* Check if already present */
pbelu.pbe_nid = nid;
i = sk_find(pbe_algs, (char *)&pbelu);
if (i >= 0)
{
pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
/* If everything identical leave alone */
if (pbe_tmp->cipher == cipher
&& pbe_tmp->md == md
&& pbe_tmp->keygen == keygen)
return 1;
}
}
if (!pbe_tmp)
{
pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
if (!pbe_tmp)
{
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
/* If adding a new PBE, set nid, append and sort */
pbe_tmp->pbe_nid = nid;
sk_push (pbe_algs, (char *)pbe_tmp);
sk_sort(pbe_algs);
}
pbe_tmp->cipher = cipher;
pbe_tmp->md = md;
pbe_tmp->keygen = keygen;
sk_push (pbe_algs, (char *)pbe_tmp);
return 1;
}

2
Cryptlib/OpenSSL/crypto/evp/names.c
View File

@ -90,7 +90,7 @@ int EVP_add_digest(const EVP_MD *md)
r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
if (r == 0) return(0);
if (md->type != md->pkey_type)
if (md->pkey_type && md->type != md->pkey_type)
{
r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);

2
Cryptlib/OpenSSL/crypto/evp/p_sign.c
View File

@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
MS_STATIC EVP_MD_CTX tmp_ctx;
EVP_MD_CTX tmp_ctx;
*siglen=0;
for (i=0; i<4; i++)

2
Cryptlib/OpenSSL/crypto/evp/p_verify.c
View File

@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
MS_STATIC EVP_MD_CTX tmp_ctx;
EVP_MD_CTX tmp_ctx;
for (i=0; i<4; i++)
{

3
Cryptlib/OpenSSL/crypto/hmac/hmac.c
View File

@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
{
int j;
unsigned int i;
unsigned char buf[EVP_MAX_MD_SIZE];
j=EVP_MD_block_size(ctx->md);
EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
EVP_DigestUpdate(&ctx->md_ctx,buf,i);

58
Cryptlib/OpenSSL/crypto/lhash/lhash.c
View File

@ -305,16 +305,40 @@ void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
static void expand(LHASH *lh)
{
LHASH_NODE **n,**n1,**n2,*np;
unsigned int p,i,j;
unsigned int p,i,j,pmax;
unsigned long hash,nni;
p=(int)lh->p++;
nni=lh->num_alloc_nodes;
pmax=lh->pmax;
if ((lh->p) >= lh->pmax)
{
j=(int)lh->num_alloc_nodes*2;
n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)sizeof(LHASH_NODE *)*j);
if (n == NULL)
{
/* fputs("realloc error in lhash",stderr); */
lh->error++;
lh->p=0;
return;
}
/* else */
for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
n[i]=NULL; /* 02/03/92 eay */
lh->pmax=lh->num_alloc_nodes;
lh->num_alloc_nodes=j;
lh->num_expand_reallocs++;
lh->p=0;
lh->b=n;
}
lh->num_nodes++;
lh->num_expands++;
p=(int)lh->p++;
n1= &(lh->b[p]);
n2= &(lh->b[p+(int)lh->pmax]);
n2= &(lh->b[p+pmax]);
*n2=NULL; /* 27/07/92 - eay - undefined pointer bug */
nni=lh->num_alloc_nodes;
for (np= *n1; np != NULL; )
{
@ -335,35 +359,14 @@ static void expand(LHASH *lh)
np= *n1;
}
if ((lh->p) >= lh->pmax)
{
j=(int)lh->num_alloc_nodes*2;
n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)(sizeof(LHASH_NODE *)*j));
if (n == NULL)
{
/* fputs("realloc error in lhash",stderr); */
lh->error++;
lh->p=0;
return;
}
/* else */
for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
n[i]=NULL; /* 02/03/92 eay */
lh->pmax=lh->num_alloc_nodes;
lh->num_alloc_nodes=j;
lh->num_expand_reallocs++;
lh->p=0;
lh->b=n;
}
}
static void contract(LHASH *lh)
{
LHASH_NODE **n,*n1,*np;
int idx = lh->p+lh->pmax-1;
np=lh->b[lh->p+lh->pmax-1];
lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
np=lh->b[idx];
if (lh->p == 0)
{
n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
@ -383,6 +386,7 @@ static void contract(LHASH *lh)
else
lh->p--;
lh->b[idx] = NULL;
lh->num_nodes--;
lh->num_contracts++;

4
Cryptlib/OpenSSL/crypto/mem.c
View File

@ -372,6 +372,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
if (num <= 0) return NULL;
/* We don't support shrinking the buffer. Note the memcpy that copies
* |old_len| bytes to the new buffer, below. */
if (num < old_len) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret=malloc_ex_func(num,file,line);

12
Cryptlib/OpenSSL/crypto/o_init.c
View File

@ -59,6 +59,16 @@
#include <e_os.h>
#include <openssl/err.h>
/* Internal only functions: only ever used here */
#ifdef OPENSSL_FIPS
extern void int_ERR_lib_init(void);
# ifndef OPENSSL_NO_ENGINE
extern void int_EVP_MD_init_engine_callbacks(void );
extern void int_EVP_CIPHER_init_engine_callbacks(void );
extern void int_RAND_init_engine_callbacks(void );
# endif
#endif
/* Perform any essential OpenSSL initialization operations.
* Currently only sets FIPS callbacks
*/
@ -73,7 +83,7 @@ void OPENSSL_init(void)
#ifdef CRYPTO_MDEBUG
CRYPTO_malloc_debug_init();
#endif
#ifdef OPENSSL_ENGINE
#ifndef OPENSSL_NO_ENGINE
int_EVP_MD_init_engine_callbacks();
int_EVP_CIPHER_init_engine_callbacks();
int_RAND_init_engine_callbacks();

4
Cryptlib/OpenSSL/crypto/o_str.c
View File

@ -60,7 +60,9 @@
#include <e_os.h>
#include "o_str.h"
#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32)
#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
!defined(OPENSSL_SYSNAME_WIN32) && \
!defined(NETWARE_CLIB)
# include <strings.h>
#endif

3
Cryptlib/OpenSSL/crypto/objects/obj_dat.c
View File

@ -456,11 +456,14 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
s=OBJ_nid2ln(nid);
if (s == NULL)
s=OBJ_nid2sn(nid);
if (s)
{
if (buf)
BUF_strlcpy(buf,s,buf_len);
n=strlen(s);
return n;
}
}
len=a->length;

12
Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
View File

@ -371,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
case OHS_ASN1_HEADER:
/* Now reading ASN1 header: can read at least 6 bytes which
* is more than enough for any valid ASN1 SEQUENCE header
/* Now reading ASN1 header: can read at least 2 bytes which
* is enough for ASN1 SEQUENCE header and either length field
* or at least the length of the length field.
*/
n = BIO_get_mem_data(rctx->mem, &p);
if (n < 6)
if (n < 2)
goto next_io;
/* Check it is an ASN1 SEQUENCE */
@ -388,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
/* Check out length field */
if (*p & 0x80)
{
/* If MSB set on initial length octet we can now
* always read 6 octets: make sure we have them.
*/
if (n < 6)
goto next_io;
n = *p & 0x7F;
/* Not NDEF or excessive length */
if (!n || (n > 4))

8
Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
View File

@ -169,14 +169,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
char *host, *port;
/* dup the buffer since we are going to mess with it */
buf = BUF_strdup(url);
if (!buf) goto mem_err;
*phost = NULL;
*pport = NULL;
*ppath = NULL;
/* dup the buffer since we are going to mess with it */
buf = BUF_strdup(url);
if (!buf) goto mem_err;
/* Check for initial colon */
p = strchr(buf, ':');

Some files were not shown because too many files have changed in this diff Show More