From bb1499d2aac1d25a95b8573ff425751f06f159e1 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Sun, 21 Sep 2008 14:56:30 +0000 Subject: Vendor import of OpenSSL 0.9.8i. --- CHANGES | 385 ++- ChangeLog.0_9_7-stable_not-in-head | 163 -- ChangeLog.0_9_7-stable_not-in-head_FIPS | 1494 ----------- Configure | 156 +- FAQ | 85 +- INSTALL | 4 +- LICENSE | 2 +- Makefile | 8 +- Makefile.org | 4 +- Makefile.shared | 40 +- NEWS | 23 + README | 19 +- apps/Makefile | 660 ++--- apps/apps.c | 2 +- apps/apps.h | 15 + apps/ca.c | 9 + apps/cms.c | 1347 ++++++++++ apps/dgst.c | 25 +- apps/dsa.c | 42 +- apps/ec.c | 2 +- apps/gendsa.c | 8 + apps/genrsa.c | 8 + apps/ocsp.c | 214 +- apps/openssl.c | 18 +- apps/pkcs12.c | 21 +- apps/progs.h | 19 + apps/progs.pl | 8 +- apps/rand.c | 2 +- apps/req.c | 3 +- apps/rsa.c | 4 + apps/rsautl.c | 36 +- apps/s_apps.h | 3 + apps/s_cb.c | 61 +- apps/s_client.c | 225 +- apps/s_server.c | 485 +++- apps/smime.c | 7 + apps/speed.c | 140 +- apps/x509.c | 11 +- certs/README.RootCerts | 4 + certs/RegTP-5R.pem | 19 - certs/RegTP-6R.pem | 19 - certs/aol1.pem | 22 - certs/aol2.pem | 33 - certs/aoltw1.pem | 23 - certs/aoltw2.pem | 34 - certs/argena.pem | 39 - certs/argeng.pem | 23 - certs/demo/nortelCA.pem | 16 - certs/demo/timCA.pem | 16 - certs/demo/tjhCA.pem | 15 - certs/demo/vsigntca.pem | 18 - certs/eng1.pem | 23 - certs/eng2.pem | 23 - certs/eng3.pem | 34 - certs/eng4.pem | 23 - certs/eng5.pem | 23 - certs/expired/ICE-CA.pem | 59 - certs/expired/ICE-root.pem | 48 - certs/expired/ICE-user.pem | 63 - certs/expired/RegTP-4R.pem | 19 - certs/expired/factory.pem | 15 - certs/expired/rsa-cca.pem | 19 - certs/expired/rsa-ssca.pem | 19 - certs/expired/vsign2.pem | 18 - certs/expired/vsign3.pem | 18 - certs/thawteCb.pem | 19 - certs/thawteCp.pem | 19 - certs/vsign1.pem | 17 - certs/vsign3.pem | 17 - certs/vsignss.pem | 17 - certs/wellsfgo.pem | 23 - config | 19 +- crypto/aes/Makefile | 15 +- crypto/aes/aes.h | 6 + crypto/aes/aes_ige.c | 206 +- crypto/aes/aes_wrap.c | 259 ++ crypto/aes/asm/aes-586.pl | 12 +- crypto/aes/asm/aes-ia64.S | 1819 +++++-------- crypto/aes/asm/aes-x86_64.pl | 1578 +++++++++++ crypto/asn1/Makefile | 31 +- crypto/asn1/a_object.c | 1 + crypto/asn1/a_type.c | 26 + crypto/asn1/asn1.h | 117 +- crypto/asn1/asn1_err.c | 19 +- crypto/asn1/asn1_lib.c | 8 + crypto/asn1/asn1t.h | 7 + crypto/asn1/asn_mime.c | 876 +++++++ crypto/asn1/asn_moid.c | 2 +- crypto/asn1/t_req.c | 4 +- crypto/asn1/t_x509.c | 20 +- crypto/asn1/tasn_dec.c | 6 +- crypto/asn1/tasn_enc.c | 4 +- crypto/asn1/tasn_fre.c | 4 +- crypto/asn1/x_algor.c | 57 + crypto/asn1/x_crl.c | 2 +- crypto/asn1/x_exten.c | 5 + crypto/asn1/x_name.c | 40 +- crypto/bio/b_print.c | 4 +- crypto/bio/b_sock.c | 32 +- crypto/bio/bio.h | 17 +- crypto/bio/bss_dgram.c | 70 +- crypto/bio/bss_file.c | 8 +- crypto/bn/Makefile | 9 + crypto/bn/asm/ia64.S | 35 +- crypto/bn/asm/mo-586.pl | 603 +++++ crypto/bn/asm/x86_64-mont.pl | 214 ++ crypto/bn/bn.h | 25 +- crypto/bn/bn_blind.c | 12 +- crypto/bn/bn_div.c | 249 +- crypto/bn/bn_err.c | 4 +- crypto/bn/bn_exp.c | 20 +- crypto/bn/bn_gcd.c | 161 ++ crypto/bn/bn_gf2m.c | 6 +- crypto/bn/bn_lcl.h | 1 + crypto/bn/bn_lib.c | 2 +- crypto/bn/bn_mont.c | 321 ++- crypto/bn/bn_mul.c | 15 +- crypto/bn/bn_nist.c | 653 ++--- crypto/bn/bn_prime.c | 4 +- crypto/bn/bn_prime.h | 4 +- crypto/bn/bn_prime.pl | 4 +- crypto/bn/bntest.c | 60 +- crypto/cms/Makefile | 183 ++ crypto/cms/cms.h | 473 ++++ crypto/cms/cms_asn1.c | 346 +++ crypto/cms/cms_att.c | 195 ++ crypto/cms/cms_cd.c | 134 + crypto/cms/cms_dd.c | 148 ++ crypto/cms/cms_enc.c | 262 ++ crypto/cms/cms_env.c | 825 ++++++ crypto/cms/cms_err.c | 236 ++ crypto/cms/cms_ess.c | 420 +++ crypto/cms/cms_io.c | 140 + crypto/cms/cms_lcl.h | 460 ++++ crypto/cms/cms_lib.c | 623 +++++ crypto/cms/cms_sd.c | 1014 ++++++++ crypto/cms/cms_smime.c | 808 ++++++ crypto/comp/c_zlib.c | 391 ++- crypto/comp/comp.h | 14 + crypto/comp/comp_err.c | 9 +- crypto/conf/conf.h | 1 + crypto/conf/conf_api.c | 2 +- crypto/conf/conf_mod.c | 11 +- crypto/conf/conf_sap.c | 4 +- crypto/cryptlib.c | 4 +- crypto/cryptlib.h | 1 - crypto/crypto.h | 1 + crypto/des/des.h | 3 +- crypto/des/des_old.c | 2 + crypto/des/des_old.h | 3 +- crypto/des/set_key.c | 2 +- crypto/des/xcbc_enc.c | 4 +- crypto/dh/Makefile | 20 +- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_key.c | 4 +- crypto/dsa/Makefile | 11 +- crypto/dsa/dsa_gen.c | 11 +- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/ec/ec.h | 1 + crypto/ec/ec_err.c | 3 +- crypto/ec/ec_mult.c | 34 +- crypto/ec/ectest.c | 14 +- crypto/ecdh/Makefile | 32 +- crypto/ecdh/ecdhtest.c | 10 +- crypto/ecdsa/Makefile | 48 +- crypto/ecdsa/ecdsatest.c | 22 +- crypto/ecdsa/ecs_ossl.c | 25 +- crypto/engine/Makefile | 390 ++- crypto/engine/eng_all.c | 3 + crypto/engine/eng_cnf.c | 9 + crypto/engine/eng_err.c | 3 +- crypto/engine/eng_int.h | 2 + crypto/engine/eng_padlock.c | 5 +- crypto/engine/eng_pkey.c | 42 + crypto/engine/eng_table.c | 12 +- crypto/engine/engine.h | 16 + crypto/err/err.c | 2 + crypto/err/err.h | 4 + crypto/err/err_all.c | 6 + crypto/err/openssl.ec | 2 + crypto/evp/Makefile | 66 +- crypto/evp/c_allc.c | 9 + crypto/evp/e_seed.c | 83 + crypto/evp/evp.h | 11 + crypto/evp/evp_enc.c | 13 +- crypto/evp/evp_locl.h | 2 +- crypto/evp/evp_test.c | 7 + crypto/evp/evptests.txt | 9 + crypto/ex_data.c | 2 +- crypto/hmac/hmac.c | 7 + crypto/hmac/hmac.h | 1 + crypto/md32_common.h | 373 +-- crypto/md4/md4_dgst.c | 89 - crypto/md4/md4_locl.h | 44 - crypto/md4/md4test.c | 6 +- crypto/md5/Makefile | 18 - crypto/md5/asm/md5-586.pl | 2 +- crypto/md5/asm/md5-sparcv9.S | 1031 -------- crypto/md5/asm/md5-x86_64.pl | 8 +- crypto/md5/md5_dgst.c | 106 - crypto/md5/md5_locl.h | 54 +- crypto/md5/md5test.c | 6 +- crypto/mem_clr.c | 12 +- crypto/o_str.c | 4 + crypto/objects/Makefile | 16 +- crypto/objects/obj_dat.c | 1 + crypto/objects/obj_dat.h | 3020 +++++++++++++--------- crypto/objects/obj_mac.h | 359 ++- crypto/objects/obj_mac.num | 85 + crypto/objects/objects.txt | 131 +- crypto/ocsp/ocsp.h | 19 +- crypto/ocsp/ocsp_err.c | 3 +- crypto/ocsp/ocsp_ht.c | 468 +++- crypto/opensslconf.h | 24 + crypto/opensslv.h | 6 +- crypto/ossl_typ.h | 7 + crypto/pem/pem.h | 64 +- crypto/pem/pem_info.c | 2 +- crypto/perlasm/x86_64-xlate.pl | 80 +- crypto/perlasm/x86ms.pl | 30 +- crypto/perlasm/x86nasm.pl | 4 + crypto/perlasm/x86unix.pl | 42 +- crypto/pkcs12/p12_crt.c | 26 +- crypto/pkcs7/pk7_mime.c | 55 +- crypto/pkcs7/pk7_smime.c | 2 +- crypto/pqueue/pq_compat.h | 2 +- crypto/rand/Makefile | 17 +- crypto/rand/rand_nw.c | 11 +- crypto/rand/randfile.c | 8 +- crypto/rc4/Makefile | 4 +- crypto/rc4/asm/rc4-586.pl | 4 +- crypto/rc4/asm/rc4-ia64.S | 5 +- crypto/rc4/asm/rc4-x86_64.pl | 130 +- crypto/rc4/rc4_skey.c | 9 +- crypto/ripemd/asm/rmd-586.pl | 4 +- crypto/ripemd/rmd_dgst.c | 201 -- crypto/ripemd/rmd_locl.h | 16 +- crypto/ripemd/rmdtest.c | 6 +- crypto/rsa/Makefile | 13 +- crypto/rsa/rsa.h | 18 +- crypto/rsa/rsa_eay.c | 132 +- crypto/rsa/rsa_gen.c | 33 +- crypto/rsa/rsa_lib.c | 14 +- crypto/rsa/rsa_oaep.c | 23 +- crypto/rsa/rsa_ssl.c | 2 +- crypto/rsa/rsa_test.c | 28 +- crypto/seed/Makefile | 87 + crypto/seed/seed.c | 286 ++ crypto/seed/seed.h | 135 + crypto/seed/seed_cbc.c | 129 + crypto/seed/seed_cfb.c | 144 ++ crypto/seed/seed_ecb.c | 60 + crypto/seed/seed_locl.h | 116 + crypto/seed/seed_ofb.c | 128 + crypto/sha/Makefile | 5 + crypto/sha/asm/sha1-586.pl | 433 +--- crypto/sha/asm/sha1-ia64.pl | 346 +-- crypto/sha/asm/sha1-x86_64.pl | 242 ++ crypto/sha/asm/sha512-ia64.pl | 422 ++- crypto/sha/asm/sha512-x86_64.pl | 344 +++ crypto/sha/sha1test.c | 6 +- crypto/sha/sha256.c | 81 +- crypto/sha/sha512.c | 103 +- crypto/sha/sha_locl.h | 278 +- crypto/sha/shatest.c | 6 +- crypto/stack/safestack.h | 274 +- crypto/store/str_lib.c | 2 +- crypto/symhacks.h | 17 + crypto/x509/x509.h | 13 +- crypto/x509/x509_att.c | 43 +- crypto/x509/x509_txt.c | 2 +- crypto/x509/x509_vfy.c | 16 +- crypto/x509/x509_vpm.c | 2 +- crypto/x509v3/pcy_data.c | 8 + crypto/x509v3/pcy_tree.c | 22 +- crypto/x509v3/v3_addr.c | 12 +- crypto/x509v3/v3_asid.c | 2 +- crypto/x509v3/v3_pci.c | 11 - crypto/x509v3/v3_purp.c | 6 +- crypto/x509v3/v3_utl.c | 24 + crypto/x509v3/x509v3.h | 5 +- crypto/x86_64cpuid.pl | 99 +- crypto/x86cpuid.pl | 32 +- demos/engines/cluster_labs/hw_cluster_labs_err.h | 4 + demos/engines/ibmca/hw_ibmca_err.h | 4 + demos/engines/zencod/hw_zencod_err.h | 4 + doc/apps/ciphers.pod | 34 +- doc/apps/dgst.pod | 5 + doc/apps/enc.pod | 8 + doc/apps/ocsp.pod | 8 +- doc/apps/openssl.pod | 16 + doc/apps/rsautl.pod | 2 +- doc/apps/s_client.pod | 31 + doc/apps/s_server.pod | 21 + doc/apps/verify.pod | 2 +- doc/c-indentation.el | 1 + doc/crypto/ASN1_generate_nconf.pod | 35 +- doc/crypto/DH_set_method.pod | 2 +- doc/crypto/DSA_set_method.pod | 2 +- doc/crypto/OPENSSL_ia32cap.pod | 36 +- doc/crypto/RAND_bytes.pod | 3 + doc/crypto/RAND_set_rand_method.pod | 2 +- doc/crypto/RSA_set_method.pod | 2 +- doc/crypto/X509_NAME_print_ex.pod | 4 +- doc/crypto/des_modes.pod | 2 +- doc/crypto/engine.pod | 6 +- doc/ssl/SSL_CTX_set_options.pod | 9 + doc/ssl/SSL_read.pod | 6 + doc/standards.txt | 9 + e_os.h | 42 +- engines/Makefile | 115 +- engines/e_4758cca_err.h | 4 + engines/e_aep.c | 5 + engines/e_aep_err.h | 4 + engines/e_atalla_err.h | 4 + engines/e_capi.c | 1781 +++++++++++++ engines/e_capi.ec | 1 + engines/e_capi_err.c | 183 ++ engines/e_capi_err.h | 123 + engines/e_chil_err.h | 4 + engines/e_cswift_err.h | 4 + engines/e_gmp.c | 87 +- engines/e_gmp_err.h | 4 + engines/e_nuron_err.h | 4 + engines/e_sureware_err.h | 4 + engines/e_ubsec.c | 4 +- engines/e_ubsec_err.h | 4 + openssl.spec | 2 +- ssl/Makefile | 1022 ++++---- ssl/d1_both.c | 22 +- ssl/d1_clnt.c | 30 +- ssl/d1_lib.c | 20 + ssl/d1_pkt.c | 117 +- ssl/d1_srvr.c | 49 +- ssl/dtls1.h | 7 + ssl/kssl.c | 2 +- ssl/s23_clnt.c | 34 + ssl/s23_srvr.c | 9 + ssl/s2_clnt.c | 4 +- ssl/s2_srvr.c | 4 +- ssl/s3_clnt.c | 308 ++- ssl/s3_enc.c | 4 + ssl/s3_lib.c | 295 ++- ssl/s3_pkt.c | 7 + ssl/s3_srvr.c | 255 +- ssl/ssl.h | 130 +- ssl/ssl3.h | 10 + ssl/ssl_algs.c | 5 +- ssl/ssl_asn1.c | 106 +- ssl/ssl_cert.c | 2 +- ssl/ssl_ciph.c | 33 +- ssl/ssl_err.c | 22 +- ssl/ssl_lib.c | 140 +- ssl/ssl_locl.h | 38 +- ssl/ssl_rsa.c | 2 + ssl/ssl_sess.c | 126 +- ssl/ssl_stat.c | 4 + ssl/ssl_txt.c | 15 + ssl/ssltest.c | 41 +- ssl/t1_enc.c | 34 +- ssl/t1_lib.c | 759 ++++++ ssl/tls1.h | 104 +- test/Makefile | 91 +- test/cms-examples.pl | 409 +++ test/cms-test.pl | 453 ++++ test/evptests.txt | 9 + test/igetest.c | 17 + test/smcont.txt | 1 + test/smime-certs/smdsa1.pem | 34 + test/smime-certs/smdsa2.pem | 34 + test/smime-certs/smdsa3.pem | 34 + test/smime-certs/smdsap.pem | 9 + test/smime-certs/smroot.pem | 30 + test/smime-certs/smrsa1.pem | 31 + test/smime-certs/smrsa2.pem | 31 + test/smime-certs/smrsa3.pem | 31 + util/clean-depend.pl | 7 +- util/libeay.num | 204 +- util/mk1mf.pl | 79 +- util/mkdef.pl | 32 +- util/mkerr.pl | 4 +- util/mkfiles.pl | 2 + util/opensslwrap.sh | 4 + util/pl/VC-32.pl | 42 +- util/pl/netware.pl | 375 ++- util/shlib_wrap.sh | 33 +- util/ssleay.num | 4 + 388 files changed, 30385 insertions(+), 10727 deletions(-) delete mode 100644 ChangeLog.0_9_7-stable_not-in-head delete mode 100644 ChangeLog.0_9_7-stable_not-in-head_FIPS create mode 100644 apps/cms.c create mode 100644 certs/README.RootCerts delete mode 100644 certs/RegTP-5R.pem delete mode 100644 certs/RegTP-6R.pem delete mode 100644 certs/aol1.pem delete mode 100644 certs/aol2.pem delete mode 100644 certs/aoltw1.pem delete mode 100644 certs/aoltw2.pem delete mode 100644 certs/argena.pem delete mode 100644 certs/argeng.pem delete mode 100644 certs/demo/nortelCA.pem delete mode 100644 certs/demo/timCA.pem delete mode 100644 certs/demo/tjhCA.pem delete mode 100644 certs/demo/vsigntca.pem delete mode 100644 certs/eng1.pem delete mode 100644 certs/eng2.pem delete mode 100644 certs/eng3.pem delete mode 100644 certs/eng4.pem delete mode 100644 certs/eng5.pem delete mode 100644 certs/expired/ICE-CA.pem delete mode 100644 certs/expired/ICE-root.pem delete mode 100644 certs/expired/ICE-user.pem delete mode 100644 certs/expired/RegTP-4R.pem delete mode 100644 certs/expired/factory.pem delete mode 100644 certs/expired/rsa-cca.pem delete mode 100644 certs/expired/rsa-ssca.pem delete mode 100644 certs/expired/vsign2.pem delete mode 100644 certs/expired/vsign3.pem delete mode 100644 certs/thawteCb.pem delete mode 100644 certs/thawteCp.pem delete mode 100644 certs/vsign1.pem delete mode 100644 certs/vsign3.pem delete mode 100644 certs/vsignss.pem delete mode 100644 certs/wellsfgo.pem create mode 100644 crypto/aes/aes_wrap.c create mode 100755 crypto/aes/asm/aes-x86_64.pl create mode 100644 crypto/asn1/asn_mime.c create mode 100755 crypto/bn/asm/mo-586.pl create mode 100755 crypto/bn/asm/x86_64-mont.pl create mode 100644 crypto/cms/Makefile create mode 100644 crypto/cms/cms.h create mode 100644 crypto/cms/cms_asn1.c create mode 100644 crypto/cms/cms_att.c create mode 100644 crypto/cms/cms_cd.c create mode 100644 crypto/cms/cms_dd.c create mode 100644 crypto/cms/cms_enc.c create mode 100644 crypto/cms/cms_env.c create mode 100644 crypto/cms/cms_err.c create mode 100644 crypto/cms/cms_ess.c create mode 100644 crypto/cms/cms_io.c create mode 100644 crypto/cms/cms_lcl.h create mode 100644 crypto/cms/cms_lib.c create mode 100644 crypto/cms/cms_sd.c create mode 100644 crypto/cms/cms_smime.c create mode 100644 crypto/evp/e_seed.c delete mode 100644 crypto/md5/asm/md5-sparcv9.S create mode 100644 crypto/seed/Makefile create mode 100644 crypto/seed/seed.c create mode 100644 crypto/seed/seed.h create mode 100644 crypto/seed/seed_cbc.c create mode 100644 crypto/seed/seed_cfb.c create mode 100644 crypto/seed/seed_ecb.c create mode 100644 crypto/seed/seed_locl.h create mode 100644 crypto/seed/seed_ofb.c create mode 100755 crypto/sha/asm/sha1-x86_64.pl create mode 100755 crypto/sha/asm/sha512-x86_64.pl create mode 100644 engines/e_capi.c create mode 100644 engines/e_capi.ec create mode 100644 engines/e_capi_err.c create mode 100644 engines/e_capi_err.h create mode 100755 test/cms-examples.pl create mode 100755 test/cms-test.pl create mode 100644 test/smcont.txt create mode 100644 test/smime-certs/smdsa1.pem create mode 100644 test/smime-certs/smdsa2.pem create mode 100644 test/smime-certs/smdsa3.pem create mode 100644 test/smime-certs/smdsap.pem create mode 100644 test/smime-certs/smroot.pem create mode 100644 test/smime-certs/smrsa1.pem create mode 100644 test/smime-certs/smrsa2.pem create mode 100644 test/smime-certs/smrsa3.pem diff --git a/CHANGES b/CHANGES index c5a639f9891c4..72cc168f6a59b 100644 --- a/CHANGES +++ b/CHANGES @@ -2,13 +2,367 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + + *) Fix a state transitition in s3_srvr.c and d1_srvr.c + (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + [Nagendra Modadugu] + + *) The fix in 0.9.8c that supposedly got rid of unsafe + double-checked locking was incomplete for RSA blinding, + addressing just one layer of what turns out to have been + doubly unsafe triple-checked locking. + + So now fix this for real by retiring the MONT_HELPER macro + in crypto/rsa/rsa_eay.c. + + [Bodo Moeller; problem pointed out by Marius Schilder] + + *) Various precautionary measures: + + - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h). + + - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). + (NB: This would require knowledge of the secret session ticket key + to exploit, in which case you'd be SOL either way.) + + - Change bn_nist.c so that it will properly handle input BIGNUMs + outside the expected range. + + - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG + builds. + + [Neel Mehta, Bodo Moeller] + + *) Add support for Local Machine Keyset attribute in PKCS#12 files. + [Steve Henson] + + *) Fix BN_GF2m_mod_arr() top-bit cleanup code. + [Huang Ying] + + *) Expand ENGINE to support engine supplied SSL client certificate functions. + + This work was sponsored by Logica. + [Steve Henson] + + *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows + keystores. Support for SSL/TLS client authentication too. + Not compiled unless enable-capieng specified to Configure. + + This work was sponsored by Logica. + [Steve Henson] + + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + + Changes between 0.9.8g and 0.9.8h [28 May 2008] + + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + + *) Fix double free in TLS server name extensions which could lead to + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + [Joe Orton] + + *) Clear error queue in SSL_CTX_use_certificate_chain_file() + + Clear the error queue to ensure that error entries left from + older function calls do not interfere with the correct operation. + [Lutz Jaenicke, Erik de Castro Lopo] + + *) Remove root CA certificates of commercial CAs: + + The OpenSSL project does not recommend any specific CA and does not + have any policy with respect to including or excluding any CA. + Therefore it does not make any sense to ship an arbitrary selection + of root CA certificates with the OpenSSL software. + [Lutz Jaenicke] + + *) RSA OAEP patches to fix two separate invalid memory reads. + The first one involves inputs when 'lzero' is greater than + 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes + before the beginning of from). The second one involves inputs where + the 'db' section contains nothing but zeroes (there is a one-byte + invalid read after the end of 'db'). + [Ivan Nestlerode ] + + *) Partial backport from 0.9.9-dev: + + Introduce bn_mul_mont (dedicated Montgomery multiplication + procedure) as a candidate for BIGNUM assembler implementation. + While 0.9.9-dev uses assembler for various architectures, only + x86_64 is available by default here in the 0.9.8 branch, and + 32-bit x86 is available through a compile-time setting. + + To try the 32-bit x86 assembler implementation, use Configure + option "enable-montasm" (which exists only for this backport). + + As "enable-montasm" for 32-bit x86 disclaims code stability + anyway, in this constellation we activate additional code + backported from 0.9.9-dev for further performance improvements, + namely BN_from_montgomery_word. (To enable this otherwise, + e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".) + + [Andy Polyakov (backport partially by Bodo Moeller)] + + *) Add TLS session ticket callback. This allows an application to set + TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed + values. This is useful for key rollover for example where several key + sets may exist with different names. + [Steve Henson] + + *) Reverse ENGINE-internal logic for caching default ENGINE handles. + This was broken until now in 0.9.8 releases, such that the only way + a registered ENGINE could be used (assuming it initialises + successfully on the host) was to explicitly set it as the default + for the relevant algorithms. This is in contradiction with 0.9.7 + behaviour and the documentation. With this fix, when an ENGINE is + registered into a given algorithm's table of implementations, the + 'uptodate' flag is reset so that auto-discovery will be used next + time a new context for that algorithm attempts to select an + implementation. + [Ian Lister (tweaked by Geoff Thorpe)] + + *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 + implemention in the following ways: + + Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be + hard coded. + + Lack of BER streaming support means one pass streaming processing is + only supported if data is detached: setting the streaming flag is + ignored for embedded content. + + CMS support is disabled by default and must be explicitly enabled + with the enable-cms configuration option. + [Steve Henson] + + *) Update the GMP engine glue to do direct copies between BIGNUM and + mpz_t when openssl and GMP use the same limb size. Otherwise the + existing "conversion via a text string export" trick is still used. + [Paul Sheer ] + + *) Zlib compression BIO. This is a filter BIO which compressed and + uncompresses any data passed through it. + [Steve Henson] + + *) Add AES_wrap_key() and AES_unwrap_key() functions to implement + RFC3394 compatible AES key wrapping. + [Steve Henson] + + *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): + sets string data without copying. X509_ALGOR_set0() and + X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) + data. Attribute function X509at_get0_data_by_OBJ(): retrieves data + from an X509_ATTRIBUTE structure optionally checking it occurs only + once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied + data. + [Steve Henson] + + *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() + to get the expected BN_FLG_CONSTTIME behavior. + [Bodo Moeller (Google)] + + *) Netware support: + + - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets + - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) + - added some more tests to do_tests.pl + - fixed RunningProcess usage so that it works with newer LIBC NDKs too + - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency + - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, + netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc + - various changes to netware.pl to enable gcc-cross builds on Win32 + platform + - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) + - various changes to fix missing prototype warnings + - fixed x86nasm.pl to create correct asm files for NASM COFF output + - added AES, WHIRLPOOL and CPUID assembler code to build files + - added missing AES assembler make rules to mk1mf.pl + - fixed order of includes in apps/ocsp.c so that e_os.h settings apply + [Guenter Knauf ] + + *) Implement certificate status request TLS extension defined in RFC3546. + A client can set the appropriate parameters and receive the encoded + OCSP response via a callback. A server can query the supplied parameters + and set the encoded OCSP response in the callback. Add simplified examples + to s_client and s_server. + [Steve Henson] + + Changes between 0.9.8f and 0.9.8g [19 Oct 2007] + + *) Fix various bugs: + + Binary incompatibility of ssl_ctx_st structure + + DTLS interoperation with non-compliant servers + + Don't call get_session_cb() without proposed session + + Fix ia64 assembler code + [Andy Polyakov, Steve Henson] + + Changes between 0.9.8e and 0.9.8f [11 Oct 2007] + + *) DTLS Handshake overhaul. There were longstanding issues with + OpenSSL DTLS implementation, which were making it impossible for + RFC 4347 compliant client to communicate with OpenSSL server. + Unfortunately just fixing these incompatibilities would "cut off" + pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e + server keeps tolerating non RFC compliant syntax. The opposite is + not true, 0.9.8f client can not communicate with earlier server. + This update even addresses CVE-2007-4995. + [Andy Polyakov] + + *) Changes to avoid need for function casts in OpenSSL: some compilers + (gcc 4.2 and later) reject their use. + [Kurt Roeckx , Peter Hartley , + Steve Henson] + + *) Add RFC4507 support to OpenSSL. This includes the corrections in + RFC4507bis. The encrypted ticket format is an encrypted encoded + SSL_SESSION structure, that way new session features are automatically + supported. + + If a client application caches session in an SSL_SESSION structure + support is transparent because tickets are now stored in the encoded + SSL_SESSION. + + The SSL_CTX structure automatically generates keys for ticket + protection in servers so again support should be possible + with no application modification. + + If a client or server wishes to disable RFC4507 support then the option + SSL_OP_NO_TICKET can be set. + + Add a TLS extension debugging callback to allow the contents of any client + or server extensions to be examined. + + This work was sponsored by Google. + [Steve Henson] + + *) Add initial support for TLS extensions, specifically for the server_name + extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now + have new members for a host name. The SSL data structure has an + additional member SSL_CTX *initial_ctx so that new sessions can be + stored in that context to allow for session resumption, even after the + SSL has been switched to a new SSL_CTX in reaction to a client's + server_name extension. + + New functions (subject to change): + + SSL_get_servername() + SSL_get_servername_type() + SSL_set_SSL_CTX() + + New CTRL codes and macros (subject to change): + + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + - SSL_CTX_set_tlsext_servername_callback() + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + - SSL_CTX_set_tlsext_servername_arg() + SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() + + openssl s_client has a new '-servername ...' option. + + openssl s_server has new options '-servername_host ...', '-cert2 ...', + '-key2 ...', '-servername_fatal' (subject to change). This allows + testing the HostName extension for a specific single host name ('-cert' + and '-key' remain fallbacks for handshakes without HostName + negotiation). If the unrecogninzed_name alert has to be sent, this by + default is a warning; it becomes fatal with the '-servername_fatal' + option. + + [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson] + + *) Add AES and SSE2 assembly language support to VC++ build. + [Steve Henson] + + *) Mitigate attack on final subtraction in Montgomery reduction. + [Andy Polyakov] + + *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 + (which previously caused an internal error). + [Bodo Moeller] + + *) Squeeze another 10% out of IGE mode when in != out. + [Ben Laurie] + + *) AES IGE mode speedup. + [Dean Gaudet (Google)] + + *) Add the Korean symmetric 128-bit cipher SEED (see + http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and + add SEED ciphersuites from RFC 4162: + + TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" + TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA" + TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA" + TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA" + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, SEED remains excluded from compilation unless OpenSSL + is configured with 'enable-seed'. + [KISA, Bodo Moeller] + + *) Mitigate branch prediction attacks, which can be practical if a + single processor is shared, allowing a spy process to extract + information. For detailed background information, see + http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, + J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL + and Necessary Software Countermeasures"). The core of the change + are new versions BN_div_no_branch() and + BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(), + respectively, which are slower, but avoid the security-relevant + conditional branches. These are automatically called by BN_div() + and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one + of the input BIGNUMs. Also, BN_is_bit_set() has been changed to + remove a conditional branch. + + BN_FLG_CONSTTIME is the new name for the previous + BN_FLG_EXP_CONSTTIME flag, since it now affects more than just + modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag + in the exponent causes BN_mod_exp_mont() to use the alternative + implementation in BN_mod_exp_mont_consttime().) The old name + remains as a deprecated alias. + + Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general + RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses + constant-time implementations for more than just exponentiation. + Here too the old name is kept as a deprecated alias. + + BN_BLINDING_new() will now use BN_dup() for the modulus so that + the BN_BLINDING structure gets an independent copy of the + modulus. This means that the previous "BIGNUM *m" argument to + BN_BLINDING_new() and to BN_BLINDING_create_param() now + essentially becomes "const BIGNUM *m", although we can't actually + change this in the header file before 0.9.9. It allows + RSA_setup_blinding() to use BN_with_flags() on the modulus to + enable BN_FLG_CONSTTIME. + + [Matthew D Wood (Intel Corp)] + + *) In the SSL/TLS server implementation, be strict about session ID + context matching (which matters if an application uses a single + external cache for different purposes). Previously, + out-of-context reuse was forbidden only if SSL_VERIFY_PEER was + set. This did ensure strict client verification, but meant that, + with applications using a single external cache for quite + different requirements, clients could circumvent ciphersuite + restrictions for a given session ID context by starting a session + in a different context. + [Bodo Moeller] *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. [Bodo Moeller] + *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was + not complete and could lead to a possible single byte overflow + (CVE-2007-5135) [Ben Laurie] + + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + *) Since AES128 and AES256 (and similarly Camellia128 and Camellia256) share a single mask bit in the logic of ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a @@ -1047,7 +1401,20 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] + Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] + + *) In the SSL/TLS server implementation, be strict about session ID + context matching (which matters if an application uses a single + external cache for different purposes). Previously, + out-of-context reuse was forbidden only if SSL_VERIFY_PEER was + set. This did ensure strict client verification, but meant that, + with applications using a single external cache for quite + different requirements, clients could circumvent ciphersuite + restrictions for a given session ID context by starting a session + in a different context. + [Bodo Moeller] + + Changes between 0.9.7l and 0.9.7m [23 Feb 2007] *) Cleanse PEM buffers before freeing them since they may contain sensitive data. @@ -1063,6 +1430,20 @@ kludge to work properly if AES128 is available and AES256 isn't. [Victor Duchovni] + *) Expand security boundary to match 1.1.1 module. + [Steve Henson] + + *) Remove redundant features: hash file source, editing of test vectors + modify fipsld to use external fips_premain.c signature. + [Steve Henson] + + *) New perl script mkfipsscr.pl to create shell scripts or batch files to + run algorithm test programs. + [Steve Henson] + + *) Make algorithm test programs more tolerant of whitespace. + [Steve Henson] + *) Have SSL/TLS server implementation tolerate "mismatched" record protocol version while receiving ClientHello even if the ClientHello is fragmented. (The server can't insist on the diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head deleted file mode 100644 index 1203a22158a8e..0000000000000 --- a/ChangeLog.0_9_7-stable_not-in-head +++ /dev/null @@ -1,163 +0,0 @@ -This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS, -provides a collection of those CVS change log entries for the -0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in -0.9.8-dev (CVS head). - -ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes -ChangeLog.0_9_7-stable_not-in-head - everything else - -Some obvious false positives have been eliminated: e.g., we do not -care about a simple "make update"; and we don't care about changes -identified to the 0.9.7 branch that were explicitly identified as -backports from head. - -Eliminating all other entries (and finally this file and its -compantion), either as false positives or as things that should go -into 0.9.8, remains to be done. Any additional changes to 0.9.7 that -are not immediately put into 0.9.8, but belong there as well, should -be added to the end of this file. - - -2002-11-04 17:33 levitte - - Changed: - Configure (1.314.2.38), "Exp", lines: +4 -2 - - Return my normal debug targets to something not so extreme, and - make the extreme ones special (or 'extreme', if you will :-)). - -2002-12-16 19:17 appro - - Changed: - crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 - crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 - - This is rollback to 0.9.6h bn_mul.c to address problem reported in - RT#272. - -2003-07-27 15:46 ben - - Changed: - crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 - - Add untested CFB-r mode. Will be tested soon. - -2003-07-28 17:07 ben - - Changed: - Makefile.org (1.154.2.69), "Exp", lines: +5 -1 - crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 - crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 - crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 - crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 - crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 - crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 - crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 - crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 - crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 - crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 - crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 - crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 - fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 - fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 - fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 - test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 - - Add support for partial CFB modes, make tests work, update - dependencies. - -2003-07-29 12:56 ben - - Changed: - crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 - crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 - crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 - crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 - - Working CFB1 and test vectors. - -2003-07-29 15:24 ben - - Changed: - crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 - crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 - crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 - crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 - crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 - fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 - fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 - - The rest of the keysizes for CFB1, working AES AVS test for CFB1. - -2003-07-29 19:05 ben - - Changed: - crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 - crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 - crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 - crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 - crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 - crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 - crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 - crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 - fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 - - AES CFB8. - -2003-07-30 20:30 ben - - Changed: - Makefile.org (1.154.2.70), "Exp", lines: +16 -5 - crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 - crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 - crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 - crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 - crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 - crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 - crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 - crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 - crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 - crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 - fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 - fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 - fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 - fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 - fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 - fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 - fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 - fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 - - Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. - -2003-08-01 12:25 ben - - Changed: - crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 - crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 - crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 - crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 - - Fix DES CFB-r. - -2003-08-01 12:31 ben - - Changed: - crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 - - DES CFB8 test. - -2005-04-19 16:21 appro - - Changed: - Configure (1.314.2.117), "Exp", lines: +24 -21 - Makefile.org (1.154.2.100), "Exp", lines: +1 -11 - TABLE (1.99.2.52), "Exp", lines: +20 -20 - apps/Makefile (1.1.4.15), "Exp", lines: +1 -1 - test/Makefile (1.1.4.12), "Exp", lines: +1 -1 - - Enable shared link on HP-UX. - diff --git a/ChangeLog.0_9_7-stable_not-in-head_FIPS b/ChangeLog.0_9_7-stable_not-in-head_FIPS deleted file mode 100644 index 1e6c88f77abfb..0000000000000 --- a/ChangeLog.0_9_7-stable_not-in-head_FIPS +++ /dev/null @@ -1,1494 +0,0 @@ -See file ChangeLog.0_9_7-stable_not-in-head for explanations. -This is the "FIPS"-related part. - - - -2003-07-27 19:00 ben - - Changed: - Configure (1.314.2.85), "Exp", lines: +2 -0 - Makefile.org (1.154.2.67), "Exp", lines: +12 -3 - crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 - crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 - crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 - crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 - crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 - crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 - crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 - crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 - crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 - crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 - crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 - crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 - crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 - crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 - crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 - crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 - crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 - crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 - crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 - crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 - crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 - crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 - crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 - crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 - crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 - crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 - crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 - crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 - crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 - fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 - fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 - fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 - fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 - fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 - fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 - fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 - fips/lib (1.1.2.1), "Exp", lines: +0 -0 - fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 - fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 - fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 - fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 - fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 - fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 - fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 - fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 - fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 - fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 - fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 - fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 - fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 - fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 - fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 - fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 - fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 - fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 - fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 - fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 - fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 - fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 - test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 - util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 - - Unfinished FIPS stuff for review/improvement. - -2003-07-27 19:19 ben - - Changed: - fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Use unified diff. - -2003-07-27 19:23 ben - - Changed: - fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 - fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 - fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Build in non-FIPS mode. - -2003-07-27 23:13 ben - - Changed: - Makefile.org (1.154.2.68), "Exp", lines: +1 -1 - fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 - fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 - fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 - fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 - fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 - fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Build when not FIPS. - -2003-07-28 11:56 ben - - Changed: - fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 - - New fingerprints. - -2003-07-29 16:06 ben - - Changed: - fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 - - Reformat. - -2003-07-29 16:34 ben - - Changed: - fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 - - MMT for CFB1 - -2003-07-29 17:17 ben - - Changed: - fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 - fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 - fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 - - Missing files. - -2003-07-31 23:30 levitte - - Changed: - Makefile.org (1.154.2.71), "Exp", lines: +2 -0 - - If FDIRS is to be treated like SDIRS, let's not forget to - initialize it in Makefile.org. - -2003-07-31 23:41 levitte - - Changed: - fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 - - No C++ comments in C programs! - -2003-08-01 15:07 steve - - Changed: - fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 - - Replace C++ style comments. - -2003-08-03 14:22 ben - - Changed: - fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 - - Make tests work (CFB1 still doesn't produce the right answers, - strangely). - -2003-08-08 12:08 levitte - - Changed: - fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 - - Avoid clashing with the regular DES functions when not compiling - with -DFIPS. This is basically only visible when building with - shared library supoort... - -2003-08-11 11:36 levitte - - Deleted: - fips/sha1/.cvsignore (1.1.2.2) - fips/sha1/Makefile.ssl (1.1.2.3) - fips/sha1/fingerprint.sha1 (1.1.2.3) - fips/sha1/fips_md32_common.h (1.1.2.2) - fips/sha1/fips_sha1dgst.c (1.1.2.3) - fips/sha1/fips_sha1test.c (1.1.2.3) - fips/sha1/fips_sha_locl.h (1.1.2.2) - fips/sha1/fips_standalone_sha1.c (1.1.2.3) - fips/sha1/sha1hashes.txt (1.1.2.2) - fips/sha1/sha1vectors.txt (1.1.2.2) - fips/sha1/standalone.sha1 (1.1.2.4) - fips/dsa/.cvsignore (1.1.2.2) - fips/dsa/Makefile.ssl (1.1.2.2) - fips/dsa/fingerprint.sha1 (1.1.2.3) - fips/dsa/fips_dsa_ossl.c (1.1.2.3) - fips/dsa/fips_dsatest.c (1.1.2.3) - fips/rand/.cvsignore (1.1.2.2) - fips/rand/Makefile.ssl (1.1.2.2) - fips/rand/fingerprint.sha1 (1.1.2.2) - fips/rand/fips_rand.c (1.1.2.2) - fips/rand/fips_rand.h (1.1.2.2) - fips/rand/fips_randtest.c (1.1.2.2) - fips/des/.cvsignore (1.1.2.2) - fips/des/Makefile.ssl (1.1.2.3) - fips/des/fingerprint.sha1 (1.1.2.2) - fips/des/fips_des_enc.c (1.1.2.3) - fips/des/fips_des_locl.h (1.1.2.2) - fips/des/fips_desmovs.c (1.1.2.3) - fips/aes/.cvsignore (1.1.2.2) - fips/aes/Makefile.ssl (1.1.2.5) - fips/aes/fingerprint.sha1 (1.1.2.2) - fips/aes/fips_aes_core.c (1.1.2.2) - fips/aes/fips_aes_locl.h (1.1.2.2) - fips/aes/fips_aesavs.c (1.1.2.9) - fips/.cvsignore (1.1.2.2) - fips/Makefile.ssl (1.1.2.6) - fips/fingerprint.sha1 (1.1.2.3) - fips/fips.c (1.1.2.2) - fips/fips.h (1.1.2.2) - fips/fips_check_sha1 (1.1.2.4) - fips/fips_err.c (1.1.2.2) - fips/fips_err_wrapper.c (1.1.2.2) - fips/fips_make_sha1 (1.1.2.4) - fips/lib (1.1.2.2) - Changed: - util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 - util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 - test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 - crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 - crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 - crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 - crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 - crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 - crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 - crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 - crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 - crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 - crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 - crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 - crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 - crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 - crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 - crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 - crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 - crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 - crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 - crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 - crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 - crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 - crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 - crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 - crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 - crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 - crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 - crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 - crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 - crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 - crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 - crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 - crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 - crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 - crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 - crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 - crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 - crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 - crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 - crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 - crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 - crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 - Configure (1.314.2.86), "Exp", lines: +0 -2 - Makefile.org (1.154.2.72), "Exp", lines: +8 -34 - TABLE (1.99.2.30), "Exp", lines: +0 -50 - - A new branch for FIPS-related changes has been created with the - name OpenSSL-fips-0_9_7-stable. - - Since the 0.9.7-stable branch is supposed to be in freeze - and should only contain bug corrections, this change removes the - FIPS changes from that branch. - -2004-05-11 14:44 ben - - Deleted: - apps/Makefile.ssl (1.100.2.27) - crypto/Makefile.ssl (1.84.2.12) - crypto/aes/Makefile.ssl (1.4.2.9) - crypto/asn1/Makefile.ssl (1.77.2.7) - crypto/bf/Makefile.ssl (1.25.2.6) - crypto/bio/Makefile.ssl (1.52.2.4) - crypto/bn/Makefile.ssl (1.65.2.9) - crypto/buffer/Makefile.ssl (1.32.2.4) - crypto/cast/Makefile.ssl (1.31.2.6) - crypto/comp/Makefile.ssl (1.32.2.4) - crypto/conf/Makefile.ssl (1.38.2.8) - crypto/des/Makefile.ssl (1.61.2.13) - crypto/dh/Makefile.ssl (1.43.2.5) - crypto/dsa/Makefile.ssl (1.49.2.9) - crypto/dso/Makefile.ssl (1.11.2.4) - crypto/ec/Makefile.ssl (1.7.2.4) - crypto/engine/Makefile.ssl (1.30.2.13) - crypto/err/Makefile.ssl (1.48.2.7) - crypto/evp/Makefile.ssl (1.64.2.12) - crypto/hmac/Makefile.ssl (1.33.2.6) - crypto/idea/Makefile.ssl (1.20.2.4) - crypto/krb5/Makefile.ssl (1.5.2.6) - crypto/lhash/Makefile.ssl (1.28.2.4) - crypto/md2/Makefile.ssl (1.29.2.5) - crypto/md4/Makefile.ssl (1.6.2.7) - crypto/md5/Makefile.ssl (1.33.2.10) - crypto/mdc2/Makefile.ssl (1.30.2.4) - crypto/objects/Makefile.ssl (1.46.2.6) - crypto/ocsp/Makefile.ssl (1.19.2.7) - crypto/pem/Makefile.ssl (1.51.2.5) - crypto/pkcs12/Makefile.ssl (1.37.2.5) - crypto/pkcs7/Makefile.ssl (1.47.2.5) - crypto/rand/Makefile.ssl (1.56.2.8) - crypto/rc2/Makefile.ssl (1.20.2.4) - crypto/rc4/Makefile.ssl (1.25.2.6) - crypto/rc5/Makefile.ssl (1.22.2.6) - crypto/ripemd/Makefile.ssl (1.25.2.9) - crypto/rsa/Makefile.ssl (1.53.2.6) - crypto/sha/Makefile.ssl (1.26.2.9) - crypto/stack/Makefile.ssl (1.28.2.4) - crypto/txt_db/Makefile.ssl (1.26.2.4) - crypto/ui/Makefile.ssl (1.10.2.6) - crypto/x509/Makefile.ssl (1.56.2.5) - crypto/x509v3/Makefile.ssl (1.62.2.5) - ssl/Makefile.ssl (1.53.2.11) - test/Makefile.ssl (1.84.2.36) - tools/Makefile.ssl (1.9.2.4) - Changed: - .cvsignore (1.7.6.2), "Exp", lines: +2 -1 - Configure (1.314.2.92), "Exp", lines: +38 -8 - FAQ (1.61.2.31), "Exp", lines: +1 -1 - INSTALL (1.45.2.9), "Exp", lines: +2 -2 - INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 - Makefile.org (1.154.2.78), "Exp", lines: +51 -19 - PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 - e_os.h (1.56.2.17), "Exp", lines: +20 -1 - apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 - apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 - apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 - apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 - apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 - apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 - crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 - crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 - crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 - crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 - crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 - crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 - crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 - crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 - crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 - crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 - crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 - crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 - crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 - crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 - crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 - crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 - crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 - crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 - crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 - crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 - crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 - crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 - crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 - crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 - crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 - crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 - crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 - crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 - crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 - crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 - crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 - crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 - crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 - crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 - crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 - crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 - crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 - crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 - crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 - crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 - crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 - crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 - crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 - crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 - crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 - crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 - crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 - crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 - crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 - crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 - crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 - crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 - crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 - crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 - crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 - crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 - crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 - crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 - crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 - crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 - crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 - crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 - crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 - crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 - crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 - crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 - crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 - crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 - crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 - crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 - crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 - crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 - crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 - crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 - crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 - crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 - crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 - crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 - crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 - crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 - crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 - crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 - crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 - crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 - crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 - fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 - fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 - fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 - fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 - fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 - fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 - fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 - fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 - fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 - fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 - fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 - fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 - fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 - fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 - fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 - fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 - fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 - fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 - fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 - fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 - fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 - fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 - fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 - fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 - fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 - fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 - fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 - fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 - fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 - fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 - fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 - fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 - fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 - fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 - fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 - fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 - fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 - fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 - fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 - fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 - fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 - fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 - fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 - fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 - fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 - fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 - fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 - fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 - fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 - fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 - ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 - ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 - ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 - ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 - shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 - ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 - ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 - ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 - ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 - ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 - ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 - ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 - test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 - test/Makefile (1.1.4.1), "Exp", lines: +941 -0 - test/bctest (1.14.2.1), "Exp", lines: +1 -1 - test/testenc (1.3.8.1), "Exp", lines: +1 -1 - test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 - tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 - util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 - util/domd (1.6.2.3), "Exp", lines: +5 -5 - util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 - util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 - util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 - util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 - util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 - util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 - util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 - util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 - util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 - util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 - util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 - util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 - util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 - util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 - util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 - util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 - - Pull FIPS back into stable. - -2004-05-12 10:27 levitte - - Changed: - apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 - - Only check for FIPS signatures when FIPS is enabled. - -2004-05-12 10:28 levitte - - Changed: - crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 - - Makefile.ssl changed name to Makefile. - -2004-05-12 10:28 levitte - - Changed: - fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 - - Only really build this file when OPENSSL_FIPS is defined. And oh, - let's keep internal variables static. - -2004-05-12 10:42 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - - I forgot to modify the signature for fips_rand.c... - -2004-05-12 10:46 levitte - - Changed: - fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 - fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 - fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 - fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 - fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 - fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 - - Ignore the 'lib' timestamp file. - -2004-05-12 12:07 levitte - - Changed: - fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 - fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - - Ignore 'Makefile.save' - -2004-05-12 16:11 ben - - Changed: - crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 - crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 - fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 - fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 - - Blow up in people's faces if they don't reseed. - -2004-05-15 19:51 ben - - Changed: - crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 - crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 - crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 - fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 - fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 - fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 - fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 - fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 - fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 - - Fix self-tests, ban some things in FIPS mode, fix copyrights. - -2004-05-17 06:28 levitte - - Changed: - util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 - util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 - util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 - util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 - util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 - util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 - util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 - util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 - util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 - util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 - util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 - - Generate SHA1 files on Windows and other platforms supported by - mk1mf.pl, when building in FIPS mode. - - Note: UNTESTED! - -2004-05-17 06:30 levitte - - Changed: - apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 - apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 - - Make sure the applications know when we are running in FIPS mode. - We can't use the variable in libcrypto, since it's supposedly - unknown. - - Note: currently only supported in MONOLITH mode. - -2004-05-17 06:31 levitte - - Changed: - apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 - - When in FIPS mode, use SHA1 to digest the key, rather than MD5, as - MD5 isn't a FIPS-approved algorithm. - - Note: this means the user needs to keep track of this, and - we need to add support for that... - -2004-05-19 16:16 levitte - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 - fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 - fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 - fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 - fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 - crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 - crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 - crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 - - Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation - for size_t-ification of those algorithms in future version of - OpenSSL... - -2004-05-27 11:33 levitte - - Changed: - makevms.com (1.35.2.3), "Exp", lines: +27 -0 - - Copy the FIPS files to the temporary openssl include directory. - -2004-05-27 12:04 levitte - - Changed: - fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 - makevms.com (1.35.2.4), "Exp", lines: +8 -0 - - Compile the FIPS directory on VMS as well. fips-lib.com is - essentially a copy of crypto-lib.com, with just a few edits. - -2004-05-27 12:07 levitte - - Changed: - fips/install.com (1.1.2.1), "Exp", lines: +55 -0 - install.com (1.4.2.2), "Exp", lines: +6 -6 - - Run an installation of FIPS stuff as well. - -2004-05-27 12:19 levitte - - Changed: - test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 - apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 - - Make sure o_str.h is reachable. - -2004-06-19 15:15 ben - - Changed: - Makefile.org (1.154.2.80), "Exp", lines: +1 -1 - crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 - crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 - crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 - crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 - crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 - fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 - fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 - fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 - fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 - fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 - fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 - fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 - - The version that was actually submitted for FIPS testing. - -2004-06-19 15:16 ben - - Changed: - fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 - fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 - fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 - fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 - - Add Diffie-Hellman to FIPS. - -2004-06-19 15:18 ben - - Changed: - fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 - fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 - - Update ignores. - -2004-06-21 11:07 levitte - - Changed: - fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 - fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 - fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 - fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 - fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 - fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 - - Make sure we don't try to loop over an empty EXHEADER. In the - Makefiles where this was fixed by commenting away code, change it - to check for an empty EXHEADER instead, so we have less hassle in a - future where EXHEADER changes. - - PR: 900 - -2004-06-21 20:05 levitte - - Changed: - Makefile.org (1.154.2.82), "Exp", lines: +3 -1 - - Standard sh doesn't tolerate ! as part of the conditional command. - - PR: 900 - -2004-06-28 22:33 levitte - - Changed: - fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 - fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 - fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 - - Make sure the FIPS stuff is only really compiled when in FIPS mode. - -2004-07-12 19:59 ben - - Changed: - fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 - fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 - - Corrected test program. - -2004-07-17 14:48 appro - - Changed: - fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 - - Eliminate enforced -g from CFLAGS. It switches off optimization - with some compilers, e.g. DEC C. - -2004-07-21 19:41 steve - - Changed: - crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 - - When in FIPS mode write private keys in PKCS#8 and PBES2 format to - avoid use of prohibited MD5 algorithm. - -2004-07-23 15:20 ben - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 - fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 - - Convert to X9.31. - -2004-07-21 19:35 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 - fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 - - Avoid compiler warnings. - -2004-07-27 02:17 steve - - Changed: - fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 - - Stop compiler warnings. - -2004-07-27 02:20 steve - - Changed: - crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 - - Add FIPS name to error library. - -2004-07-27 14:22 steve - - Changed: - Makefile.org (1.154.2.84), "Exp", lines: +3 -3 - fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 - fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 - - Rename libcrypto.sha1 to libcrypto.a.sha1 - -2004-07-27 20:28 steve - - Changed: - ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 - ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 - ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 - ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 - - New cipher "strength" FIPS which specifies that a cipher suite is - FIPS compatible. - - New cipherstring "FIPS" is all FIPS compatible ciphersuites - except eNULL. - - Only allow FIPS ciphersuites in FIPS mode. - -2004-07-28 04:24 levitte - - Changed: - makevms.com (1.35.2.6), "Exp", lines: +2 -2 - - From the FIPS directory, darnit! - -2004-07-28 15:47 levitte - - Changed: - makevms.com (1.35.2.7), "Exp", lines: +5 -1 - - Define OPENSSL_FIPS in opensslconf.h if a logical name with the - same name is defined. - - Go up one directory level before dealing with FIPS stuff. - -2004-07-30 00:26 levitte - - Changed: - fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 - - We're building crypto stuff, not ssl stuff. Additionally, we're in - the fips subdirectory, not the crypto one... - -2004-07-30 16:37 levitte - - Changed: - fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 - fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 - fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 - fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 - ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 - fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 - fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 - fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 - fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 - fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 - fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 - fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 - fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 - fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 - fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 - fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 - fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 - fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 - crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 - crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 - crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 - crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 - crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 - crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 - crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 - crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 - - To protect FIPS-related global variables, add locking mechanisms - around them. - - NOTE: because two new locks are added, this adds potential - binary incompatibility with earlier versions in the 0.9.7 series. - However, those locks will only ever be touched when FIPS_mode_set() - is called and after, thanks to a variable that's only changed from - 0 to 1 once (when FIPS_mode_set() is called). So basically, as - long as FIPS mode hasn't been engaged explicitely by the calling - application, the new locks are treated as if they didn't exist at - all, thus not becoming a problem. Applications that are built or - rebuilt to use FIPS functionality will need to be recompiled in any - case, thus not being a problem either. - -2004-08-02 16:15 levitte - - Changed: - crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 - - Let's lock a write lock when changing values, shall we? - - Thanks to Dr Stephen Henson - for making me aware of this error. - -2004-08-05 20:11 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 - - Stop compiler giving bogus shadow warning. - -2004-08-09 14:13 levitte - - Changed: - makevms.com (1.35.2.8), "Exp", lines: +1 -1 - - In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... - -2004-08-09 14:14 levitte - - Changed: - fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 - - Correct typos and include directory specifications. - -2004-08-10 11:11 levitte - - Changed: - fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 - - Update the VMS fips library builder with the DH library. - -2004-08-10 12:04 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 - - With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED - to get struct timeval and gettimeofday(). - -2004-09-06 16:19 levitte - - Changed: - fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 - - Replace the bogus checks of n with proper uses of feof(), ferror() - and clearerr(). - -2004-09-06 16:21 levitte - - Changed: - fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 - - num is an unsigned long, but since it was transfered from - crypto/sha/sha_locl.h, where it is in fact an int, we need to check - for less-than-zero as if it was an int... - -2004-10-08 12:03 ben - - Changed: - fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 - fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 - - Update fingerprints. - -2004-10-14 07:51 levitte - - Changed: - VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 - - We need to check for OPENSSL_FIPS when building shared libraries, - so we get correct transfer vectors for those functions when - required. - -2004-10-26 13:47 steve - - Changed: - util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 - - Add fips/dh directory to mkfiles.pl - -2004-10-26 14:17 levitte - - Changed: - fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 - util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 - fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 - crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 - - fips/dh was missing in mkfiles.pl. make update - -2004-10-26 15:01 steve - - Changed: - util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 - - Only add fips/dh once... - -2004-11-01 09:20 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 - - Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if - not already defined. - -2004-12-09 19:03 appro - - vChanged: - crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 - - Postpone linking of shared libcrypto in FIPS build. - -2004-12-09 19:13 appro - - Changed: - fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 - fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 - - Cygwin specific FIPS fix-ups. - -2004-12-09 23:43 appro - - Changed: - Configure (1.314.2.100), "Exp", lines: +2 -3 - crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 - - Eliminate false dependency on 386 config option is FIPS context. - At the same time limit assembler support to ELF platforms [that's - what is there, ELF modules]. - -2004-12-10 12:37 appro - - Changed: - Configure (1.314.2.101), "Exp", lines: +10 -3 - crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 - - Respect no-asm with fips option and disable FIPS DES assembler in - shared context [because it's not PIC]. - -2004-12-10 14:15 appro - - Changed: - fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 - fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 - - Solaris x86 assembler update. - -2004-12-10 17:30 appro - - Changed: - fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 - fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 - - Adapt FIPS sub-tree for mingw. - -2005-01-03 18:46 steve - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 - - RSA KAT. - -2005-01-11 17:54 levitte - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 - - Clear signed vs. unsigned conflicts. Change the fingerprint - accordingly. - -2005-01-11 19:25 levitte - - Changed: - ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 - fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 - fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 - fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 - fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 - apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 - fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 - - Use EXIT() instead of exit(). - -2005-01-26 21:00 steve - - Changed: - apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 - apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 - crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 - crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 - crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 - crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 - crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 - crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 - crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 - crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 - crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 - crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 - crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 - crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 - crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 - crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 - crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 - crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 - crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 - crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 - crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 - crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 - crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 - crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 - crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 - crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 - crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 - crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 - crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 - crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 - crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 - crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 - crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 - crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 - crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 - crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 - crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 - crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 - crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 - crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 - crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 - crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 - crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 - crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 - crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 - crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 - ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 - ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 - ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 - ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 - - FIPS algorithm blocking. - - Non FIPS algorithms are not normally allowed in FIPS mode. - - Any attempt to use them via high level functions will - return an error. - - The low level non-FIPS algorithm functions cannot return - errors so they produce assertion failures. HMAC also has to give an - assertion error because it (erroneously) can't return an error - either. - - There are exceptions (such as MD5 in TLS and non - cryptographic use of algorithms) and applications can override the - blocking and use non FIPS algorithms anyway. - - For low level functions the override is perfomed by - prefixing the algorithm initalization function with "private_" for - example private_MD5_Init(). - - For high level functions an override is performed by - setting a flag in the context. - -2005-01-27 02:49 steve - - Changed: - apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 - crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 - crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 - crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 - - More FIPS algorithm blocking. - - Catch attempted use of non FIPS algorithms with HMAC. - - Give an assertion error for applications that ignore FIPS - digest errors. - - Make -non-fips-allow work with dgst and HMAC. - -2005-01-28 15:03 steve - - Changed: - apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 - apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 - crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 - crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 - crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 - crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 - test/testenc (1.3.8.2), "Exp", lines: +8 -8 - - Further FIPS algorithm blocking. - - Fixes to cipher blocking and enabling code. - - Add option -non-fips-allow to 'enc' and update testenc. - -2005-01-31 02:33 steve - - Changed: - ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 - ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 - ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 - ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 - ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 - ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 - ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 - ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 - ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 - ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 - - Only allow TLS is FIPS mode. - - Remove old FIPS_allow_md5() calls. - -2005-02-05 19:24 steve - - Changed: - apps/req.c (1.88.2.18), "Exp", lines: +8 -1 - apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 - - In FIPS mode use SHA1 as default digest in x509 and req utilities. - -2005-03-15 10:46 appro - - Changed: - Makefile.org (1.154.2.96), "Exp", lines: +1 -1 - crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 - fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 - - Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this - in crypto/Makefile and make Makefile.org and fips/Makefile more - discreet. - -2005-03-22 18:29 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 - - Fix memory leak. - -2005-03-27 05:36 steve - - Changed: - crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 - ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 - - Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS - mode. - -2005-04-14 14:44 steve - - Changed: - fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 - util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 - - Perl script that checks or rebuilds FIPS hash files. This works on - both Unix and Windows. - - Merge all FIPS hash files into a single hash file - fips/fips.sha1 - -2005-04-15 05:27 steve - - Changed: - fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 - fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 - fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 - fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 - fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 - fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 - fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 - fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 - - Update hash checking in makefiles to use new perl script. - -2005-04-17 06:37 steve - - Changed: - util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 - - Modify checkhash.pl so it can be run standalone or included as a - funtion in another perl script. - -2005-04-17 16:00 appro - - Changed: - fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 - - Bring back fips_standalone_sha1. - -2005-04-17 16:17 appro - - Deleted: - fips/sha1/asm/sx86-elf.s (1.1.4.4) - Changed: - Configure (1.314.2.114), "Exp", lines: +1 -1 - fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 - fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 - - Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. - -2005-04-17 16:21 steve - - Changed: - util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 - - Return 0 for successful hash check. - -2005-04-17 16:54 appro - - Changed: - Configure (1.314.2.116), "Exp", lines: +8 -1 - Makefile.org (1.154.2.99), "Exp", lines: +3 -2 - crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 - fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 - fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 - fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 - - Throw in fips/aes/asm/fips-ax86-elf.s. - -2005-04-17 16:35 appro - - Changed: - Configure (1.314.2.115), "Exp", lines: +1 -1 - fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 - fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 - - Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. - -2005-04-17 17:26 appro - - Changed: - crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 - crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 - fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 - fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 - fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 - fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 - fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 - - Resolve minor binary compatibility issues in fips. - -2005-04-17 18:22 appro - - Changed: - fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 - fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 - fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 - fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 - fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 - fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 - fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 - fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 - fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 - fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 - - Minor fips const-ification. - -2005-04-18 07:02 steve - - Changed: - crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 - crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 - crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 - crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 - crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 - crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 - - Pick up definition of FIPS_mode() in fips.h to avoid warnings. - -2005-04-18 10:34 steve - - Deleted: - fips/fingerprint.sha1 (1.1.2.14) - fips/fips_check_sha1 (1.1.2.8) - fips/fips_make_sha1 (1.1.2.7) - fips/aes/fingerprint.sha1 (1.1.2.7) - fips/des/fingerprint.sha1 (1.1.2.6) - fips/dh/fingerprint.sha1 (1.1.2.4) - fips/dsa/fingerprint.sha1 (1.1.2.7) - fips/rand/fingerprint.sha1 (1.1.2.10) - fips/rsa/fingerprint.sha1 (1.1.4.7) - fips/sha1/fingerprint.sha1 (1.1.2.12) - Changed: - fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 - - Remove obsolete fingerprint.sha1 files and associated scripts. - Delete test in fips/sha1/Makefile: the top level test checks the - same files. - -2005-04-19 09:11 appro - - Deleted: - fips/fipshashes.sha1 (1.1.2.7) - fips/sha1/standalone.sha1 (1.1.2.15) - Changed: - fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 - util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 - - Maintain fingerprint hashes as C source. - -2005-04-19 09:17 appro - - Changed: - util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 - - Complete the transition C-code hashes. - -2005-04-21 19:06 steve - - Changed: - apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 - fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 - fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 - fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 - - Remove defunct FIPS_allow_md5() and related functions. - -2005-04-22 06:15 appro - - Changed: - fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 - fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 - fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 - - Move some variables to .bss. - diff --git a/Configure b/Configure index 820be609c96d9..f24d738febc35 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -54,6 +54,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. +# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport +# from 0.9.9 # 386 generate 80386 code # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) @@ -114,12 +116,12 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o"; -my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o"; -my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o"; +my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; +my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; +my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::"; -my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::"; +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; +my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; my $no_asm="::::::::::"; @@ -155,7 +157,10 @@ my %table=( "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -201,11 +206,11 @@ my %table=( "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. @@ -213,11 +218,11 @@ my %table=( # SC5.0 note: Compiler common patch 107357-01 or later is required! "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", #### "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", @@ -231,10 +236,10 @@ my %table=( # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. "irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Unified HP-UX ANSI C configs. # Special notes: @@ -321,8 +326,7 @@ my %table=( "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", #### "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -bpowerpc64-linux is transient option, -m64 should be the one to use... -"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -333,9 +337,9 @@ my %table=( "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -365,7 +369,7 @@ my %table=( # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -403,12 +407,12 @@ my %table=( #### IBM's AIX. "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:", -"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -479,15 +483,20 @@ my %table=( "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# NetWare from David Ward (dsward@novell.com) +# requires either MetroWerks NLM development tools, or gcc / nlmconv +# NetWare defaults socket bio to WinSock sockets. However, +# the builds can be configured to use BSD sockets instead. # netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", # netware-libc => LibC/NKS support -# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be -# configured to use BSD sockets instead. "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", @@ -500,8 +509,11 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", -"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX @@ -530,7 +542,9 @@ my %table=( my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A VC-NT VC-CE VC-WIN32 - BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock); + BC-32 OS2-EMX + netware-clib netware-clib-bsdsock + netware-libc netware-libc-bsdsock); my $idx = 0; my $idx_cc = $idx++; @@ -569,6 +583,7 @@ my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default +my $montasm=1; # but "no-montasm" is default my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -588,7 +603,7 @@ my $des_enc="des_enc.o fcrypt_b.o"; my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; -my $rc4_enc="rc4_enc.o"; +my $rc4_enc="rc4_enc.o rc4_skey.o"; my $rc5_enc="rc5_enc.o"; my $md5_obj=""; my $sha1_obj=""; @@ -601,12 +616,17 @@ my $perl; # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" - "camellia" => "default", - "gmp" => "default", + "camellia" => "default", + "capieng" => "default", + "cms" => "default", + "gmp" => "default", "mdc2" => "default", + "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) "rc5" => "default", - "rfc3779" => "default", + "rfc3779" => "default", + "seed" => "default", "shared" => "default", + "tlsext" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -616,7 +636,7 @@ my %disabled = ( # "what" => "comment" # For symmetry, "disable-..." is a synonym for "no-...". # This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 "; +my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; my $no_sse2=0; @@ -838,6 +858,10 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) $disabled{"tls1"} = "forced"; } +if (defined($disabled{"tls1"})) + { + $disabled{"tlsext"} = "forced"; + } if ($target eq "TABLE") { foreach $target (sort keys %table) { @@ -877,6 +901,8 @@ foreach (sort (keys %disabled)) { $no_shared = 1; } elsif (/^zlib$/) { $zlib = 0; } + elsif (/^montasm$/) + { $montasm = 0; } elsif (/^static-engine$/) { } elsif (/^zlib-dynamic$/) @@ -924,6 +950,7 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); +$exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; @@ -968,6 +995,11 @@ my $shared_extension = $fields[$idx_shared_extension]; my $ranlib = $fields[$idx_ranlib]; my $arflags = $fields[$idx_arflags]; +# '%' in $lflags is used to split flags to "pre-" and post-flags +my ($prelflags,$postlflags)=split('%',$lflags); +if (defined($postlflags)) { $lflags=$postlflags; } +else { $lflags=$prelflags; undef $prelflags; } + my $no_shared_warn=0; my $no_user_cflags=0; @@ -1097,6 +1129,14 @@ if ($no_asm) $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; $sha1_obj=$md5_obj=$rmd160_obj=""; } +if ($montasm) + { + $bn_obj =~ s/MAYBE-MO86-/mo86-/; + } +else + { + $bn_obj =~ s/MAYBE-MO86-[a-z.]*//; + } if (!$no_shared) { @@ -1150,12 +1190,18 @@ if (!$IsMK1MF) } $cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); -# Compiler fix-ups -if ($target =~ /icc$/) + +# +# Platform fix-ups +# +if ($target =~ /\-icc$/) # Intel C compiler { - my($iccver)=`$cc -V 2>&1`; - if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; } - else { $iccver=0; } + my $iccver=0; + if (open(FD,"$cc -V 2>&1 |")) + { + while() { $iccver=$1 if (/Version ([0-9]+)\./); } + close(FD); + } if ($iccver>=8) { # Eliminate unnecessary dependency from libirc.a. This is @@ -1163,6 +1209,28 @@ if ($target =~ /icc$/) # apps/openssl can end up in endless loop upon startup... $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; } + if ($iccver>=9) + { + $cflags.=" -i-static"; + $cflags=~s/\-no_cpprt/-no-cpprt/; + } + if ($iccver>=10) + { + $cflags=~s/\-i\-static/-static-intel/; + } + } + +# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time +# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on +# .so objects. Apparently application RPATH is not global and does +# not apply to .so linked with other .so. Problem manifests itself +# when libssl.so fails to load libcrypto.so. One can argue that we +# should engrave this into Makefile.shared rules or into BSD-* config +# lines above. Meanwhile let's try to be cautious and pass -rpath to +# linker only when --prefix is not /usr. +if ($target =~ /^BSD\-/) + { + $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); } if ($sys_id ne "") @@ -1187,6 +1255,7 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; # bn86* is the only one implementing bn_*_part_words $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); +$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); @@ -1199,7 +1268,7 @@ if ($sha1_obj =~ /\.o$/) $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); - if ($sha1_obj =~ /x86/) + if ($sha1_obj =~ /sse2/) { if ($no_sse2) { $sha1_obj =~ s/\S*sse2\S+//; } elsif ($cflags !~ /OPENSSL_IA32_SSE2/) @@ -1294,6 +1363,7 @@ while () s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; @@ -1581,7 +1651,7 @@ EOF } # create the ms/version32.rc file if needed -if ($IsMK1MF) { +if ($IsMK1MF && ($target !~ /^netware/)) { my ($v1, $v2, $v3, $v4); if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) { $v1=hex $1; diff --git a/FAQ b/FAQ index 74bf952ddcd56..1b14ffe9a4650 100644 --- a/FAQ +++ b/FAQ @@ -32,6 +32,8 @@ OpenSSL - Frequently Asked Questions * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? * What is a "128 bit certificate"? Can I create one with OpenSSL? +* Why does OpenSSL set the authority key identifier extension incorrectly? +* How can I set up a bundle of commercial root CA certificates? [BUILD] Questions about building and testing OpenSSL @@ -66,6 +68,8 @@ OpenSSL - Frequently Asked Questions * Why doesn't my server application receive a client certificate? * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? * I think I've detected a memory leak, is this a bug? +* Why does Valgrind complain about the use of uninitialized data? +* Why doesn't a memory BIO work when a file does? =============================================================================== @@ -74,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8e was released on February 23rd, 2007. +OpenSSL 0.9.8i was released on Sep 15th, 2008. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at B->C so that A signs B and B signs C. Suppose +certificate C contains AKID. + +The purpose of this extension is to identify the authority certificate B. This +can be done either by including the subject key identifier of B or its issuer +name and serial number. + +In this latter case because it is identifying certifcate B it must contain the +issuer name and serial number of B. + +It is often wrongly assumed that it should contain the subject name of B. If it +did this would be redundant information because it would duplicate the issuer +name of C. + + +* How can I set up a bundle of commercial root CA certificates? + +The OpenSSL software is shipped without any root CA certificate as the +OpenSSL project does not have any policy on including or excluding +any specific CA and does not intend to set up such a policy. Deciding +about which CAs to support is up to application developers or +administrators. + +Other projects do have other policies so you can for example extract the CA +bundle used by Mozilla and/or modssl as described in this article: + + http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + + [BUILD] ======================================================================= * Why does the linker complain about undefined symbols? @@ -822,11 +859,11 @@ code itself (the hex digits after the second colon). * Why do I get errors about unknown algorithms? -This can happen under several circumstances such as reading in an -encrypted private key or attempting to decrypt a PKCS#12 file. The cause -is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. - +The cause is forgetting to load OpenSSL's table of algorithms with +OpenSSL_add_all_algorithms(). See the manual page for more information. This +can cause several problems such as being unable to read in an encrypted +PEM file, unable to decrypt a PKCS#12 file or signature failure when +verifying certificates. * Why can't the OpenSSH configure script detect OpenSSL? @@ -894,5 +931,35 @@ thread-safe): ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). -=============================================================================== +* Why does Valgrind complain about the use of uninitialized data? + +When OpenSSL's PRNG routines are called to generate random numbers the supplied +buffer contents are mixed into the entropy pool: so it technically does not +matter whether the buffer is initialized at this point or not. Valgrind (and +other test tools) will complain about this. When using Valgrind, make sure the +OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) +to get rid of these warnings. + + +* Why doesn't a memory BIO work when a file does? + +This can occur in several cases for example reading an S/MIME email message. +The reason is that a memory BIO can do one of two things when all the data +has been read from it. + +The default behaviour is to indicate that no more data is available and that +the call should be retried, this is to allow the application to fill up the BIO +again if necessary. +Alternatively it can indicate that no more data is available and that EOF has +been reached. + +If a memory BIO is to behave in the same way as a file this second behaviour +is needed. This must be done by calling: + + BIO_set_mem_eof_return(bio, 0); + +See the manual pages for more details. + + +=============================================================================== diff --git a/INSTALL b/INSTALL index 83439f1aa4f61..c72cc1dcee425 100644 --- a/INSTALL +++ b/INSTALL @@ -158,7 +158,7 @@ standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be recorded in the request tracker publicly readable - via http://www.openssl.org/support/rt2.html and will be forwarded to a + via http://www.openssl.org/support/rt.html and will be forwarded to a public mailing list). Include the output of "make report" in your message. Please check out the request tracker. Maybe the bug was already reported or has already been fixed. @@ -180,7 +180,7 @@ in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of "make report" in order to be added to the request tracker at - http://www.openssl.org/support/rt2.html. + http://www.openssl.org/support/rt.html. 4. If everything tests ok, install OpenSSL with diff --git a/LICENSE b/LICENSE index ff99d9724177c..a2c4adcbe6a58 100644 --- a/LICENSE +++ b/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile b/Makefile index e2223b7dbd478..43b1d9796aac7 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8e +VERSION=0.9.8i MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -13,7 +13,7 @@ SHLIB_MAJOR=0 SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-shared no-zlib no-zlib-dynamic +OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 +DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT PEX_LIBS= EX_LIBS= EXE_EXT= @@ -92,7 +92,7 @@ DES_ENC= des_enc.o fcrypt_b.o AES_ASM_OBJ= aes_core.o aes_cbc.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o +RC4_ENC= rc4_enc.o rc4_skey.o RC5_ENC= rc5_enc.o MD5_ASM_OBJ= SHA1_ASM_OBJ= diff --git a/Makefile.org b/Makefile.org index c1334c6e1e9f9..22b169925742c 100644 --- a/Makefile.org +++ b/Makefile.org @@ -111,11 +111,11 @@ SHLIBDIRS= crypto ssl SDIRS= \ objects \ md2 md4 md5 sha mdc2 hmac ripemd \ - des aes rc2 rc4 rc5 idea bf cast camellia \ + des aes rc2 rc4 rc5 idea bf cast camellia seed \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - store pqueue + store cms pqueue # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/Makefile.shared b/Makefile.shared index 1b94aa18bcb39..c6006f70bf5c1 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -236,24 +236,30 @@ link_o.cygwin: @ $(CALC_VERSIONS); \ INHIBIT_SYMLINKS=yes; \ SHLIB=cyg$(LIBNAME); \ - expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ + base=-Wl,--enable-auto-image-base; \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + SHLIB=$(LIBNAME)eay32; base=; \ + fi; \ SHLIB_SUFFIX=.dll; \ LIBVERSION="$(LIBVERSION)"; \ SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ $(LINK_SO_O) link_a.cygwin: @ $(CALC_VERSIONS); \ INHIBIT_SYMLINKS=yes; \ SHLIB=cyg$(LIBNAME); \ - expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ + base=-Wl,--enable-auto-image-base; \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + SHLIB=$(LIBNAME)eay32; \ + base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ + fi; \ SHLIB_SUFFIX=.dll; \ SHLIB_SOVER=-$(LIBVERSION); \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \ [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \ @@ -278,7 +284,7 @@ link_o.alpha-osf1: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ fi; \ @@ -299,7 +305,7 @@ link_a.alpha-osf1: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ fi; \ @@ -422,7 +428,7 @@ link_o.irix: ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ ALLSYMSFLAGS="$${MINUSWL}-all"; \ NOALLSYMSFLAGS="$${MINUSWL}-none"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \ fi; \ $(LINK_SO_O) link_a.irix: @@ -436,7 +442,7 @@ link_a.irix: ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ ALLSYMSFLAGS="$${MINUSWL}-all"; \ NOALLSYMSFLAGS="$${MINUSWL}-none"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \ fi; \ $(LINK_SO_A) link_app.irix: @@ -460,7 +466,7 @@ link_o.hpux: ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ fi; \ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX @@ -473,7 +479,7 @@ link_a.hpux: ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ fi; \ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX @@ -485,26 +491,26 @@ link_app.hpux: link_o.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-bnogc'; \ + ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \ - $(LINK_SO_O); rm -rf lib$(LIBNAME).exp + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ + $(LINK_SO_O); link_a.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ $(LINK_SO_A_VIA_O) link_app.aix: - LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ + LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ $(LINK_APP) link_o.reliantunix: diff --git a/NEWS b/NEWS index c808a76ccf586..6488ffa122f89 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,29 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: + + o CryptoAPI ENGINE support. + o Various precautionary measures. + o Fix for bugs affecting certificate request creation. + o Support for local machine keyset attribute in PKCS#12 files. + + Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: + + o Backport of CMS functionality to 0.9.8. + o Fixes for bugs introduced with 0.9.8f. + + Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: + + o Add gcc 4.2 support. + o Add support for AES and SSE2 assembly lanugauge optimization + for VC++ build. + o Support for RFC4507bis and server name extensions if explicitly + selected at compile time. + o DTLS improvements. + o RFC4507bis support. + o TLS Extensions support. + Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: o Various ciphersuite selection fixes. diff --git a/README b/README index 907e2354bf6a9..a2d87d4a497d3 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.8e 23 Feb 2007 + OpenSSL 0.9.8i - Copyright (c) 1998-2007 The OpenSSL Project + Copyright (c) 1998-2008 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -36,12 +36,13 @@ actually logically part of it. It includes routines for the following: Ciphers - libdes - EAY's libdes DES encryption package which has been floating - around the net for a few years. It includes 15 - 'modes/variations' of DES (1, 2 and 3 key versions of ecb, - cbc, cfb and ofb; pcbc and a more general form of cfb and - ofb) including desx in cbc mode, a fast crypt(3), and - routines to read passwords from the keyboard. + libdes - EAY's libdes DES encryption package which was floating + around the net for a few years, and was then relicensed by + him as part of SSLeay. It includes 15 'modes/variations' + of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; + pcbc and a more general form of cfb and ofb) including desx + in cbc mode, a fast crypt(3), and routines to read + passwords from the keyboard. RC4 encryption, RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. @@ -160,7 +161,7 @@ - Stack Traceback (if the application dumps core) Report the bug to the OpenSSL project via the Request Tracker - (http://www.openssl.org/support/rt2.html) by mail to: + (http://www.openssl.org/support/rt.html) by mail to: openssl-bugs@openssl.org diff --git a/apps/Makefile b/apps/Makefile index 41cd3ca016bd9..7eade4e2741bd 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -38,7 +38,7 @@ EXE= $(PROGRAM)$(EXE_EXT) E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ ca crl rsa rsautl dsa dsaparam ec ecparam \ x509 genrsa gendsa s_server s_client speed \ - s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ + s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \ pkcs8 spkac smime rand engine ocsp prime PROGS= $(PROGRAM).c @@ -56,7 +56,7 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \ - ocsp.o prime.o + ocsp.o prime.o cms.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ @@ -64,7 +64,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca. x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \ - ocsp.c prime.c + ocsp.c prime.c cms.c SRC=$(E_SRC) @@ -153,11 +153,7 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ - if [ "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ - else \ - LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ - fi; \ + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -179,13 +175,14 @@ app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h -app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c -app_rand.o: apps.h +app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +app_rand.o: app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -194,15 +191,15 @@ apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h -apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -apps.o: ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h +apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +apps.o: ../include/openssl/sha.h ../include/openssl/stack.h +apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +apps.o: ../include/openssl/ui.h ../include/openssl/x509.h +apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -210,13 +207,14 @@ asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h -asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h -asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h +asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h asn1pars.o: asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -241,9 +239,10 @@ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h -ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -253,7 +252,22 @@ ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c +ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +ciphers.o: ciphers.c +cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h +cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h +cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +cms.o: ../include/openssl/sha.h ../include/openssl/stack.h +cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +cms.o: ../include/openssl/x509v3.h apps.h cms.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -261,14 +275,14 @@ crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl.o: ../include/openssl/err.h ../include/openssl/evp.h crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -crl.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -276,13 +290,14 @@ crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h +crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl2p7.o: crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -292,13 +307,14 @@ dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dgst.o: ../include/openssl/err.h ../include/openssl/evp.h dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c +dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dgst.o: ../include/openssl/x509v3.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -307,13 +323,14 @@ dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dh.o: ../include/openssl/err.h ../include/openssl/evp.h dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -dh.o: ../include/openssl/sha.h ../include/openssl/stack.h -dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c +dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -322,13 +339,14 @@ dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dsa.o: ../include/openssl/err.h ../include/openssl/evp.h dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c +dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -338,15 +356,16 @@ dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h -dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h -dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h -dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c +dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h +dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -354,13 +373,14 @@ ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ec.o: ../include/openssl/err.h ../include/openssl/evp.h ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ec.o: ../include/openssl/sha.h ../include/openssl/stack.h -ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -369,13 +389,14 @@ ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c +ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -383,14 +404,15 @@ enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h enc.o: ../include/openssl/err.h ../include/openssl/evp.h enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -enc.o: ../include/openssl/x509_vfy.h apps.h enc.c +enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h +enc.o: ../include/openssl/sha.h ../include/openssl/stack.h +enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +enc.o: ../include/openssl/x509v3.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h engine.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -398,9 +420,10 @@ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h engine.o: ../include/openssl/engine.h ../include/openssl/err.h -engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/evp.h ../include/openssl/hmac.h +engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -410,7 +433,8 @@ engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h apps.h engine.c +engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -418,9 +442,10 @@ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h errstr.o: ../include/openssl/engine.h ../include/openssl/err.h -errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -430,7 +455,8 @@ errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c +errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -440,15 +466,16 @@ gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h gendh.o: ../include/openssl/engine.h ../include/openssl/err.h gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h -gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/store.h -gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h -gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c +gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h +gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h +gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h +gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +gendh.o: ../include/openssl/x509v3.h apps.h gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -457,13 +484,14 @@ gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h gendsa.o: gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -474,15 +502,16 @@ genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h -genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h -genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h -genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c +genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h +genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -490,13 +519,14 @@ nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h nseq.o: ../include/openssl/err.h ../include/openssl/evp.h nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h -nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h -nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c +nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h +nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -504,20 +534,20 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h -ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -525,9 +555,10 @@ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h openssl.o: ../include/openssl/engine.h ../include/openssl/err.h -openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h -openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h +openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -537,7 +568,8 @@ openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h @@ -547,13 +579,14 @@ passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h passwd.o: ../include/openssl/err.h ../include/openssl/evp.h passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h -passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h +passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h passwd.o: passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -562,14 +595,15 @@ pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c +pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -577,13 +611,15 @@ pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkcs7.o: pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -591,14 +627,15 @@ pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -606,12 +643,14 @@ prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h prime.o: ../include/openssl/engine.h ../include/openssl/evp.h prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -prime.o: ../include/openssl/sha.h ../include/openssl/stack.h -prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c +prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h +prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +prime.o: prime.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -619,13 +658,14 @@ rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rand.o: ../include/openssl/err.h ../include/openssl/evp.h rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rand.o: ../include/openssl/x509_vfy.h apps.h rand.c +rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h +rand.o: ../include/openssl/sha.h ../include/openssl/stack.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rand.o: ../include/openssl/x509v3.h apps.h rand.c req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h req.o: ../include/openssl/bn.h ../include/openssl/buffer.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -635,15 +675,16 @@ req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h req.o: ../include/openssl/engine.h ../include/openssl/err.h req.o: ../include/openssl/evp.h ../include/openssl/lhash.h req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rsa.h -req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/store.h -req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -req.o: ../include/openssl/ui.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +req.o: ../include/openssl/pem.h ../include/openssl/pem2.h +req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +req.o: ../include/openssl/sha.h ../include/openssl/stack.h +req.o: ../include/openssl/store.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -652,13 +693,14 @@ rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h rsa.o: ../include/openssl/engine.h ../include/openssl/err.h rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c +rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -666,14 +708,15 @@ rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c +rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -681,9 +724,10 @@ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h -s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -693,7 +737,8 @@ s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_cb.o: s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -701,9 +746,10 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h -s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -713,8 +759,8 @@ s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_client.o: s_apps.h s_client.c timeouts.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -723,9 +769,10 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_server.o: ../include/openssl/engine.h ../include/openssl/err.h -s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -737,7 +784,8 @@ s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h +s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_server.o: s_apps.h s_server.c timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -745,8 +793,9 @@ s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h @@ -756,8 +805,8 @@ s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_socket.o: s_apps.h s_socket.c +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -765,9 +814,10 @@ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_time.o: ../include/openssl/engine.h ../include/openssl/err.h -s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -777,7 +827,8 @@ s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -785,9 +836,10 @@ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h -sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/evp.h ../include/openssl/hmac.h +sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h @@ -797,7 +849,8 @@ sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c +sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -805,14 +858,15 @@ smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h smime.o: ../include/openssl/err.h ../include/openssl/evp.h smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h -smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -smime.o: ../include/openssl/sha.h ../include/openssl/stack.h -smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -smime.o: ../include/openssl/x509v3.h apps.h smime.c +smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h +smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +smime.o: smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -826,16 +880,17 @@ speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h speed.o: ../include/openssl/md2.h ../include/openssl/md4.h speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h -speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h +speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h +speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h +speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -843,13 +898,15 @@ spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h spkac.o: ../include/openssl/err.h ../include/openssl/evp.h spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h -spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h -spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c +spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h +spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +spkac.o: spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -857,14 +914,15 @@ verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h verify.o: ../include/openssl/err.h ../include/openssl/evp.h verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h -verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -verify.o: ../include/openssl/sha.h ../include/openssl/stack.h -verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -verify.o: ../include/openssl/x509v3.h apps.h verify.c +verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +verify.o: verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -875,13 +933,14 @@ version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h version.o: ../include/openssl/evp.h ../include/openssl/idea.h version.o: ../include/openssl/lhash.h ../include/openssl/md2.h version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h -version.o: ../include/openssl/sha.h ../include/openssl/stack.h -version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h +version.o: ../include/openssl/safestack.h ../include/openssl/sha.h +version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h version.o: version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -891,11 +950,12 @@ x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h x509.o: ../include/openssl/err.h ../include/openssl/evp.h x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h -x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h -x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +x509.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h x509.c diff --git a/apps/apps.c b/apps/apps.c index 613c3ba4955c4..5209caba2e214 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2010,7 +2010,7 @@ int parse_yesno(const char *str, int def) case 'y': /* yes */ case 'Y': /* YES */ case '1': /* 1 */ - ret = 0; + ret = 1; break; default: ret = def; diff --git a/apps/apps.h b/apps/apps.h index 26dcbc5771d5c..0df170813ae15 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -122,6 +122,9 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#ifndef OPENSSL_NO_OCSP +#include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -228,6 +231,12 @@ extern BIO *bio_err; # endif #endif +#ifdef OPENSSL_SYSNAME_WIN32 +# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) +#else +# define openssl_fdset(a,b) FD_SET(a, b) +#endif + typedef struct args_st { char **data; @@ -275,6 +284,12 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); #endif +#ifndef OPENSSL_NO_OCSP +OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, + char *host, char *path, char *port, int use_ssl, + int req_timeout); +#endif + int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/apps/ca.c b/apps/ca.c index e9d79def61d70..87f0405f5d575 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2882,13 +2882,22 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) p=(char *)str->data; for (j=str->length; j>0; j--) { +#ifdef CHARSET_EBCDIC + if ((*p >= 0x20) && (*p <= 0x7e)) + BIO_printf(bp,"%c",os_toebcdic[*p]); +#else if ((*p >= ' ') && (*p <= '~')) BIO_printf(bp,"%c",*p); +#endif else if (*p & 0x80) BIO_printf(bp,"\\0x%02X",*p); else if ((unsigned char)*p == 0xf7) BIO_printf(bp,"^?"); +#ifdef CHARSET_EBCDIC + else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); +#else else BIO_printf(bp,"^%c",*p+'@'); +#endif p++; } BIO_printf(bp,"'\n"); diff --git a/apps/cms.c b/apps/cms.c new file mode 100644 index 0000000000000..6d227acabe829 --- /dev/null +++ b/apps/cms.c @@ -0,0 +1,1347 @@ +/* apps/cms.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* CMS utility function */ + +#include +#include +#include "apps.h" + +#ifndef OPENSSL_NO_CMS + +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG cms_main +static int save_certs(char *signerfile, STACK_OF(X509) *signers); +static int cms_cb(int ok, X509_STORE_CTX *ctx); +static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); +static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, + STACK *rr_from); + +#define SMIME_OP 0x10 +#define SMIME_IP 0x20 +#define SMIME_SIGNERS 0x40 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT (2 | SMIME_IP) +#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) +#define SMIME_VERIFY (4 | SMIME_IP) +#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP) +#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) +#define SMIME_DATAOUT (7 | SMIME_IP) +#define SMIME_DATA_CREATE (8 | SMIME_OP) +#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) +#define SMIME_DIGEST_CREATE (10 | SMIME_OP) +#define SMIME_UNCOMPRESS (11 | SMIME_IP) +#define SMIME_COMPRESS (12 | SMIME_OP) +#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) +#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) +#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) +#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + ENGINE *e = NULL; + int operation = 0; + int ret = 0; + char **args; + const char *inmode = "r", *outmode = "w"; + char *infile = NULL, *outfile = NULL, *rctfile = NULL; + char *signerfile = NULL, *recipfile = NULL; + STACK *sksigners = NULL, *skkeys = NULL; + char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certsoutfile = NULL; + const EVP_CIPHER *cipher = NULL; + CMS_ContentInfo *cms = NULL, *rcms = NULL; + X509_STORE *store = NULL; + X509 *cert = NULL, *recip = NULL, *signer = NULL; + EVP_PKEY *key = NULL; + STACK_OF(X509) *encerts = NULL, *other = NULL; + BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; + int badarg = 0; + int flags = CMS_DETACHED; + int rr_print = 0, rr_allorfirst = -1; + STACK *rr_to = NULL, *rr_from = NULL; + CMS_ReceiptRequest *rr = NULL; + char *to = NULL, *from = NULL, *subject = NULL; + char *CAfile = NULL, *CApath = NULL; + char *passargin = NULL, *passin = NULL; + char *inrand = NULL; + int need_rand = 0; + const EVP_MD *sign_md = NULL; + int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; + int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif + unsigned char *secret_key = NULL, *secret_keyid = NULL; + size_t secret_keylen = 0, secret_keyidlen = 0; + + ASN1_OBJECT *econtent_type = NULL; + + X509_VERIFY_PARAM *vpm = NULL; + + args = argv + 1; + ret = 1; + + apps_startup(); + + if (bio_err == NULL) + { + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + } + + if (!load_config(bio_err, NULL)) + goto end; + + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp (*args, "-encrypt")) + operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) + operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) + operation = SMIME_SIGN; + else if (!strcmp (*args, "-sign_receipt")) + operation = SMIME_SIGN_RECEIPT; + else if (!strcmp (*args, "-resign")) + operation = SMIME_RESIGN; + else if (!strcmp (*args, "-verify")) + operation = SMIME_VERIFY; + else if (!strcmp(*args,"-verify_receipt")) + { + operation = SMIME_VERIFY_RECEIPT; + if (!args[1]) + goto argerr; + args++; + rctfile = *args; + } + else if (!strcmp (*args, "-cmsout")) + operation = SMIME_CMSOUT; + else if (!strcmp (*args, "-data_out")) + operation = SMIME_DATAOUT; + else if (!strcmp (*args, "-data_create")) + operation = SMIME_DATA_CREATE; + else if (!strcmp (*args, "-digest_verify")) + operation = SMIME_DIGEST_VERIFY; + else if (!strcmp (*args, "-digest_create")) + operation = SMIME_DIGEST_CREATE; + else if (!strcmp (*args, "-compress")) + operation = SMIME_COMPRESS; + else if (!strcmp (*args, "-uncompress")) + operation = SMIME_UNCOMPRESS; + else if (!strcmp (*args, "-EncryptedData_decrypt")) + operation = SMIME_ENCRYPTED_DECRYPT; + else if (!strcmp (*args, "-EncryptedData_encrypt")) + operation = SMIME_ENCRYPTED_ENCRYPT; +#ifndef OPENSSL_NO_DES + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); +#endif +#ifndef OPENSSL_NO_SEED + else if (!strcmp (*args, "-seed")) + cipher = EVP_seed_cbc(); +#endif +#ifndef OPENSSL_NO_RC2 + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (!strcmp(*args,"-aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*args,"-aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*args,"-aes256")) + cipher = EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); +#endif + else if (!strcmp (*args, "-text")) + flags |= CMS_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= CMS_NOINTERN; + else if (!strcmp (*args, "-noverify") + || !strcmp (*args, "-no_signer_cert_verify")) + flags |= CMS_NO_SIGNER_CERT_VERIFY; + else if (!strcmp (*args, "-nocerts")) + flags |= CMS_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= CMS_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~CMS_DETACHED; + else if (!strcmp (*args, "-nosmimecap")) + flags |= CMS_NOSMIMECAP; + else if (!strcmp (*args, "-binary")) + flags |= CMS_BINARY; + else if (!strcmp (*args, "-keyid")) + flags |= CMS_USE_KEYID; + else if (!strcmp (*args, "-nosigs")) + flags |= CMS_NOSIGS; + else if (!strcmp (*args, "-no_content_verify")) + flags |= CMS_NO_CONTENT_VERIFY; + else if (!strcmp (*args, "-no_attr_verify")) + flags |= CMS_NO_ATTR_VERIFY; + else if (!strcmp (*args, "-stream")) + { + args++; + continue; + } + else if (!strcmp (*args, "-indef")) + { + args++; + continue; + } + else if (!strcmp (*args, "-noindef")) + flags &= ~CMS_STREAM; + else if (!strcmp (*args, "-nooldmime")) + flags |= CMS_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= CMS_CRLFEOL; + else if (!strcmp (*args, "-receipt_request_print")) + rr_print = 1; + else if (!strcmp (*args, "-receipt_request_all")) + rr_allorfirst = 0; + else if (!strcmp (*args, "-receipt_request_first")) + rr_allorfirst = 1; + else if (!strcmp(*args,"-receipt_request_from")) + { + if (!args[1]) + goto argerr; + args++; + if (!rr_from) + rr_from = sk_new_null(); + sk_push(rr_from, *args); + } + else if (!strcmp(*args,"-receipt_request_to")) + { + if (!args[1]) + goto argerr; + args++; + if (!rr_to) + rr_to = sk_new_null(); + sk_push(rr_to, *args); + } + else if (!strcmp(*args,"-secretkey")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_key = string_to_hex(*args, <mp); + if (!secret_key) + { + BIO_printf(bio_err, "Invalid key %s\n", *args); + goto argerr; + } + secret_keylen = (size_t)ltmp; + } + else if (!strcmp(*args,"-secretkeyid")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_keyid = string_to_hex(*args, <mp); + if (!secret_keyid) + { + BIO_printf(bio_err, "Invalid id %s\n", *args); + goto argerr; + } + secret_keyidlen = (size_t)ltmp; + } + else if (!strcmp(*args,"-econtent_type")) + { + if (!args[1]) + goto argerr; + args++; + econtent_type = OBJ_txt2obj(*args, 0); + if (!econtent_type) + { + BIO_printf(bio_err, "Invalid OID %s\n", *args); + goto argerr; + } + } + else if (!strcmp(*args,"-rand")) + { + if (!args[1]) + goto argerr; + args++; + inrand = *args; + need_rand = 1; + } +#ifndef OPENSSL_NO_ENGINE + else if (!strcmp(*args,"-engine")) + { + if (!args[1]) + goto argerr; + engine = *++args; + } +#endif + else if (!strcmp(*args,"-passin")) + { + if (!args[1]) + goto argerr; + passargin = *++args; + } + else if (!strcmp (*args, "-to")) + { + if (!args[1]) + goto argerr; + to = *++args; + } + else if (!strcmp (*args, "-from")) + { + if (!args[1]) + goto argerr; + from = *++args; + } + else if (!strcmp (*args, "-subject")) + { + if (!args[1]) + goto argerr; + subject = *++args; + } + else if (!strcmp (*args, "-signer")) + { + if (!args[1]) + goto argerr; + /* If previous -signer argument add signer to list */ + + if (signerfile) + { + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + if (!keyfile) + keyfile = signerfile; + if (!skkeys) + skkeys = sk_new_null(); + sk_push(skkeys, keyfile); + keyfile = NULL; + } + signerfile = *++args; + } + else if (!strcmp (*args, "-recip")) + { + if (!args[1]) + goto argerr; + recipfile = *++args; + } + else if (!strcmp (*args, "-certsout")) + { + if (!args[1]) + goto argerr; + certsoutfile = *++args; + } + else if (!strcmp (*args, "-md")) + { + if (!args[1]) + goto argerr; + sign_md = EVP_get_digestbyname(*++args); + if (sign_md == NULL) + { + BIO_printf(bio_err, "Unknown digest %s\n", + *args); + goto argerr; + } + } + else if (!strcmp (*args, "-inkey")) + { + if (!args[1]) + goto argerr; + /* If previous -inkey arument add signer to list */ + if (keyfile) + { + if (!signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + signerfile = NULL; + if (!skkeys) + skkeys = sk_new_null(); + sk_push(skkeys, keyfile); + } + keyfile = *++args; + } + else if (!strcmp (*args, "-keyform")) + { + if (!args[1]) + goto argerr; + keyform = str2fmt(*++args); + } + else if (!strcmp (*args, "-rctform")) + { + if (!args[1]) + goto argerr; + rctformat = str2fmt(*++args); + } + else if (!strcmp (*args, "-certfile")) + { + if (!args[1]) + goto argerr; + certfile = *++args; + } + else if (!strcmp (*args, "-CAfile")) + { + if (!args[1]) + goto argerr; + CAfile = *++args; + } + else if (!strcmp (*args, "-CApath")) + { + if (!args[1]) + goto argerr; + CApath = *++args; + } + else if (!strcmp (*args, "-in")) + { + if (!args[1]) + goto argerr; + infile = *++args; + } + else if (!strcmp (*args, "-inform")) + { + if (!args[1]) + goto argerr; + informat = str2fmt(*++args); + } + else if (!strcmp (*args, "-outform")) + { + if (!args[1]) + goto argerr; + outformat = str2fmt(*++args); + } + else if (!strcmp (*args, "-out")) + { + if (!args[1]) + goto argerr; + outfile = *++args; + } + else if (!strcmp (*args, "-content")) + { + if (!args[1]) + goto argerr; + contfile = *++args; + } + else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + continue; + else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) + badarg = 1; + args++; + } + + if (((rr_allorfirst != -1) || rr_from) && !rr_to) + { + BIO_puts(bio_err, "No Signed Receipts Recipients\n"); + goto argerr; + } + + if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) + { + BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); + goto argerr; + } + if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) + { + BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); + goto argerr; + } + + if (operation & SMIME_SIGNERS) + { + if (keyfile && !signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + /* Check to see if any final signer needs to be appended */ + if (signerfile) + { + if (!sksigners) + sksigners = sk_new_null(); + sk_push(sksigners, signerfile); + if (!skkeys) + skkeys = sk_new_null(); + if (!keyfile) + keyfile = signerfile; + sk_push(skkeys, keyfile); + } + if (!sksigners) + { + BIO_printf(bio_err, "No signer certificate specified\n"); + badarg = 1; + } + signerfile = NULL; + keyfile = NULL; + need_rand = 1; + } + + else if (operation == SMIME_DECRYPT) + { + if (!recipfile && !keyfile && !secret_key) + { + BIO_printf(bio_err, "No recipient certificate or key specified\n"); + badarg = 1; + } + } + else if (operation == SMIME_ENCRYPT) + { + if (!*args && !secret_key) + { + BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); + badarg = 1; + } + need_rand = 1; + } + else if (!operation) + badarg = 1; + + if (badarg) + { + argerr: + BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-encrypt encrypt message\n"); + BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); + BIO_printf (bio_err, "-sign sign message\n"); + BIO_printf (bio_err, "-verify verify signed message\n"); + BIO_printf (bio_err, "-cmsout output CMS structure\n"); +#ifndef OPENSSL_NO_DES + BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); + BIO_printf (bio_err, "-des encrypt with DES\n"); +#endif +#ifndef OPENSSL_NO_SEED + BIO_printf (bio_err, "-seed encrypt with SEED\n"); +#endif +#ifndef OPENSSL_NO_RC2 + BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); + BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); + BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); +#endif + BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); + BIO_printf (bio_err, "-nosigs don't verify message signature\n"); + BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); + BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); + BIO_printf (bio_err, "-nodetach use opaque signing\n"); + BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); + BIO_printf (bio_err, "-binary don't translate message to text\n"); + BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-certsout file certificate output file\n"); + BIO_printf (bio_err, "-signer file signer certificate file\n"); + BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); + BIO_printf (bio_err, "-skeyid use subject key identifier\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); + BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); + BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); + BIO_printf (bio_err, "-to addr to address\n"); + BIO_printf (bio_err, "-from ad from address\n"); + BIO_printf (bio_err, "-subject s subject\n"); + BIO_printf (bio_err, "-text include or delete text MIME headers\n"); + BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); + BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif + BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); + BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); + goto end; + } + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if (need_rand) + { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + + ret = 2; + + if (!(operation & SMIME_SIGNERS)) + flags &= ~CMS_DETACHED; + + if (operation & SMIME_OP) + { + if (outformat == FORMAT_ASN1) + outmode = "wb"; + } + else + { + if (flags & CMS_BINARY) + outmode = "wb"; + } + + if (operation & SMIME_IP) + { + if (informat == FORMAT_ASN1) + inmode = "rb"; + } + else + { + if (flags & CMS_BINARY) + inmode = "rb"; + } + + if (operation == SMIME_ENCRYPT) + { + if (!cipher) + { +#ifndef OPENSSL_NO_DES + cipher = EVP_des_ede3_cbc(); +#else + BIO_printf(bio_err, "No cipher selected\n"); + goto end; +#endif + } + + if (secret_key && !secret_keyid) + { + BIO_printf(bio_err, "No sectre key id\n"); + goto end; + } + + if (*args) + encerts = sk_X509_new_null(); + while (*args) + { + if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) + goto end; + sk_X509_push(encerts, cert); + cert = NULL; + args++; + } + } + + if (certfile) + { + if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (recipfile && (operation == SMIME_DECRYPT)) + { + if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (operation == SMIME_SIGN_RECEIPT) + { + if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, + e, "receipt signer certificate file"))) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (operation == SMIME_DECRYPT) + { + if (!keyfile) + keyfile = recipfile; + } + else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) + { + if (!keyfile) + keyfile = signerfile; + } + else keyfile = NULL; + + if (keyfile) + { + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) + goto end; + } + + if (infile) + { + if (!(in = BIO_new_file(infile, inmode))) + { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } + else + in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (operation & SMIME_IP) + { + if (informat == FORMAT_SMIME) + cms = SMIME_read_CMS(in, &indata); + else if (informat == FORMAT_PEM) + cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); + else if (informat == FORMAT_ASN1) + cms = d2i_CMS_bio(in, NULL); + else + { + BIO_printf(bio_err, "Bad input format for CMS file\n"); + goto end; + } + + if (!cms) + { + BIO_printf(bio_err, "Error reading S/MIME message\n"); + goto end; + } + if (contfile) + { + BIO_free(indata); + if (!(indata = BIO_new_file(contfile, "rb"))) + { + BIO_printf(bio_err, "Can't read content file %s\n", contfile); + goto end; + } + } + if (certsoutfile) + { + STACK_OF(X509) *allcerts; + allcerts = CMS_get1_certs(cms); + if (!save_certs(certsoutfile, allcerts)) + { + BIO_printf(bio_err, + "Error writing certs to %s\n", + certsoutfile); + ret = 5; + goto end; + } + sk_X509_pop_free(allcerts, X509_free); + } + } + + if (rctfile) + { + char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; + if (!(rctin = BIO_new_file(rctfile, rctmode))) + { + BIO_printf (bio_err, + "Can't open receipt file %s\n", rctfile); + goto end; + } + + if (rctformat == FORMAT_SMIME) + rcms = SMIME_read_CMS(rctin, NULL); + else if (rctformat == FORMAT_PEM) + rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); + else if (rctformat == FORMAT_ASN1) + rcms = d2i_CMS_bio(rctin, NULL); + else + { + BIO_printf(bio_err, "Bad input format for receipt\n"); + goto end; + } + + if (!rcms) + { + BIO_printf(bio_err, "Error reading receipt\n"); + goto end; + } + } + + if (outfile) + { + if (!(out = BIO_new_file(outfile, outmode))) + { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } + else + { + out = BIO_new_fp(stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + + if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) + { + if (!(store = setup_verify(bio_err, CAfile, CApath))) + goto end; + X509_STORE_set_verify_cb_func(store, cms_cb); + if (vpm) + X509_STORE_set1_param(store, vpm); + } + + + ret = 3; + + if (operation == SMIME_DATA_CREATE) + { + cms = CMS_data_create(in, flags); + } + else if (operation == SMIME_DIGEST_CREATE) + { + cms = CMS_digest_create(in, sign_md, flags); + } + else if (operation == SMIME_COMPRESS) + { + cms = CMS_compress(in, -1, flags); + } + else if (operation == SMIME_ENCRYPT) + { + flags |= CMS_PARTIAL; + cms = CMS_encrypt(encerts, in, cipher, flags); + if (!cms) + goto end; + if (secret_key) + { + if (!CMS_add0_recipient_key(cms, NID_undef, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) + goto end; + /* NULL these because call absorbs them */ + secret_key = NULL; + secret_keyid = NULL; + } + if (!(flags & CMS_STREAM)) + { + if (!CMS_final(cms, in, NULL, flags)) + goto end; + } + } + else if (operation == SMIME_ENCRYPTED_ENCRYPT) + { + cms = CMS_EncryptedData_encrypt(in, cipher, + secret_key, secret_keylen, + flags); + + } + else if (operation == SMIME_SIGN_RECEIPT) + { + CMS_ContentInfo *srcms = NULL; + STACK_OF(CMS_SignerInfo) *sis; + CMS_SignerInfo *si; + sis = CMS_get0_SignerInfos(cms); + if (!sis) + goto end; + si = sk_CMS_SignerInfo_value(sis, 0); + srcms = CMS_sign_receipt(si, signer, key, other, flags); + if (!srcms) + goto end; + CMS_ContentInfo_free(cms); + cms = srcms; + } + else if (operation & SMIME_SIGNERS) + { + int i; + /* If detached data content we enable streaming if + * S/MIME output format. + */ + if (operation == SMIME_SIGN) + { + + if (flags & CMS_DETACHED) + { + if (outformat == FORMAT_SMIME) + flags |= CMS_STREAM; + } + flags |= CMS_PARTIAL; + cms = CMS_sign(NULL, NULL, other, in, flags); + if (!cms) + goto end; + if (econtent_type) + CMS_set1_eContentType(cms, econtent_type); + + if (rr_to) + { + rr = make_receipt_request(rr_to, rr_allorfirst, + rr_from); + if (!rr) + { + BIO_puts(bio_err, + "Signed Receipt Request Creation Error\n"); + goto end; + } + } + } + else + flags |= CMS_REUSE_DIGEST; + for (i = 0; i < sk_num(sksigners); i++) + { + CMS_SignerInfo *si; + signerfile = sk_value(sksigners, i); + keyfile = sk_value(skkeys, i); + signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, + e, "signer certificate"); + if (!signer) + goto end; + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) + goto end; + si = CMS_add1_signer(cms, signer, key, sign_md, flags); + if (!si) + goto end; + if (rr && !CMS_add1_ReceiptRequest(si, rr)) + goto end; + X509_free(signer); + signer = NULL; + EVP_PKEY_free(key); + key = NULL; + } + /* If not streaming or resigning finalize structure */ + if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) + { + if (!CMS_final(cms, in, NULL, flags)) + goto end; + } + } + + if (!cms) + { + BIO_printf(bio_err, "Error creating CMS structure\n"); + goto end; + } + + ret = 4; + if (operation == SMIME_DECRYPT) + { + + if (secret_key) + { + if (!CMS_decrypt_set1_key(cms, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) + { + BIO_puts(bio_err, + "Error decrypting CMS using secret key\n"); + goto end; + } + } + + if (key) + { + if (!CMS_decrypt_set1_pkey(cms, key, recip)) + { + BIO_puts(bio_err, + "Error decrypting CMS using private key\n"); + goto end; + } + } + + if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) + { + BIO_printf(bio_err, "Error decrypting CMS structure\n"); + goto end; + } + } + else if (operation == SMIME_DATAOUT) + { + if (!CMS_data(cms, out, flags)) + goto end; + } + else if (operation == SMIME_UNCOMPRESS) + { + if (!CMS_uncompress(cms, indata, out, flags)) + goto end; + } + else if (operation == SMIME_DIGEST_VERIFY) + { + if (CMS_digest_verify(cms, indata, out, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + } + else if (operation == SMIME_ENCRYPTED_DECRYPT) + { + if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, + indata, out, flags)) + goto end; + } + else if (operation == SMIME_VERIFY) + { + if (CMS_verify(cms, other, store, indata, out, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + if (signerfile) + { + STACK_OF(X509) *signers; + signers = CMS_get0_signers(cms); + if (!save_certs(signerfile, signers)) + { + BIO_printf(bio_err, + "Error writing signers to %s\n", + signerfile); + ret = 5; + goto end; + } + sk_X509_free(signers); + } + if (rr_print) + receipt_request_print(bio_err, cms); + + } + else if (operation == SMIME_VERIFY_RECEIPT) + { + if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) + BIO_printf(bio_err, "Verification successful\n"); + else + { + BIO_printf(bio_err, "Verification failure\n"); + goto end; + } + } + else + { + if (outformat == FORMAT_SMIME) + { + if (to) + BIO_printf(out, "To: %s\n", to); + if (from) + BIO_printf(out, "From: %s\n", from); + if (subject) + BIO_printf(out, "Subject: %s\n", subject); + if (operation == SMIME_RESIGN) + ret = SMIME_write_CMS(out, cms, indata, flags); + else + ret = SMIME_write_CMS(out, cms, in, flags); + } + else if (outformat == FORMAT_PEM) + ret = PEM_write_bio_CMS(out, cms); + else if (outformat == FORMAT_ASN1) + ret = i2d_CMS_bio(out,cms); + else + { + BIO_printf(bio_err, "Bad output format for CMS file\n"); + goto end; + } + if (ret <= 0) + { + ret = 6; + goto end; + } + } + ret = 0; +end: + if (ret) + ERR_print_errors(bio_err); + if (need_rand) + app_RAND_write_file(NULL, bio_err); + sk_X509_pop_free(encerts, X509_free); + sk_X509_pop_free(other, X509_free); + if (vpm) + X509_VERIFY_PARAM_free(vpm); + if (sksigners) + sk_free(sksigners); + if (skkeys) + sk_free(skkeys); + if (secret_key) + OPENSSL_free(secret_key); + if (secret_keyid) + OPENSSL_free(secret_keyid); + if (econtent_type) + ASN1_OBJECT_free(econtent_type); + if (rr) + CMS_ReceiptRequest_free(rr); + if (rr_to) + sk_free(rr_to); + if (rr_from) + sk_free(rr_from); + X509_STORE_free(store); + X509_free(cert); + X509_free(recip); + X509_free(signer); + EVP_PKEY_free(key); + CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(rcms); + BIO_free(rctin); + BIO_free(in); + BIO_free(indata); + BIO_free_all(out); + if (passin) OPENSSL_free(passin); + return (ret); +} + +static int save_certs(char *signerfile, STACK_OF(X509) *signers) + { + int i; + BIO *tmp; + if (!signerfile) + return 1; + tmp = BIO_new_file(signerfile, "w"); + if (!tmp) return 0; + for(i = 0; i < sk_X509_num(signers); i++) + PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); + BIO_free(tmp); + return 1; + } + + +/* Minimal callback just to output policy info (if any) */ + +static int cms_cb(int ok, X509_STORE_CTX *ctx) + { + int error; + + error = X509_STORE_CTX_get_error(ctx); + + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) + && ((error != X509_V_OK) || (ok != 2))) + return ok; + + policies_print(NULL, ctx); + + return ok; + + } + +static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) + { + STACK_OF(GENERAL_NAME) *gens; + GENERAL_NAME *gen; + int i, j; + for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) + { + gens = sk_GENERAL_NAMES_value(gns, i); + for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) + { + gen = sk_GENERAL_NAME_value(gens, j); + BIO_puts(out, " "); + GENERAL_NAME_print(out, gen); + BIO_puts(out, "\n"); + } + } + return; + } + +static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) + { + STACK_OF(CMS_SignerInfo) *sis; + CMS_SignerInfo *si; + CMS_ReceiptRequest *rr; + int allorfirst; + STACK_OF(GENERAL_NAMES) *rto, *rlist; + ASN1_STRING *scid; + int i, rv; + sis = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) + { + si = sk_CMS_SignerInfo_value(sis, i); + rv = CMS_get1_ReceiptRequest(si, &rr); + BIO_printf(bio_err, "Signer %d:\n", i + 1); + if (rv == 0) + BIO_puts(bio_err, " No Receipt Request\n"); + else if (rv < 0) + { + BIO_puts(bio_err, " Receipt Request Parse Error\n"); + ERR_print_errors(bio_err); + } + else + { + char *id; + int idlen; + CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, + &rlist, &rto); + BIO_puts(out, " Signed Content ID:\n"); + idlen = ASN1_STRING_length(scid); + id = (char *)ASN1_STRING_data(scid); + BIO_dump_indent(out, id, idlen, 4); + BIO_puts(out, " Receipts From"); + if (rlist) + { + BIO_puts(out, " List:\n"); + gnames_stack_print(out, rlist); + } + else if (allorfirst == 1) + BIO_puts(out, ": First Tier\n"); + else if (allorfirst == 0) + BIO_puts(out, ": All\n"); + else + BIO_printf(out, " Unknown (%d)\n", allorfirst); + BIO_puts(out, " Receipts To:\n"); + gnames_stack_print(out, rto); + } + if (rr) + CMS_ReceiptRequest_free(rr); + } + } + +static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns) + { + int i; + STACK_OF(GENERAL_NAMES) *ret; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gen = NULL; + ret = sk_GENERAL_NAMES_new_null(); + if (!ret) + goto err; + for (i = 0; i < sk_num(ns); i++) + { + CONF_VALUE cnf; + cnf.name = "email"; + cnf.value = sk_value(ns, i); + gen = v2i_GENERAL_NAME(NULL, NULL, &cnf); + if (!gen) + goto err; + gens = GENERAL_NAMES_new(); + if (!gens) + goto err; + if (!sk_GENERAL_NAME_push(gens, gen)) + goto err; + gen = NULL; + if (!sk_GENERAL_NAMES_push(ret, gens)) + goto err; + gens = NULL; + } + + return ret; + + err: + if (ret) + sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); + if (gens) + GENERAL_NAMES_free(gens); + if (gen) + GENERAL_NAME_free(gen); + return NULL; + } + + +static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, + STACK *rr_from) + { + STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; + CMS_ReceiptRequest *rr; + rct_to = make_names_stack(rr_to); + if (!rct_to) + goto err; + if (rr_from) + { + rct_from = make_names_stack(rr_from); + if (!rct_from) + goto err; + } + else + rct_from = NULL; + rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, + rct_to); + return rr; + err: + return NULL; + } + +#endif diff --git a/apps/dgst.c b/apps/dgst.c index 09d093451938d..c5ecf93d1b0e1 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -190,6 +190,8 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -227,33 +229,38 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md4,LN_md4); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md2,LN_md2); #ifndef OPENSSL_NO_SHA - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha,LN_sha); #ifndef OPENSSL_NO_SHA256 - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha224,LN_sha224); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha256,LN_sha256); #endif #ifndef OPENSSL_NO_SHA512 - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha384,LN_sha384); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha512,LN_sha512); #endif #endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_ripemd160,LN_ripemd160); err=1; goto end; diff --git a/apps/dsa.c b/apps/dsa.c index d503031ec3852..7518a2fe964a6 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -87,6 +87,7 @@ * -camellia128 - encrypt output if PEM format * -camellia192 - encrypt output if PEM format * -camellia256 - encrypt output if PEM format + * -seed - encrypt output if PEM format * -text - print a text version * -modulus - print the DSA public key */ @@ -218,6 +219,9 @@ bad: #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); +#endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); @@ -236,37 +240,27 @@ bad: goto end; } - in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) + if (out == NULL) { ERR_print_errors(bio_err); goto end; } - if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - goto end; - } - } - BIO_printf(bio_err,"read DSA key\n"); - if (informat == FORMAT_ASN1) { - if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL); - else dsa=d2i_DSAPrivateKey_bio(in,NULL); - } else if (informat == FORMAT_PEM) { - if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); - else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin); - } else - { - BIO_printf(bio_err,"bad input format specified for key\n"); - goto end; - } + { + EVP_PKEY *pkey; + if (pubin) + pkey = load_pubkey(bio_err, infile, informat, 1, + passin, e, "Public Key"); + else + pkey = load_key(bio_err, infile, informat, 1, + passin, e, "Private Key"); + + if (pkey != NULL) + dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_free(pkey); + } if (dsa == NULL) { BIO_printf(bio_err,"unable to load Key\n"); diff --git a/apps/ec.c b/apps/ec.c index c63437fe2acd5..771e15f3577c1 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -244,7 +244,7 @@ bad: " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " "encoding\n"); - BIO_printf(bio_err, " possilbe values:" + BIO_printf(bio_err, " possible values:" " named_curve (default)\n"); BIO_printf(bio_err," " "explicit\n"); diff --git a/apps/gendsa.c b/apps/gendsa.c index 936a42b810fc2..8a296c66e570c 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -140,6 +140,10 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif +#ifndef OPENSSL_NO_SEED + else if (strcmp(*argv,"-seed") == 0) + enc=EVP_seed_cbc(); +#endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); @@ -178,6 +182,10 @@ bad: #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed\n"); + BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); +#endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); diff --git a/apps/genrsa.c b/apps/genrsa.c index d716a3cde3534..1599bb7a69d64 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -160,6 +160,10 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif +#ifndef OPENSSL_NO_SEED + else if (strcmp(*argv,"-seed") == 0) + enc=EVP_seed_cbc(); +#endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); @@ -195,6 +199,10 @@ bad: #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed\n"); + BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); +#endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); diff --git a/apps/ocsp.c b/apps/ocsp.c index 3ee6dfb5ed333..1001f3b25ded6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -56,15 +56,14 @@ * */ #ifndef OPENSSL_NO_OCSP - +#define USE_SOCKETS #include +#include #include -#include "apps.h" -#include -#include -#include +#include "apps.h" /* needs to be included before the openssl headers! */ +#include #include -#include +#include /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -86,6 +85,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); +static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + OCSP_REQUEST *req, int req_timeout); #undef PROG #define PROG ocsp_main @@ -112,11 +113,11 @@ int MAIN(int argc, char **argv) BIO *acbio = NULL, *cbio = NULL; BIO *derbio = NULL; BIO *out = NULL; + int req_timeout = -1; int req_text = 0, resp_text = 0; long nsec = MAX_VALIDITY_PERIOD, maxage = -1; char *CAfile = NULL, *CApath = NULL; X509_STORE *store = NULL; - SSL_CTX *ctx = NULL; STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; @@ -154,6 +155,22 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-timeout")) + { + if (args[1]) + { + args++; + req_timeout = atol(*args); + if (req_timeout < 0) + { + BIO_printf(bio_err, + "Illegal timeout value %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } else if (!strcmp(*args, "-url")) { if (args[1]) @@ -703,52 +720,14 @@ int MAIN(int argc, char **argv) else if (host) { #ifndef OPENSSL_NO_SOCK - cbio = BIO_new_connect(host); + resp = process_responder(bio_err, req, host, path, + port, use_ssl, req_timeout); + if (!resp) + goto end; #else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; #endif - if (!cbio) - { - BIO_printf(bio_err, "Error creating connect BIO\n"); - goto end; - } - if (port) BIO_set_conn_port(cbio, port); - if (use_ssl == 1) - { - BIO *sbio; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv23_client_method()); -#elif !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv3_client_method()); -#elif !defined(OPENSSL_NO_SSL2) - ctx = SSL_CTX_new(SSLv2_client_method()); -#else - BIO_printf(bio_err, "SSL is disabled\n"); - goto end; -#endif - if (ctx == NULL) - { - BIO_printf(bio_err, "Error creating SSL context.\n"); - goto end; - } - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); - sbio = BIO_new_ssl(ctx, 1); - cbio = BIO_push(sbio, cbio); - } - if (BIO_do_connect(cbio) <= 0) - { - BIO_printf(bio_err, "Error connecting BIO\n"); - goto end; - } - resp = OCSP_sendreq_bio(cbio, path, req); - BIO_free_all(cbio); - cbio = NULL; - if (!resp) - { - BIO_printf(bio_err, "Error querying OCSP responsder\n"); - goto end; - } } else if (respin) { @@ -897,7 +876,6 @@ end: OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); - SSL_CTX_free(ctx); } OPENSSL_EXIT(ret); @@ -1121,6 +1099,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) char *itmp, *row[DB_NUMBER],**rrow; for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; bn = ASN1_INTEGER_to_BN(ser,NULL); + OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ if (BN_is_zero(bn)) itmp = BUF_strdup("00"); else @@ -1227,8 +1206,141 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 0; BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); i2d_OCSP_RESPONSE_bio(cbio, resp); - BIO_flush(cbio); + (void)BIO_flush(cbio); return 1; } +static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + OCSP_REQUEST *req, int req_timeout) + { + int fd; + int rv; + OCSP_REQ_CTX *ctx = NULL; + OCSP_RESPONSE *rsp = NULL; + fd_set confds; + struct timeval tv; + + if (req_timeout != -1) + BIO_set_nbio(cbio, 1); + + rv = BIO_do_connect(cbio); + + if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) + { + BIO_puts(err, "Error connecting BIO\n"); + return NULL; + } + + if (req_timeout == -1) + return OCSP_sendreq_bio(cbio, path, req); + + if (BIO_get_fd(cbio, &fd) <= 0) + { + BIO_puts(err, "Can't get connection fd\n"); + goto err; + } + + if (rv <= 0) + { + FD_ZERO(&confds); + openssl_fdset(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = req_timeout; + rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); + if (rv == 0) + { + BIO_puts(err, "Timeout on connect\n"); + return NULL; + } + } + + + ctx = OCSP_sendreq_new(cbio, path, req, -1); + if (!ctx) + return NULL; + + for (;;) + { + rv = OCSP_sendreq_nbio(&rsp, ctx); + if (rv != -1) + break; + FD_ZERO(&confds); + openssl_fdset(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = req_timeout; + if (BIO_should_read(cbio)) + rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); + else if (BIO_should_write(cbio)) + rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); + else + { + BIO_puts(err, "Unexpected retry condition\n"); + goto err; + } + if (rv == 0) + { + BIO_puts(err, "Timeout on request\n"); + break; + } + if (rv == -1) + { + BIO_puts(err, "Select error\n"); + break; + } + + } + err: + if (ctx) + OCSP_REQ_CTX_free(ctx); + + return rsp; + } + +OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, + char *host, char *path, char *port, int use_ssl, + int req_timeout) + { + BIO *cbio = NULL; + SSL_CTX *ctx = NULL; + OCSP_RESPONSE *resp = NULL; + cbio = BIO_new_connect(host); + if (!cbio) + { + BIO_printf(err, "Error creating connect BIO\n"); + goto end; + } + if (port) BIO_set_conn_port(cbio, port); + if (use_ssl == 1) + { + BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(err, "SSL is disabled\n"); + goto end; +#endif + if (ctx == NULL) + { + BIO_printf(err, "Error creating SSL context.\n"); + goto end; + } + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + sbio = BIO_new_ssl(ctx, 1); + cbio = BIO_push(sbio, cbio); + } + resp = query_responder(err, cbio, path, req, req_timeout); + if (!resp) + BIO_printf(bio_err, "Error querying OCSP responsder\n"); + end: + if (ctx) + SSL_CTX_free(ctx); + if (cbio) + BIO_free_all(cbio); + return resp; + } + #endif diff --git a/apps/openssl.c b/apps/openssl.c index 47aee5b712622..ec25f990febb4 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -273,9 +273,21 @@ int main(int Argc, char *Argv[]) i=NCONF_load(config,p,&errline); if (i == 0) { - NCONF_free(config); - config = NULL; - ERR_clear_error(); + if (ERR_GET_REASON(ERR_peek_last_error()) + == CONF_R_NO_SUCH_FILE) + { + BIO_printf(bio_err, + "WARNING: can't open config file: %s\n",p); + ERR_clear_error(); + NCONF_free(config); + config = NULL; + } + else + { + ERR_print_errors(bio_err); + NCONF_free(config); + exit(1); + } } prog=prog_init(); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d5873e93d498e..268390ebe8d8b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -100,6 +100,7 @@ int MAIN(int argc, char **argv) char **args; char *name = NULL; char *csp_name = NULL; + int add_lmk = 0; PKCS12 *p12 = NULL; char pass[50], macpass[50]; int export_cert = 0; @@ -153,10 +154,13 @@ int MAIN(int argc, char **argv) cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; else if (!strcmp (*args, "-export")) export_cert = 1; else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); + else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); #ifndef OPENSSL_NO_IDEA else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); #endif - else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); +#ifndef OPENSSL_NO_SEED + else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); +#endif #ifndef OPENSSL_NO_AES else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); @@ -221,7 +225,9 @@ int MAIN(int argc, char **argv) args++; name = *args; } else badarg = 1; - } else if (!strcmp (*args, "-CSP")) { + } else if (!strcmp (*args, "-LMK")) + add_lmk = 1; + else if (!strcmp (*args, "-CSP")) { if (args[1]) { args++; csp_name = *args; @@ -306,6 +312,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf (bio_err, "-seed encrypt private keys with seed\n"); +#endif #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); @@ -332,6 +341,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); + BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); + BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); goto end; } @@ -471,7 +482,7 @@ int MAIN(int argc, char **argv) X509_keyid_set1(ucert, NULL, 0); X509_alias_set1(ucert, NULL, 0); /* Remove from list */ - sk_X509_delete(certs, i); + (void)sk_X509_delete(certs, i); break; } } @@ -556,7 +567,9 @@ int MAIN(int argc, char **argv) if (csp_name && key) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *)csp_name, -1); - + + if (add_lmk && key) + EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff --git a/apps/progs.h b/apps/progs.h index 011974b216e00..aafd800bdfb46 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -28,6 +28,7 @@ extern int speed_main(int argc,char *argv[]); extern int s_time_main(int argc,char *argv[]); extern int version_main(int argc,char *argv[]); extern int pkcs7_main(int argc,char *argv[]); +extern int cms_main(int argc,char *argv[]); extern int crl2pkcs7_main(int argc,char *argv[]); extern int sess_id_main(int argc,char *argv[]); extern int ciphers_main(int argc,char *argv[]); @@ -109,6 +110,9 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"version",version_main}, {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, +#ifndef OPENSSL_NO_CMS + {FUNC_TYPE_GENERAL,"cms",cms_main}, +#endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) @@ -197,6 +201,9 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea",enc_main}, #endif +#ifndef OPENSSL_NO_SEED + {FUNC_TYPE_CIPHER,"seed",enc_main}, +#endif #ifndef OPENSSL_NO_RC4 {FUNC_TYPE_CIPHER,"rc4",enc_main}, #endif @@ -263,6 +270,18 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, #endif +#ifndef OPENSSL_NO_SEED + {FUNC_TYPE_CIPHER,"seed-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_SEED + {FUNC_TYPE_CIPHER,"seed-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_SEED + {FUNC_TYPE_CIPHER,"seed-cfb",enc_main}, +#endif +#ifndef OPENSSL_NO_SEED + {FUNC_TYPE_CIPHER,"seed-ofb",enc_main}, +#endif #ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 7b1de74bef8d6..645432cfcc233 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -43,6 +43,8 @@ foreach (@ARGV) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } + elsif ( ($_ =~ /^cms$/)) + { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } else { print $str; } } @@ -61,13 +63,14 @@ foreach ( "camellia-192-cbc", "camellia-192-ecb", "camellia-256-cbc", "camellia-256-ecb", "base64", - "des", "des3", "desx", "idea", "rc4", "rc4-40", + "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", "rc2", "bf", "cast", "rc5", "des-ecb", "des-ede", "des-ede3", "des-cbc", "des-ede-cbc","des-ede3-cbc", "des-cfb", "des-ede-cfb","des-ede3-cfb", "des-ofb", "des-ede-ofb","des-ede3-ofb", - "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", @@ -80,6 +83,7 @@ foreach ( elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; } elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } diff --git a/apps/rand.c b/apps/rand.c index a893896033a8c..c3b26c466d9e9 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -213,7 +213,7 @@ int MAIN(int argc, char **argv) BIO_write(out, buf, chunk); num -= chunk; } - BIO_flush(out); + (void)BIO_flush(out); app_RAND_write_file(NULL, bio_err); ret = 0; diff --git a/apps/req.c b/apps/req.c index f58e65ec852f9..5ed08960c1dcf 100644 --- a/apps/req.c +++ b/apps/req.c @@ -719,8 +719,7 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || - EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) + else { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) diff --git a/apps/rsa.c b/apps/rsa.c index cf09a190cab36..930f1f038aba9 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -81,6 +81,7 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -seed - encrypt output if PEM format * -aes128 - encrypt output if PEM format * -aes192 - encrypt output if PEM format * -aes256 - encrypt output if PEM format @@ -211,6 +212,9 @@ bad: #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); +#endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 463890950e1f3..f3c458ed2751d 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -119,24 +119,36 @@ int MAIN(int argc, char **argv) while(argc >= 1) { if (!strcmp(*argv,"-in")) { - if (--argc < 1) badarg = 1; - infile= *(++argv); + if (--argc < 1) + badarg = 1; + else + infile= *(++argv); } else if (!strcmp(*argv,"-out")) { - if (--argc < 1) badarg = 1; - outfile= *(++argv); + if (--argc < 1) + badarg = 1; + else + outfile= *(++argv); } else if(!strcmp(*argv, "-inkey")) { - if (--argc < 1) badarg = 1; - keyfile = *(++argv); + if (--argc < 1) + badarg = 1; + else + keyfile = *(++argv); } else if (!strcmp(*argv,"-passin")) { - if (--argc < 1) badarg = 1; - passargin= *(++argv); + if (--argc < 1) + badarg = 1; + else + passargin= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { - if (--argc < 1) badarg = 1; - keyform=str2fmt(*(++argv)); + if (--argc < 1) + badarg = 1; + else + keyform=str2fmt(*(++argv)); #ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { - if (--argc < 1) badarg = 1; - engine = *(++argv); + if (--argc < 1) + badarg = 1; + else + engine = *(++argv); #endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; diff --git a/apps/s_apps.h b/apps/s_apps.h index 886a95a2b8ceb..08fbbc2229640 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -167,4 +167,7 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, #ifdef HEADER_SSL_H void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); +void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, + unsigned char *data, int len, + void *arg); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 9a35d46adc286..a512589e8c87d 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -573,5 +573,64 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * BIO_printf(bio, " ..."); BIO_printf(bio, "\n"); } - BIO_flush(bio); + (void)BIO_flush(bio); + } + +void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, + unsigned char *data, int len, + void *arg) + { + BIO *bio = arg; + char *extname; + + switch(type) + { + case TLSEXT_TYPE_server_name: + extname = "server name"; + break; + + case TLSEXT_TYPE_max_fragment_length: + extname = "max fragment length"; + break; + + case TLSEXT_TYPE_client_certificate_url: + extname = "client certificate URL"; + break; + + case TLSEXT_TYPE_trusted_ca_keys: + extname = "trusted CA keys"; + break; + + case TLSEXT_TYPE_truncated_hmac: + extname = "truncated HMAC"; + break; + + case TLSEXT_TYPE_status_request: + extname = "status request"; + break; + + case TLSEXT_TYPE_elliptic_curves: + extname = "elliptic curves"; + break; + + case TLSEXT_TYPE_ec_point_formats: + extname = "EC point formats"; + break; + + case TLSEXT_TYPE_session_ticket: + extname = "server ticket"; + break; + + + default: + extname = "unknown"; + break; + + } + + BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", + client_server ? "server": "client", + extname, type, len); + BIO_dump(bio, (char *)data, len); + (void)BIO_flush(bio); } diff --git a/apps/s_client.c b/apps/s_client.c index 3f302c5f140dc..60a8d13df1987 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -134,6 +134,7 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" #include "timeouts.h" @@ -171,11 +172,18 @@ static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; +#ifndef OPENSSL_NO_TLSEXT +static int c_tlsextdebug=0; +static int c_status_req=0; +#endif static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); +#ifndef OPENSSL_NO_TLSEXT +static int ocsp_resp_cb(SSL *s, void *arg); +#endif static BIO *bio_c_out=NULL; static int c_quiet=0; static int c_ign_eof=0; @@ -231,9 +239,37 @@ static void sc_usage(void) BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - + BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); + BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); +#ifndef OPENSSL_NO_TLSEXT + BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -status - request certificate status from server\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); +#endif } +#ifndef OPENSSL_NO_TLSEXT + +/* This is a context that we pass to callbacks */ +typedef struct tlsextctx_st { + BIO * biodebug; + int ack; +} tlsextctx; + + +static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) + { + tlsextctx * p = (tlsextctx *) arg; + const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (SSL_get_servername_type(s) != -1) + p->ack = !SSL_session_reused(s) && hn != NULL; + else + BIO_printf(bio_err,"Can't use SSL_get_servername\n"); + + return SSL_TLSEXT_ERR_OK; + } +#endif enum { PROTO_OFF = 0, @@ -281,12 +317,20 @@ int MAIN(int argc, char **argv) int mbuf_len=0; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; - ENGINE *e=NULL; + char *ssl_client_engine_id=NULL; + ENGINE *e=NULL, *ssl_client_engine=NULL; #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif +#ifndef OPENSSL_NO_TLSEXT + char *servername = NULL; + tlsextctx tlsextcbp = + {NULL,0}; +#endif + char *sess_in = NULL; + char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); int enable_timeouts = 0 ; @@ -361,6 +405,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-sess_out") == 0) + { + if (--argc < 1) goto bad; + sess_out = *(++argv); + } + else if (strcmp(*argv,"-sess_in") == 0) + { + if (--argc < 1) goto bad; + sess_in = *(++argv); + } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; @@ -385,6 +439,12 @@ int MAIN(int argc, char **argv) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-tlsextdebug") == 0) + c_tlsextdebug=1; + else if (strcmp(*argv,"-status") == 0) + c_status_req=1; +#endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) dbug_init(); @@ -460,6 +520,10 @@ int MAIN(int argc, char **argv) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-no_ticket") == 0) + { off|=SSL_OP_NO_TICKET; } +#endif else if (strcmp(*argv,"-serverpref") == 0) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-cipher") == 0) @@ -492,12 +556,25 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine_id = *(++argv); } + else if (strcmp(*argv,"-ssl_client_engine") == 0) + { + if (--argc < 1) goto bad; + ssl_client_engine_id = *(++argv); + } #endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-servername") == 0) + { + if (--argc < 1) goto bad; + servername= *(++argv); + /* meth=TLSv1_client_method(); */ + } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -519,6 +596,16 @@ bad: #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) + { + ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); + if (!ssl_client_engine) + { + BIO_printf(bio_err, + "Error getting client auth engine\n"); + goto end; + } + } #endif if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { @@ -586,6 +673,20 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE + if (ssl_client_engine) + { + if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) + { + BIO_puts(bio_err, "Error setting client auth engine\n"); + ERR_print_errors(bio_err); + ENGINE_free(ssl_client_engine); + goto end; + } + ENGINE_free(ssl_client_engine); + } +#endif + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else @@ -621,8 +722,51 @@ bad: store = SSL_CTX_get_cert_store(ctx); X509_STORE_set_flags(store, vflags); +#ifndef OPENSSL_NO_TLSEXT + if (servername != NULL) + { + tlsextcbp.biodebug = bio_err; + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); + SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); + } +#endif con=SSL_new(ctx); + if (sess_in) + { + SSL_SESSION *sess; + BIO *stmp = BIO_new_file(sess_in, "r"); + if (!stmp) + { + BIO_printf(bio_err, "Can't open session file %s\n", + sess_in); + ERR_print_errors(bio_err); + goto end; + } + sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); + BIO_free(stmp); + if (!sess) + { + BIO_printf(bio_err, "Can't open session file %s\n", + sess_in); + ERR_print_errors(bio_err); + goto end; + } + SSL_set_session(con, sess); + SSL_SESSION_free(sess); + } +#ifndef OPENSSL_NO_TLSEXT + if (servername != NULL) + { + if (!SSL_set_tlsext_host_name(con,servername)) + { + BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); + ERR_print_errors(bio_err); + goto end; + } + } +#endif + #ifndef OPENSSL_NO_KRB5 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) { @@ -668,7 +812,7 @@ re_start: goto end; } - BIO_ctrl_set_connected(sbio, 1, &peer); + (void)BIO_ctrl_set_connected(sbio, 1, &peer); if ( enable_timeouts) { @@ -714,6 +858,30 @@ re_start: SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_out); } +#ifndef OPENSSL_NO_TLSEXT + if (c_tlsextdebug) + { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_c_out); + } + if (c_status_req) + { + SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); + SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); + SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); +#if 0 +{ +STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); +OCSP_RESPID *id = OCSP_RESPID_new(); +id->value.byKey = ASN1_OCTET_STRING_new(); +id->type = V_OCSP_RESPID_KEY; +ASN1_STRING_set(id->value.byKey, "Hello World", -1); +sk_OCSP_RESPID_push(ids, id); +SSL_set_tlsext_status_ids(con, ids); +} +#endif + } +#endif SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); @@ -752,7 +920,7 @@ re_start: while (mbuf_len>3 && mbuf[3]=='-'); /* STARTTLS command requires EHLO... */ BIO_printf(fbio,"EHLO openssl.client.net\r\n"); - BIO_flush(fbio); + (void)BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ do { @@ -761,7 +929,7 @@ re_start: foundit=1; } while (mbuf_len>3 && mbuf[3]=='-'); - BIO_flush(fbio); + (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) @@ -785,7 +953,7 @@ re_start: BIO_gets(fbio,mbuf,BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ BIO_printf(fbio,". CAPABILITY\r\n"); - BIO_flush(fbio); + (void)BIO_flush(fbio); /* wait for multi-line CAPABILITY response */ do { @@ -794,7 +962,7 @@ re_start: foundit=1; } while (mbuf_len>3 && mbuf[0]!='.'); - BIO_flush(fbio); + (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) @@ -814,7 +982,7 @@ re_start: mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); } while (mbuf_len>3 && mbuf[3]=='-'); - BIO_flush(fbio); + (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); BIO_printf(sbio,"AUTH TLS\r\n"); @@ -837,6 +1005,17 @@ re_start: if (in_init) { in_init=0; + if (sess_out) + { + BIO *stmp = BIO_new_file(sess_out, "w"); + if (stmp) + { + PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); + BIO_free(stmp); + } + else + BIO_printf(bio_err, "Error writing session file %s\n", sess_out); + } print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; @@ -1303,6 +1482,34 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (peer != NULL) X509_free(peer); /* flush, or debugging output gets mixed with http response */ - BIO_flush(bio); + (void)BIO_flush(bio); } +#ifndef OPENSSL_NO_TLSEXT + +static int ocsp_resp_cb(SSL *s, void *arg) + { + const unsigned char *p; + int len; + OCSP_RESPONSE *rsp; + len = SSL_get_tlsext_status_ocsp_resp(s, &p); + BIO_puts(arg, "OCSP response: "); + if (!p) + { + BIO_puts(arg, "no response sent\n"); + return 1; + } + rsp = d2i_OCSP_RESPONSE(NULL, &p, len); + if (!rsp) + { + BIO_puts(arg, "response parse error\n"); + BIO_dump_indent(arg, (char *)p, len, 4); + return 0; + } + BIO_puts(arg, "\n======================================\n"); + OCSP_RESPONSE_print(arg, rsp, 0); + BIO_puts(arg, "======================================\n"); + OCSP_RESPONSE_free(rsp); + return 1; + } +#endif /* ndef OPENSSL_NO_TLSEXT */ diff --git a/apps/s_server.c b/apps/s_server.c index 6c433e63fd647..7919c437c6456 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -153,6 +153,7 @@ typedef unsigned int u_int; #include #include #include +#include #ifndef OPENSSL_NO_DH #include #endif @@ -238,6 +239,9 @@ static int bufsize=BUFSIZZ; static int accept_socket= -1; #define TEST_CERT "server.pem" +#ifndef OPENSSL_NO_TLSEXT +#define TEST_CERT2 "server2.pem" +#endif #undef PROG #define PROG s_server_main @@ -247,6 +251,9 @@ static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; +#ifndef OPENSSL_NO_TLSEXT +static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; +#endif static char *s_dcert_file=NULL,*s_dkey_file=NULL; #ifdef FIONBIO static int s_nbio=0; @@ -254,10 +261,18 @@ static int s_nbio=0; static int s_nbio_test=0; int s_crlf=0; static SSL_CTX *ctx=NULL; +#ifndef OPENSSL_NO_TLSEXT +static SSL_CTX *ctx2=NULL; +#endif static int www=0; static BIO *bio_s_out=NULL; static int s_debug=0; +#ifndef OPENSSL_NO_TLSEXT +static int s_tlsextdebug=0; +static int s_tlsextstatus=0; +static int cert_status_cb(SSL *s, void *arg); +#endif static int s_msg=0; static int s_quiet=0; @@ -285,6 +300,11 @@ static void s_server_init(void) s_dkey_file=NULL; s_cert_file=TEST_CERT; s_key_file=NULL; +#ifndef OPENSSL_NO_TLSEXT + s_cert_file2=TEST_CERT2; + s_key_file2=NULL; + ctx2=NULL; +#endif #ifdef FIONBIO s_nbio=0; #endif @@ -313,6 +333,11 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); @@ -371,6 +396,16 @@ static void sv_usage(void) #endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); +#ifndef OPENSSL_NO_TLSEXT + BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); + BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); + BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); + BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); + BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); +#endif } static int local_argc=0; @@ -526,6 +561,185 @@ static int ebcdic_puts(BIO *bp, const char *str) } #endif +#ifndef OPENSSL_NO_TLSEXT + +/* This is a context that we pass to callbacks */ +typedef struct tlsextctx_st { + char * servername; + BIO * biodebug; + int extension_error; +} tlsextctx; + + +static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) + { + tlsextctx * p = (tlsextctx *) arg; + const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (servername && p->biodebug) + BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); + + if (!p->servername) + return SSL_TLSEXT_ERR_NOACK; + + if (servername) + { + if (strcmp(servername,p->servername)) + return p->extension_error; + if (ctx2) + { + BIO_printf(p->biodebug,"Swiching server context.\n"); + SSL_set_SSL_CTX(s,ctx2); + } + } + return SSL_TLSEXT_ERR_OK; +} + +/* Structure passed to cert status callback */ + +typedef struct tlsextstatusctx_st { + /* Default responder to use */ + char *host, *path, *port; + int use_ssl; + int timeout; + BIO *err; + int verbose; +} tlsextstatusctx; + +static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; + +/* Certificate Status callback. This is called when a client includes a + * certificate status request extension. + * + * This is a simplified version. It examines certificates each time and + * makes one OCSP responder query for each request. + * + * A full version would store details such as the OCSP certificate IDs and + * minimise the number of OCSP responses by caching them until they were + * considered "expired". + */ + +static int cert_status_cb(SSL *s, void *arg) + { + tlsextstatusctx *srctx = arg; + BIO *err = srctx->err; + char *host, *port, *path; + int use_ssl; + unsigned char *rspder = NULL; + int rspderlen; + STACK *aia = NULL; + X509 *x = NULL; + X509_STORE_CTX inctx; + X509_OBJECT obj; + OCSP_REQUEST *req = NULL; + OCSP_RESPONSE *resp = NULL; + OCSP_CERTID *id = NULL; + STACK_OF(X509_EXTENSION) *exts; + int ret = SSL_TLSEXT_ERR_NOACK; + int i; +#if 0 +STACK_OF(OCSP_RESPID) *ids; +SSL_get_tlsext_status_ids(s, &ids); +BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); +#endif + if (srctx->verbose) + BIO_puts(err, "cert_status: callback called\n"); + /* Build up OCSP query from server certificate */ + x = SSL_get_certificate(s); + aia = X509_get1_ocsp(x); + if (aia) + { + if (!OCSP_parse_url(sk_value(aia, 0), + &host, &port, &path, &use_ssl)) + { + BIO_puts(err, "cert_status: can't parse AIA URL\n"); + goto err; + } + if (srctx->verbose) + BIO_printf(err, "cert_status: AIA URL: %s\n", + sk_value(aia, 0)); + } + else + { + if (!srctx->host) + { + BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); + goto done; + } + host = srctx->host; + path = srctx->path; + port = srctx->port; + use_ssl = srctx->use_ssl; + } + + if (!X509_STORE_CTX_init(&inctx, + SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), + NULL, NULL)) + goto err; + if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, + X509_get_issuer_name(x),&obj) <= 0) + { + BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); + X509_STORE_CTX_cleanup(&inctx); + goto done; + } + req = OCSP_REQUEST_new(); + if (!req) + goto err; + id = OCSP_cert_to_id(NULL, x, obj.data.x509); + X509_free(obj.data.x509); + X509_STORE_CTX_cleanup(&inctx); + if (!id) + goto err; + if (!OCSP_request_add0_id(req, id)) + goto err; + id = NULL; + /* Add any extensions to the request */ + SSL_get_tlsext_status_exts(s, &exts); + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) + { + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + if (!OCSP_REQUEST_add_ext(req, ext, -1)) + goto err; + } + resp = process_responder(err, req, host, path, port, use_ssl, + srctx->timeout); + if (!resp) + { + BIO_puts(err, "cert_status: error querying responder\n"); + goto done; + } + rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); + if (rspderlen <= 0) + goto err; + SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); + if (srctx->verbose) + { + BIO_puts(err, "cert_status: ocsp response sent:\n"); + OCSP_RESPONSE_print(err, resp, 2); + } + ret = SSL_TLSEXT_ERR_OK; + done: + if (ret != SSL_TLSEXT_ERR_OK) + ERR_print_errors(err); + if (aia) + { + OPENSSL_free(host); + OPENSSL_free(path); + OPENSSL_free(port); + X509_email_free(aia); + } + if (id) + OCSP_CERTID_free(id); + if (req) + OCSP_REQUEST_free(req); + if (resp) + OCSP_RESPONSE_free(resp); + return ret; + err: + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + goto done; + } +#endif int MAIN(int, char **); int MAIN(int argc, char *argv[]) @@ -545,10 +759,7 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; -#ifdef sock_type -#undef sock_type -#endif - int sock_type=SOCK_STREAM; + int socket_type=SOCK_STREAM; #ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; #endif @@ -559,6 +770,14 @@ int MAIN(int argc, char *argv[]) int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; X509 *s_cert = NULL, *s_dcert = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; +#ifndef OPENSSL_NO_TLSEXT + EVP_PKEY *s_key2 = NULL; + X509 *s_cert2 = NULL; +#endif + +#ifndef OPENSSL_NO_TLSEXT + tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; +#endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); @@ -695,7 +914,7 @@ int MAIN(int argc, char *argv[]) { vflags |= X509_V_FLAG_CRL_CHECK; } - else if (strcmp(*argv,"-crl_check") == 0) + else if (strcmp(*argv,"-crl_check_all") == 0) { vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; } @@ -724,6 +943,37 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv,"-debug") == 0) { s_debug=1; } +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-tlsextdebug") == 0) + s_tlsextdebug=1; + else if (strcmp(*argv,"-status") == 0) + s_tlsextstatus=1; + else if (strcmp(*argv,"-status_verbose") == 0) + { + s_tlsextstatus=1; + tlscstatp.verbose = 1; + } + else if (!strcmp(*argv, "-status_timeout")) + { + s_tlsextstatus=1; + if (--argc < 1) goto bad; + tlscstatp.timeout = atoi(*(++argv)); + } + else if (!strcmp(*argv, "-status_url")) + { + s_tlsextstatus=1; + if (--argc < 1) goto bad; + if (!OCSP_parse_url(*(++argv), + &tlscstatp.host, + &tlscstatp.port, + &tlscstatp.path, + &tlscstatp.use_ssl)) + { + BIO_printf(bio_err, "Error parsing URL\n"); + goto bad; + } + } +#endif else if (strcmp(*argv,"-msg") == 0) { s_msg=1; } else if (strcmp(*argv,"-hack") == 0) @@ -754,6 +1004,10 @@ int MAIN(int argc, char *argv[]) { off|=SSL_OP_NO_SSLv3; } else if (strcmp(*argv,"-no_tls1") == 0) { off|=SSL_OP_NO_TLSv1; } +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-no_ticket") == 0) + { off|=SSL_OP_NO_TICKET; } +#endif #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) { meth=SSLv2_server_method(); } @@ -770,7 +1024,7 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-dtls1") == 0) { meth=DTLSv1_server_method(); - sock_type = SOCK_DGRAM; + socket_type = SOCK_DGRAM; } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts = 1; @@ -799,6 +1053,25 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; inrand= *(++argv); } +#ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-servername") == 0) + { + if (--argc < 1) goto bad; + tlsextcbp.servername= *(++argv); + } + else if (strcmp(*argv,"-servername_fatal") == 0) + { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } + else if (strcmp(*argv,"-cert2") == 0) + { + if (--argc < 1) goto bad; + s_cert_file2= *(++argv); + } + else if (strcmp(*argv,"-key2") == 0) + { + if (--argc < 1) goto bad; + s_key_file2= *(++argv); + } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -831,6 +1104,10 @@ bad: if (s_key_file == NULL) s_key_file = s_cert_file; +#ifndef OPENSSL_NO_TLSEXT + if (s_key_file2 == NULL) + s_key_file2 = s_cert_file2; +#endif if (nocert == 0) { @@ -850,8 +1127,29 @@ bad: ERR_print_errors(bio_err); goto end; } - } +#ifndef OPENSSL_NO_TLSEXT + if (tlsextcbp.servername) + { + s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, + "second server certificate private key file"); + if (!s_key2) + { + ERR_print_errors(bio_err); + goto end; + } + + s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, + NULL, e, "second server certificate file"); + + if (!s_cert2) + { + ERR_print_errors(bio_err); + goto end; + } + } +#endif + } if (s_dcert_file) { @@ -908,6 +1206,10 @@ bad: s_key_file=NULL; s_dcert_file=NULL; s_dkey_file=NULL; +#ifndef OPENSSL_NO_TLSEXT + s_cert_file2=NULL; + s_key_file2=NULL; +#endif } ctx=SSL_CTX_new(meth); @@ -939,7 +1241,7 @@ bad: /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ - if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); + if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); @@ -966,6 +1268,62 @@ bad: } store = SSL_CTX_get_cert_store(ctx); X509_STORE_set_flags(store, vflags); +#ifndef OPENSSL_NO_TLSEXT + if (s_cert2) + { + ctx2=SSL_CTX_new(meth); + if (ctx2 == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (ctx2) + { + BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); + + if (session_id_prefix) + { + if(strlen(session_id_prefix) >= 32) + BIO_printf(bio_err, + "warning: id_prefix is too long, only one new session will be possible\n"); + else if(strlen(session_id_prefix) >= 16) + BIO_printf(bio_err, + "warning: id_prefix is too long if you use SSLv2\n"); + if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) + { + BIO_printf(bio_err,"error setting 'id_prefix'\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); + } + SSL_CTX_set_quiet_shutdown(ctx2,1); + if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); + if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + SSL_CTX_set_options(ctx2,off); + + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ + if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); + + + if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); + + SSL_CTX_sess_set_cache_size(ctx2,128); + + if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx2))) + { + ERR_print_errors(bio_err); + } + store = SSL_CTX_get_cert_store(ctx2); + X509_STORE_set_flags(store, vflags); + } +#endif + #ifndef OPENSSL_NO_DH if (!no_dhe) @@ -989,6 +1347,24 @@ bad: (void)BIO_flush(bio_s_out); SSL_CTX_set_tmp_dh(ctx,dh); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + { + if (!dhfile) + { + DH *dh2=load_dh_param(s_cert_file2); + if (dh2 != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + (void)BIO_flush(bio_s_out); + + DH_free(dh); + dh = dh2; + } + } + SSL_CTX_set_tmp_dh(ctx2,dh); + } +#endif DH_free(dh); } #endif @@ -1034,12 +1410,20 @@ bad: (void)BIO_flush(bio_s_out); SSL_CTX_set_tmp_ecdh(ctx,ecdh); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + SSL_CTX_set_tmp_ecdh(ctx2,ecdh); +#endif EC_KEY_free(ecdh); } #endif if (!set_cert_key_stuff(ctx,s_cert,s_key)) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) + goto end; +#endif if (s_dcert != NULL) { if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) @@ -1049,7 +1433,13 @@ bad: #ifndef OPENSSL_NO_RSA #if 1 if (!no_tmp_rsa) + { SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); +#endif + } #else if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) { @@ -1065,6 +1455,16 @@ bad: ERR_print_errors(bio_err); goto end; } +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + { + if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) + { + ERR_print_errors(bio_err); + goto end; + } + } +#endif RSA_free(rsa); BIO_printf(bio_s_out,"\n"); } @@ -1076,19 +1476,46 @@ bad: BIO_printf(bio_err,"error setting cipher list\n"); ERR_print_errors(bio_err); goto end; +#ifndef OPENSSL_NO_TLSEXT + if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) + { + BIO_printf(bio_err,"error setting cipher list\n"); + ERR_print_errors(bio_err); + goto end; + } +#endif } SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, sizeof s_server_session_id_context); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + { + SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); + SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, + sizeof s_server_session_id_context); + + tlsextcbp.biodebug = bio_s_out; + SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); + SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); + SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); + } +#endif if (CAfile != NULL) - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); - + { + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2) + SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); +#endif + } BIO_printf(bio_s_out,"ACCEPT\n"); if (www) - do_server(port,sock_type,&accept_socket,www_body, context); + do_server(port,socket_type,&accept_socket,www_body, context); else - do_server(port,sock_type,&accept_socket,sv_body, context); + do_server(port,socket_type,&accept_socket,sv_body, context); print_stats(bio_s_out,ctx); ret=0; end: @@ -1105,6 +1532,13 @@ end: OPENSSL_free(pass); if (dpass) OPENSSL_free(dpass); +#ifndef OPENSSL_NO_TLSEXT + if (ctx2 != NULL) SSL_CTX_free(ctx2); + if (s_cert2) + X509_free(s_cert2); + if (s_key2) + EVP_PKEY_free(s_key2); +#endif if (bio_s_out != NULL) { BIO_free(bio_s_out); @@ -1171,6 +1605,19 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); +#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) + { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_s_out); + } + if (s_tlsextstatus) + { + SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); + tlscstatp.err = bio_err; + SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); + } +#endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) { @@ -1241,6 +1688,13 @@ static int sv_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_s_out); } +#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) + { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_s_out); + } +#endif width=s+1; for (;;) @@ -1606,6 +2060,13 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=SSL_new(ctx)) == NULL) goto err; +#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) + { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_s_out); + } +#endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) { diff --git a/apps/smime.c b/apps/smime.c index 830f18cd8479f..ce8a1cbecb75f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -145,6 +145,10 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-des")) cipher = EVP_des_cbc(); #endif +#ifndef OPENSSL_NO_SEED + else if (!strcmp (*args, "-seed")) + cipher = EVP_seed_cbc(); +#endif #ifndef OPENSSL_NO_RC2 else if (!strcmp (*args, "-rc2-40")) cipher = EVP_rc2_40_cbc(); @@ -423,6 +427,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); BIO_printf (bio_err, "-des encrypt with DES\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf (bio_err, "-seed encrypt with SEED\n"); +#endif #ifndef OPENSSL_NO_RC2 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); diff --git a/apps/speed.c b/apps/speed.c index 7858aee76ed3d..8a1974f5fe9b8 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -201,6 +201,9 @@ #ifndef OPENSSL_NO_IDEA #include #endif +#ifndef OPENSSL_NO_SEED +#include +#endif #ifndef OPENSSL_NO_BF #include #endif @@ -272,7 +275,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif -#define ALGOR_NUM 24 +#define ALGOR_NUM 28 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -282,11 +285,12 @@ static int do_multi(int multi); static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", - "des cbc","des ede3","idea cbc", + "des cbc","des ede3","idea cbc","seed cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", - "evp","sha256","sha512"}; + "evp","sha256","sha512", + "aes-128 ige","aes-192 ige","aes-256 ige"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; @@ -533,6 +537,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA IDEA_KEY_SCHEDULE idea_ks; #endif +#ifndef OPENSSL_NO_SEED + SEED_KEY_SCHEDULE seed_ks; +#endif #ifndef OPENSSL_NO_BF BF_KEY bf_ks; #endif @@ -570,7 +577,7 @@ int MAIN(int argc, char **argv) #define MAX_BLOCK_SIZE 64 #endif unsigned char DES_iv[8]; - unsigned char iv[MAX_BLOCK_SIZE/8]; + unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; @@ -597,19 +604,23 @@ int MAIN(int argc, char **argv) #define D_CBC_DES 8 #define D_EDE3_DES 9 #define D_CBC_IDEA 10 -#define D_CBC_RC2 11 -#define D_CBC_RC5 12 -#define D_CBC_BF 13 -#define D_CBC_CAST 14 -#define D_CBC_128_AES 15 -#define D_CBC_192_AES 16 -#define D_CBC_256_AES 17 -#define D_CBC_128_CML 18 -#define D_CBC_192_CML 19 -#define D_CBC_256_CML 20 -#define D_EVP 21 -#define D_SHA256 22 -#define D_SHA512 23 +#define D_CBC_SEED 11 +#define D_CBC_RC2 12 +#define D_CBC_RC5 13 +#define D_CBC_BF 14 +#define D_CBC_CAST 15 +#define D_CBC_128_AES 16 +#define D_CBC_192_AES 17 +#define D_CBC_256_AES 18 +#define D_CBC_128_CML 19 +#define D_CBC_192_CML 20 +#define D_CBC_256_CML 21 +#define D_EVP 22 +#define D_SHA256 23 +#define D_SHA512 24 +#define D_IGE_128_AES 25 +#define D_IGE_192_AES 26 +#define D_IGE_256_AES 27 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -950,7 +961,10 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; - else + else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1; + else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1; + else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1; + else #endif #ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; @@ -999,6 +1013,11 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; else #endif +#ifndef OPENSSL_NO_SEED + if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1; + else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1; + else +#endif #ifndef OPENSSL_NO_BF if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; @@ -1144,6 +1163,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea-cbc "); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err,"seed-cbc "); +#endif #ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2-cbc "); #endif @@ -1153,7 +1175,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_BF BIO_printf(bio_err,"bf-cbc"); #endif -#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) BIO_printf(bio_err,"\n"); #endif @@ -1162,6 +1184,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); + BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige "); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,"\n"); @@ -1195,6 +1218,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea "); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err,"seed "); +#endif #ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2 "); #endif @@ -1213,10 +1239,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_BF BIO_printf(bio_err,"blowfish"); #endif -#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ - !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ - !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \ - !defined(OPENSSL_NO_CAMELLIA) +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \ + !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \ + !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \ + !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err,"\n"); #endif @@ -1318,6 +1344,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif +#ifndef OPENSSL_NO_SEED + SEED_set_key(key16,&seed_ks); +#endif #ifndef OPENSSL_NO_RC4 RC4_set_key(&rc4_ks,16,key16); #endif @@ -1361,6 +1390,7 @@ int MAIN(int argc, char **argv) c[D_CBC_DES][0]=count; c[D_EDE3_DES][0]=count/3; c[D_CBC_IDEA][0]=count; + c[D_CBC_SEED][0]=count; c[D_CBC_RC2][0]=count; c[D_CBC_RC5][0]=count; c[D_CBC_BF][0]=count; @@ -1373,6 +1403,9 @@ int MAIN(int argc, char **argv) c[D_CBC_256_CML][0]=count; c[D_SHA256][0]=count; c[D_SHA512][0]=count; + c[D_IGE_128_AES][0]=count; + c[D_IGE_192_AES][0]=count; + c[D_IGE_256_AES][0]=count; for (i=1; i/dev/null | grep sparcv9` if [ "$ISA64" != "" ]; then @@ -655,8 +656,8 @@ case "$GUESSOS" in *-*-sunos4) OUT="sunos-$CC" ;; *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; - alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;; - powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;; + alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;; + powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;; sparc64-*-*bsd*) OUT="BSD-sparc64" ;; ia64-*-*bsd*) OUT="BSD-ia64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; @@ -748,7 +749,7 @@ case "$GUESSOS" in fi fi fi - if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then + if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then : # this applies even to Power3 and later, as they return PowerPC_POWER[345] else options="$options no-asm" @@ -797,7 +798,7 @@ case "$GUESSOS" in i386-*) options="$options 386" ;; esac -for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha +for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha do if [ ! -d crypto/$i ] then diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 0f939eb7f8eee..22c7203dbb2e2 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -24,8 +24,8 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \ - aes_ctr.c aes_ige.c -LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \ + aes_ctr.c aes_ige.c aes_wrap.c +LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \ $(AES_ASM_OBJ) SRC= $(LIBSRC) @@ -57,6 +57,9 @@ ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +aes-x86_64.s: asm/aes-x86_64.pl + $(PERL) asm/aes-x86_64.pl $@ + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -117,3 +120,11 @@ aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c +aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h +aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +aes_wrap.o: ../../include/openssl/opensslconf.h +aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index e6fc44a24d48a..baf0222d49d30 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -130,6 +130,12 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key2, const unsigned char *ivec, const int enc); +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); #ifdef __cplusplus } diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 2082d060cf94f..45d7096181877 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -54,21 +54,25 @@ #include #include "aes_locl.h" -/* -static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) - { - int n=0; +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +} aes_block_t; - fprintf(f,"%s",title); - for( ; n < l ; ++n) - { - if((n%16) == 0) - fprintf(f,"\n%04x",n); - fprintf(f," %02x",s[n]); - } - fprintf(f,"\n"); - } -*/ +/* XXX: probably some better way to do this */ +#if defined(__i386__) || defined(__x86_64__) +#define UNALIGNED_MEMOPS_ARE_FAST 1 +#else +#define UNALIGNED_MEMOPS_ARE_FAST 0 +#endif + +#if UNALIGNED_MEMOPS_ARE_FAST +#define load_block(d, s) (d) = *(const aes_block_t *)(s) +#define store_block(d, s) *(aes_block_t *)(d) = (s) +#else +#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) +#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) +#endif /* N.B. The IV for this mode is _twice_ the block size */ @@ -77,68 +81,125 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, const int enc) { unsigned long n; - unsigned long len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char prev[AES_BLOCK_SIZE]; - const unsigned char *iv = ivec; - const unsigned char *iv2 = ivec + AES_BLOCK_SIZE; + unsigned long len; OPENSSL_assert(in && out && key && ivec); OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); + len = length / AES_BLOCK_SIZE; + if (AES_ENCRYPT == enc) { - /* XXX: Do a separate case for when in != out (strictly should - check for overlap, too) */ - while (len >= AES_BLOCK_SIZE) + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) { - /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] = in[n] ^ iv[n]; - /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */ - AES_encrypt(out, out, key); - /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv2[n]; - /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ - iv = out; - memcpy(prev, in, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + + while (len) + { + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; + + for(n=0 ; n < N_WORDS; ++n) + outp->data[n] = inp->data[n] ^ ivp->data[n]; + AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); + for(n=0 ; n < N_WORDS; ++n) + outp->data[n] ^= iv2p->data[n]; + ivp = outp; + iv2p = inp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } + else + { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; + + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); + + while (len) + { + load_block(tmp, in); + for(n=0 ; n < N_WORDS; ++n) + tmp2.data[n] = tmp.data[n] ^ iv.data[n]; + AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); + for(n=0 ; n < N_WORDS; ++n) + tmp2.data[n] ^= iv2.data[n]; + store_block(out, tmp2); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); } - memcpy(ivec, iv, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); } else { - while (len >= AES_BLOCK_SIZE) + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) { - memcpy(tmp, in, AES_BLOCK_SIZE); - memcpy(tmp2, in, AES_BLOCK_SIZE); - /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - tmp[n] ^= iv2[n]; - /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */ - AES_decrypt(tmp, out, key); - /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= ivec[n]; - /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ - memcpy(ivec, tmp2, AES_BLOCK_SIZE); - iv2 = out; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + + while (len) + { + aes_block_t tmp; + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; + + for(n=0 ; n < N_WORDS; ++n) + tmp.data[n] = inp->data[n] ^ iv2p->data[n]; + AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); + for(n=0 ; n < N_WORDS; ++n) + outp->data[n] ^= ivp->data[n]; + ivp = inp; + iv2p = outp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } + else + { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; + + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); + + while (len) + { + load_block(tmp, in); + tmp2 = tmp; + for(n=0 ; n < N_WORDS; ++n) + tmp.data[n] ^= iv2.data[n]; + AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); + for(n=0 ; n < N_WORDS; ++n) + tmp.data[n] ^= iv.data[n]; + store_block(out, tmp); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); } - memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); } } @@ -177,17 +238,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, iv2 = ivec + AES_BLOCK_SIZE; while (len >= AES_BLOCK_SIZE) { - /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] = in[n] ^ iv[n]; - /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */ AES_encrypt(out, out, key); - /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] ^= iv2[n]; - /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ iv = out; memcpy(prev, in, AES_BLOCK_SIZE); iv2 = prev; @@ -203,8 +258,6 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, while(len >= AES_BLOCK_SIZE) { out -= AES_BLOCK_SIZE; - /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ /* XXX: reduce copies by alternating between buffers */ memcpy(tmp, out, AES_BLOCK_SIZE); for(n=0 ; n < AES_BLOCK_SIZE ; ++n) @@ -235,17 +288,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, out -= AES_BLOCK_SIZE; memcpy(tmp, in, AES_BLOCK_SIZE); memcpy(tmp2, in, AES_BLOCK_SIZE); - /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) tmp[n] ^= iv2[n]; - /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */ AES_decrypt(tmp, out, key); - /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] ^= iv[n]; - /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); iv = tmp3; iv2 = out; @@ -260,17 +307,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, { memcpy(tmp, out, AES_BLOCK_SIZE); memcpy(tmp2, out, AES_BLOCK_SIZE); - /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) tmp[n] ^= iv2[n]; - /* hexdump(stdout, "out ^ iv2", tmp, AES_BLOCK_SIZE); */ AES_decrypt(tmp, out, key); - /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */ for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] ^= iv[n]; - /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); iv = tmp3; iv2 = out; @@ -278,6 +319,5 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - } } diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c new file mode 100644 index 0000000000000..9feacd65d8cdf --- /dev/null +++ b/crypto/aes/aes_wrap.c @@ -0,0 +1,259 @@ +/* crypto/aes/aes_wrap.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include + +static const unsigned char default_iv[] = { + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +}; + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { + unsigned char *A, B[16], *R; + unsigned int i, j, t; + if ((inlen & 0x7) || (inlen < 8)) + return -1; + A = B; + t = 1; + memcpy(out + 8, in, inlen); + if (!iv) + iv = default_iv; + + memcpy(A, iv, 8); + + for (j = 0; j < 6; j++) + { + R = out + 8; + for (i = 0; i < inlen; i += 8, t++, R += 8) + { + memcpy(B + 8, R, 8); + AES_encrypt(B, B, key); + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) + { + A[6] ^= (unsigned char)((t & 0xff) >> 8); + A[5] ^= (unsigned char)((t & 0xff) >> 16); + A[4] ^= (unsigned char)((t & 0xff) >> 24); + } + memcpy(R, B + 8, 8); + } + } + memcpy(out, A, 8); + return inlen + 8; + } + +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { + unsigned char *A, B[16], *R; + unsigned int i, j, t; + inlen -= 8; + if (inlen & 0x7) + return -1; + if (inlen < 8) + return -1; + A = B; + t = 6 * (inlen >> 3); + memcpy(A, in, 8); + memcpy(out, in + 8, inlen); + for (j = 0; j < 6; j++) + { + R = out + inlen - 8; + for (i = 0; i < inlen; i += 8, t--, R -= 8) + { + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) + { + A[6] ^= (unsigned char)((t & 0xff) >> 8); + A[5] ^= (unsigned char)((t & 0xff) >> 16); + A[4] ^= (unsigned char)((t & 0xff) >> 24); + } + memcpy(B + 8, R, 8); + AES_decrypt(B, B, key); + memcpy(R, B + 8, 8); + } + } + if (!iv) + iv = default_iv; + if (memcmp(A, iv, 8)) + { + OPENSSL_cleanse(out, inlen); + return 0; + } + return inlen; + } + +#ifdef AES_WRAP_TEST + +int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, + const unsigned char *iv, + const unsigned char *eout, + const unsigned char *key, int keylen) + { + unsigned char *otmp = NULL, *ptmp = NULL; + int r, ret = 0; + AES_KEY wctx; + otmp = OPENSSL_malloc(keylen + 8); + ptmp = OPENSSL_malloc(keylen); + if (!otmp || !ptmp) + return 0; + if (AES_set_encrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_wrap_key(&wctx, iv, otmp, key, keylen); + if (r <= 0) + goto err; + + if (eout && memcmp(eout, otmp, keylen)) + goto err; + + if (AES_set_decrypt_key(kek, keybits, &wctx)) + goto err; + r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); + + if (memcmp(key, ptmp, keylen)) + goto err; + + ret = 1; + + err: + if (otmp) + OPENSSL_free(otmp); + if (ptmp) + OPENSSL_free(ptmp); + + return ret; + + } + + + +int main(int argc, char **argv) +{ + +static const unsigned char kek[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +static const unsigned char key[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +static const unsigned char e1[] = { + 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, + 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, + 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 +}; + +static const unsigned char e2[] = { + 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, + 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, + 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d +}; + +static const unsigned char e3[] = { + 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, + 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, + 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 +}; + +static const unsigned char e4[] = { + 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, + 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, + 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, + 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 +}; + +static const unsigned char e5[] = { + 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, + 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, + 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, + 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 +}; + +static const unsigned char e6[] = { + 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, + 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, + 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, + 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, + 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 +}; + + AES_KEY wctx, xctx; + int ret; + ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); + fprintf(stderr, "Key test result %d\n", ret); + ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); + fprintf(stderr, "Key test result %d\n", ret); +} + + +#endif diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 2774d1cb49c75..89fa2617944b5 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -512,11 +512,11 @@ sub declast() if($i==3) { &mov ($key,&DWP(12,"esp")); } else { &mov ($out,$s[0]); } &and ($out,0xFF); - &movz ($out,&DWP(2048,$td,$out,1)); + &movz ($out,&BP(2048,$td,$out,1)); if ($i==3) { $tmp=$s[1]; } &movz ($tmp,&HB($s[1])); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &movz ($tmp,&BP(2048,$td,$tmp,1)); &shl ($tmp,8); &xor ($out,$tmp); @@ -524,14 +524,14 @@ sub declast() else { mov ($tmp,$s[2]); } &shr ($tmp,16); &and ($tmp,0xFF); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &movz ($tmp,&BP(2048,$td,$tmp,1)); &shl ($tmp,16); &xor ($out,$tmp); if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } else { &mov ($tmp,$s[3]); } &shr ($tmp,24); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); + &movz ($tmp,&BP(2048,$td,$tmp,1)); &shl ($tmp,24); &xor ($out,$tmp); if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } @@ -940,7 +940,6 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &cmp ($mark,0); # was the key schedule copied? &mov ("edi",$_key); - &mov ("esp",$_esp); &je (&label("skip_ezero")); # zero copy of key schedule &mov ("ecx",240/4); @@ -948,6 +947,7 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &align (4); &data_word(0xABF3F689); # rep stosd &set_label("skip_ezero") + &mov ("esp",$_esp); &popf (); &set_label("enc_out"); &function_end_A(); @@ -1197,7 +1197,6 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &set_label("dec_out"); &cmp ($mark,0); # was the key schedule copied? &mov ("edi",$_key); - &mov ("esp",$_esp); &je (&label("skip_dzero")); # zero copy of key schedule &mov ("ecx",240/4); @@ -1205,6 +1204,7 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &align (4); &data_word(0xABF3F689); # rep stosd &set_label("skip_dzero") + &mov ("esp",$_esp); &popf (); &function_end("AES_cbc_encrypt"); } diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S index 542cf335e9955..7f6c4c366291c 100644 --- a/crypto/aes/asm/aes-ia64.S +++ b/crypto/aes/asm/aes-ia64.S @@ -17,14 +17,24 @@ // big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds) // ticks per block, or 9.25 CPU cycles per byte for 128 bit key. -.ident "aes-ia64.S, version 1.1" +// Version 1.2 mitigates the hazard of cache-timing attacks by +// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling +// references to S-boxes for L2 cache latency, c) prefetching T[ed]4 +// prior last round. As result performance dropped to (26 + 15*rounds) +// ticks per block or 11 cycles per byte processed with 128-bit key. +// This is ~16% deterioration. For reference Itanium 2 L1 cache has +// 64 bytes line size and L2 - 128 bytes... + +.ident "aes-ia64.S, version 1.2" .ident "IA-64 ISA artwork by Andy Polyakov " .explicit .text rk0=r8; rk1=r9; -prsave=r10; +pfssave=r2; +lcsave=r10; +prsave=r3; maskff=r11; twenty4=r14; sixteen=r15; @@ -44,12 +54,21 @@ te0=r40; te1=r41; te2=r42; te3=r43; #if defined(_HPUX_SOURCE) && !defined(_LP64) # define ADDP addp4 -# define KSZ 4 -# define LDKEY ld4 #else # define ADDP add #endif +// Offsets from Te0 +#define TE0 0 +#define TE2 2 +#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) +#define TE1 3 +#define TE3 1 +#else +#define TE1 1 +#define TE3 3 +#endif + // This implies that AES_KEY comprises 32-bit key schedule elements // even on LP64 platforms. #ifndef KSZ @@ -67,16 +86,19 @@ te0=r40; te1=r41; te2=r42; te3=r43; // Clobber: r16-r31,rk0-rk1,r32-r43 .align 32 _ia64_AES_encrypt: + .prologue + .altrp b6 + .body { .mmi; alloc r16=ar.pfs,12,0,0,8 LDKEY t0=[rk0],2*KSZ mov pr.rot=1<<16 } { .mmi; LDKEY t1=[rk1],2*KSZ - add te1=1024,te0 + add te1=TE1,te0 add te3=-3,te3 };; { .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=3 } + mov ar.ec=2 } { .mib; LDKEY t3=[rk1],2*KSZ - add te2=2048,te0 + add te2=TE2,te0 brp.loop.imp .Le_top,.Le_end-16 };; { .mmi; xor s0=s0,t0 @@ -84,8 +106,8 @@ _ia64_AES_encrypt: mov ar.lc=te3 } { .mmi; xor s2=s2,t2 xor s3=s3,t3 - add te3=3072,te0 };; - + add te3=TE3,te0 };; + .align 32 .Le_top: { .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] @@ -95,105 +117,184 @@ _ia64_AES_encrypt: (p0) and te30=s0,maskff // 0/1:s0&0xff (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 { .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te33=te33,2,te3 // 1/0:te0+s0>>24 + (p0) shladd te33=te33,3,te3 // 1/0:te0+s0>>24 (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff { .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te30=te30,2,te3 // 1/1:te3+s0 + (p0) shladd te30=te30,3,te3 // 1/1:te3+s0 (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 { .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff + (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff { .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0] - (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 + (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8 (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 { .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 + (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8 (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff { .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 + (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24 (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 { .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 + (p0) shladd te21=te21,3,te2 // 4/3:te3+s2 (p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff { .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 + (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24 (p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16 { .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te11=te11,2,te1 // 5/0:te1+s1>>16 + (p0) shladd te11=te11,3,te1 // 5/0:te1+s1>>16 (p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff { .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 + (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24 (p0) and te31=s1,maskff };; // 5/2:s1&0xff - { .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16] - (p0) shladd te12=te12,2,te1 // 6/1:te1+s2>>16 + (p0) shladd te12=te12,3,te1 // 6/1:te1+s2>>16 (p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff { .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 + (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16 (p0) and te32=s2,maskff };; // 6/3:s2&0xff + { .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16] - (p0) shladd te31=te31,2,te3 // 7/2:te3+s1&0xff + (p0) shladd te31=te31,3,te3 // 7/2:te3+s1&0xff (p0) and te13=te13,maskff} // 7/2:s3>>16&0xff { .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te32=te32,2,te3 // 7/3:te3+s2 + (p0) shladd te32=te32,3,te3 // 7/3:te3+s2 (p0) xor t0=t0,te33 };; // 7/0: { .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1] - (p0) shladd te13=te13,2,te1 // 8/2:te1+s3>>16 + (p0) shladd te13=te13,3,te1 // 8/2:te1+s3>>16 (p0) xor t0=t0,te22 } // 8/0: { .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2] - (p0) shladd te10=te10,2,te1 // 8/3:te1+s0>>16 + (p0) shladd te10=te10,3,te1 // 8/3:te1+s0>>16 (p0) xor t1=t1,te30 };; // 8/1: { .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16] - (p0) xor t0=t0,te00 // 9/0: - (p0) xor t1=t1,te23 } // 9/1: -{ .mmi; (p0) ld4 te10=[te10] // 9/3:te1[s0>>16] - (p0) xor t2=t2,te20 // 9/2: - (p0) xor t3=t3,te21 };; // 9/3: -{ .mmi; (p0) xor t0=t0,te11 // 10/0:done! - (p0) xor t1=t1,te01 // 10/1: - (p0) xor t2=t2,te02 } // 10/2: -{ .mmi; (p0) xor t3=t3,te03 // 10/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) -{ .mmi; (p0) xor t1=t1,te12 // 11/1:done! - (p0) xor t2=t2,te31 // 11/2: - (p0) xor t3=t3,te32 } // 11/3: -{ .mmi; (p17) add te0=4096,te0 // 11/ - (p17) add te1=4096,te1 };; // 11/ -{ .mib; (p0) xor t2=t2,te13 // 12/2:done! - (p0) xor t3=t3,te10 } // 12/3:done! -{ .mib; (p17) add te2=4096,te2 // 12/ - (p17) add te3=4096,te3 // 12/ + (p0) ld4 te10=[te10] // 9/3:te1[s0>>16] + (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling +{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1: + (p0) xor t2=t2,te20 // 10[9]/2: + (p0) xor t3=t3,te21 };; // 10[9]/3: +{ .mmi; (p0) xor t0=t0,te11 // 11[10]/0:done! + (p0) xor t1=t1,te01 // 11[10]/1: + (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling +{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3: + (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17) +{ .mmi; (p0) xor t1=t1,te12 // 13[11]/1:done! + (p0) xor t2=t2,te31 // 13[11]/2: + (p0) xor t3=t3,te32 } // 13[11]/3: +{ .mmi; (p17) add te0=2048,te0 // 13[11]/ + (p17) add te1=2048+64-TE1,te1};; // 13[11]/ +{ .mib; (p0) xor t2=t2,te13 // 14[12]/2:done! + (p17) add te2=2048+128-TE2,te2} // 14[12]/ +{ .mib; (p0) xor t3=t3,te10 // 14[12]/3:done! + (p17) add te3=2048+192-TE3,te3 // 14[12]/ br.ctop.sptk .Le_top };; .Le_end: -{ .mib; mov r16=s0 - mov r20=s1 } -{ .mib; mov r24=s2 - mov r28=s3 - br.ret.sptk b6 };; + + +{ .mmi; ld8 te12=[te0] // prefetch Te4 + ld8 te31=[te1] } +{ .mmi; ld8 te10=[te2] + ld8 te32=[te3] } + +{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] + and te33=s3,maskff // 0/0:s3&0xff + extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff +{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] + and te30=s0,maskff // 0/1:s0&0xff + shr.u te00=s0,twenty4 };; // 0/0:s0>>24 +{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] + add te33=te33,te0 // 1/0:te0+s0>>24 + extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff +{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] + add te30=te30,te0 // 1/1:te0+s0 + shr.u te01=s1,twenty4 };; // 1/1:s1>>24 +{ .mmi; ld1 te33=[te33] // 2/0:te0[s3&0xff] + add te22=te22,te0 // 2/0:te0+s2>>8&0xff + extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff +{ .mmi; ld1 te30=[te30] // 2/1:te0[s0] + add te23=te23,te0 // 2/1:te0+s3>>8 + shr.u te02=s2,twenty4 };; // 2/2:s2>>24 +{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8] + add te20=te20,te0 // 3/2:te0+s0>>8 + extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff +{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8] + add te00=te00,te0 // 3/0:te0+s0>>24 + shr.u te03=s3,twenty4 };; // 3/3:s3>>24 +{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8] + add te21=te21,te0 // 4/3:te0+s2 + extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff +{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24] + add te01=te01,te0 // 4/1:te0+s1>>24 + shr.u te13=s3,sixteen };; // 4/2:s3>>16 +{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8] + add te11=te11,te0 // 5/0:te0+s1>>16 + extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff +{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24] + add te02=te02,te0 // 5/2:te0+s2>>24 + and te31=s1,maskff };; // 5/2:s1&0xff +{ .mmi; ld1 te11=[te11] // 6/0:te0[s1>>16] + add te12=te12,te0 // 6/1:te0+s2>>16 + extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff +{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24] + add te03=te03,te0 // 6/3:te0+s0>>16 + and te32=s2,maskff };; // 6/3:s2&0xff + +{ .mmi; ld1 te12=[te12] // 7/1:te0[s2>>16] + add te31=te31,te0 // 7/2:te0+s1&0xff + dep te33=te22,te33,8,8} // 7/0: +{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24] + add te32=te32,te0 // 7/3:te0+s2 + and te13=te13,maskff};; // 7/2:s3>>16&0xff +{ .mmi; ld1 te31=[te31] // 8/2:te0[s1] + add te13=te13,te0 // 8/2:te0+s3>>16 + dep te30=te23,te30,8,8} // 8/1: +{ .mmi; ld1 te32=[te32] // 8/3:te0[s2] + add te10=te10,te0 // 8/3:te0+s0>>16 + shl te00=te00,twenty4};; // 8/0: +{ .mii; ld1 te13=[te13] // 9/2:te0[s3>>16] + dep te33=te11,te33,16,8 // 9/0: + shl te01=te01,twenty4};; // 9/1: +{ .mii; ld1 te10=[te10] // 10/3:te0[s0>>16] + dep te31=te20,te31,8,8 // 10/2: + shl te02=te02,twenty4};; // 10/2: +{ .mii; xor t0=t0,te33 // 11/0: + dep te32=te21,te32,8,8 // 11/3: + shl te12=te12,sixteen};; // 11/1: +{ .mii; xor r16=t0,te00 // 12/0:done! + dep te31=te13,te31,16,8 // 12/2: + shl te03=te03,twenty4};; // 12/3: +{ .mmi; xor t1=t1,te01 // 13/1: + xor t2=t2,te02 // 13/2: + dep te32=te10,te32,16,8};; // 13/3: +{ .mmi; xor t1=t1,te30 // 14/1: + xor r24=t2,te31 // 14/2:done! + xor t3=t3,te32 };; // 14/3: +{ .mib; xor r20=t1,te12 // 15/1:done! + xor r28=t3,te03 // 15/3:done! + br.ret.sptk b6 };; .endp _ia64_AES_encrypt# // void AES_encrypt (const void *in,void *out,const AES_KEY *key); .global AES_encrypt# .proc AES_encrypt# .align 32 -.skip 16 AES_encrypt: .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 -{ .mmi; alloc r2=ar.pfs,3,0,12,0 - addl out8=@ltoff(AES_Te#),gp - mov r3=ar.lc } -{ .mmi; and out0=3,in0 - ADDP in0=0,in0 + .save ar.pfs,pfssave +{ .mmi; alloc pfssave=ar.pfs,3,1,12,0 + and out0=3,in0 + mov r3=ip } +{ .mmi; ADDP in0=0,in0 + mov loc0=psr.um ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - .body -{ .mmi; ld8 out8=[out8] // Te0 - ld4 out11=[out11] // AES_KEY->rounds +{ .mmi; ld4 out11=[out11] // AES_KEY->rounds + add out8=(AES_Te#-AES_encrypt#),r3 // Te0 + .save pr,prsave mov prsave=pr } +{ .mmi; rum 1<<3 // clear um.ac + .save ar.lc,lcsave + mov lcsave=ar.lc };; + .body #if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... { .mib; cmp.ne p6,p0=out0,r0 add out0=4,in0 @@ -216,8 +317,9 @@ AES_encrypt: ADDP in1=0,in1 (p6) br.spnt .Le_o_unaligned };; -{ .mii; mov ar.pfs=r2 - mov ar.lc=r3 } +{ .mii; mov psr.um=loc0 + mov ar.pfs=pfssave + mov ar.lc=lcsave };; { .mmi; st4 [in1]=r16,8 // s0 st4 [in0]=r20,8 // s1 mov pr=prsave,0x1ffff };; @@ -278,13 +380,13 @@ AES_encrypt: shr.u r23=r20,twenty4 }//;; // s1 { .mii; ADDP out2=2,in1 extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; + shr.u r22=r20,sixteen }//;; { .mii; ADDP out3=3,in1 extr.u r25=r24,8,8 // s2 shr.u r27=r24,twenty4 };; { .mii; st1 [out3]=r16,4 extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 + shr.u r31=r28,twenty4 }//;; // s3 { .mii; st1 [out2]=r17,4 extr.u r29=r28,8,8 shr.u r30=r28,sixteen }//;; @@ -300,12 +402,13 @@ AES_encrypt: mov pr=prsave,0x1ffff }//;; { .mmi; st1 [out1]=r26,4 st1 [out0]=r27,4 - mov ar.pfs=r2 };; + mov ar.pfs=pfssave };; { .mmi; st1 [out3]=r28 st1 [out2]=r29 - mov ar.lc=r3 }//;; -{ .mmb; st1 [out1]=r30 - st1 [out0]=r31 + mov ar.lc=lcsave }//;; +{ .mmi; st1 [out1]=r30 + st1 [out0]=r31 } +{ .mfb; mov psr.um=loc0 // restore user mask br.ret.sptk.many b0 };; .endp AES_encrypt# @@ -360,16 +463,19 @@ while(<>) { // Clobber: r16-r31,rk0-rk1,r32-r43 .align 32 _ia64_AES_decrypt: + .prologue + .altrp b6 + .body { .mmi; alloc r16=ar.pfs,12,0,0,8 LDKEY t0=[rk0],2*KSZ mov pr.rot=1<<16 } { .mmi; LDKEY t1=[rk1],2*KSZ - add te1=1024,te0 + add te1=TE1,te0 add te3=-3,te3 };; { .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=3 } + mov ar.ec=2 } { .mib; LDKEY t3=[rk1],2*KSZ - add te2=2048,te0 + add te2=TE2,te0 brp.loop.imp .Ld_top,.Ld_end-16 };; { .mmi; xor s0=s0,t0 @@ -377,8 +483,8 @@ _ia64_AES_decrypt: mov ar.lc=te3 } { .mmi; xor s2=s2,t2 xor s3=s3,t3 - add te3=3072,te0 };; - + add te3=TE3,te0 };; + .align 32 .Ld_top: { .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] @@ -388,105 +494,184 @@ _ia64_AES_decrypt: (p0) and te32=s2,maskff // 0/1:s0&0xff (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 { .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te31=te31,2,te3 // 1/0:te0+s0>>24 + (p0) shladd te31=te31,3,te3 // 1/0:te0+s0>>24 (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff { .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te32=te32,2,te3 // 1/1:te3+s0 + (p0) shladd te32=te32,3,te3 // 1/1:te3+s0 (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 { .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff + (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff { .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0] - (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 + (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8 (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 { .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 + (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8 (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff { .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 + (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24 (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 { .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 + (p0) shladd te21=te21,3,te2 // 4/3:te3+s2 (p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff { .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 + (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24 (p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16 { .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te13=te13,2,te1 // 5/0:te1+s1>>16 + (p0) shladd te13=te13,3,te1 // 5/0:te1+s1>>16 (p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff { .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 + (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24 (p0) and te33=s3,maskff };; // 5/2:s1&0xff - { .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16] - (p0) shladd te10=te10,2,te1 // 6/1:te1+s2>>16 + (p0) shladd te10=te10,3,te1 // 6/1:te1+s2>>16 (p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff { .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 + (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16 (p0) and te30=s0,maskff };; // 6/3:s2&0xff + { .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16] - (p0) shladd te33=te33,2,te3 // 7/2:te3+s1&0xff + (p0) shladd te33=te33,3,te3 // 7/2:te3+s1&0xff (p0) and te11=te11,maskff} // 7/2:s3>>16&0xff { .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te30=te30,2,te3 // 7/3:te3+s2 + (p0) shladd te30=te30,3,te3 // 7/3:te3+s2 (p0) xor t0=t0,te31 };; // 7/0: { .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1] - (p0) shladd te11=te11,2,te1 // 8/2:te1+s3>>16 + (p0) shladd te11=te11,3,te1 // 8/2:te1+s3>>16 (p0) xor t0=t0,te22 } // 8/0: { .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2] - (p0) shladd te12=te12,2,te1 // 8/3:te1+s0>>16 + (p0) shladd te12=te12,3,te1 // 8/3:te1+s0>>16 (p0) xor t1=t1,te32 };; // 8/1: { .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16] - (p0) xor t0=t0,te00 // 9/0: - (p0) xor t1=t1,te23 } // 9/1: -{ .mmi; (p0) ld4 te12=[te12] // 9/3:te1[s0>>16] - (p0) xor t2=t2,te20 // 9/2: - (p0) xor t3=t3,te21 };; // 9/3: -{ .mmi; (p0) xor t0=t0,te13 // 10/0:done! - (p0) xor t1=t1,te01 // 10/1: - (p0) xor t2=t2,te02 } // 10/2: -{ .mmi; (p0) xor t3=t3,te03 // 10/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) -{ .mmi; (p0) xor t1=t1,te10 // 11/1:done! - (p0) xor t2=t2,te33 // 11/2: - (p0) xor t3=t3,te30 } // 11/3: -{ .mmi; (p17) add te0=4096,te0 // 11/ - (p17) add te1=4096,te1 };; // 11/ -{ .mib; (p0) xor t2=t2,te11 // 12/2:done! - (p0) xor t3=t3,te12 } // 12/3:done! -{ .mib; (p17) add te2=4096,te2 // 12/ - (p17) add te3=4096,te3 // 12/ + (p0) ld4 te12=[te12] // 9/3:te1[s0>>16] + (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling +{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1: + (p0) xor t2=t2,te20 // 10[9]/2: + (p0) xor t3=t3,te21 };; // 10[9]/3: +{ .mmi; (p0) xor t0=t0,te13 // 11[10]/0:done! + (p0) xor t1=t1,te01 // 11[10]/1: + (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling +{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3: + (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17) +{ .mmi; (p0) xor t1=t1,te10 // 13[11]/1:done! + (p0) xor t2=t2,te33 // 13[11]/2: + (p0) xor t3=t3,te30 } // 13[11]/3: +{ .mmi; (p17) add te0=2048,te0 // 13[11]/ + (p17) add te1=2048+64-TE1,te1};; // 13[11]/ +{ .mib; (p0) xor t2=t2,te11 // 14[12]/2:done! + (p17) add te2=2048+128-TE2,te2} // 14[12]/ +{ .mib; (p0) xor t3=t3,te12 // 14[12]/3:done! + (p17) add te3=2048+192-TE3,te3 // 14[12]/ br.ctop.sptk .Ld_top };; .Ld_end: -{ .mib; mov r16=s0 - mov r20=s1 } -{ .mib; mov r24=s2 - mov r28=s3 - br.ret.sptk b6 };; + + +{ .mmi; ld8 te10=[te0] // prefetch Td4 + ld8 te33=[te1] } +{ .mmi; ld8 te12=[te2] + ld8 te30=[te3] } + +{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] + and te31=s1,maskff // 0/0:s3&0xff + extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff +{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] + and te32=s2,maskff // 0/1:s0&0xff + shr.u te00=s0,twenty4 };; // 0/0:s0>>24 +{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] + add te31=te31,te0 // 1/0:te0+s0>>24 + extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff +{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] + add te32=te32,te0 // 1/1:te0+s0 + shr.u te01=s1,twenty4 };; // 1/1:s1>>24 +{ .mmi; ld1 te31=[te31] // 2/0:te0[s3&0xff] + add te22=te22,te0 // 2/0:te0+s2>>8&0xff + extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff +{ .mmi; ld1 te32=[te32] // 2/1:te0[s0] + add te23=te23,te0 // 2/1:te0+s3>>8 + shr.u te02=s2,twenty4 };; // 2/2:s2>>24 +{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8] + add te20=te20,te0 // 3/2:te0+s0>>8 + extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff +{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8] + add te00=te00,te0 // 3/0:te0+s0>>24 + shr.u te03=s3,twenty4 };; // 3/3:s3>>24 +{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8] + add te21=te21,te0 // 4/3:te0+s2 + extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff +{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24] + add te01=te01,te0 // 4/1:te0+s1>>24 + shr.u te11=s1,sixteen };; // 4/2:s3>>16 +{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8] + add te13=te13,te0 // 5/0:te0+s1>>16 + extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff +{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24] + add te02=te02,te0 // 5/2:te0+s2>>24 + and te33=s3,maskff };; // 5/2:s1&0xff +{ .mmi; ld1 te13=[te13] // 6/0:te0[s1>>16] + add te10=te10,te0 // 6/1:te0+s2>>16 + extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff +{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24] + add te03=te03,te0 // 6/3:te0+s0>>16 + and te30=s0,maskff };; // 6/3:s2&0xff + +{ .mmi; ld1 te10=[te10] // 7/1:te0[s2>>16] + add te33=te33,te0 // 7/2:te0+s1&0xff + dep te31=te22,te31,8,8} // 7/0: +{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24] + add te30=te30,te0 // 7/3:te0+s2 + and te11=te11,maskff};; // 7/2:s3>>16&0xff +{ .mmi; ld1 te33=[te33] // 8/2:te0[s1] + add te11=te11,te0 // 8/2:te0+s3>>16 + dep te32=te23,te32,8,8} // 8/1: +{ .mmi; ld1 te30=[te30] // 8/3:te0[s2] + add te12=te12,te0 // 8/3:te0+s0>>16 + shl te00=te00,twenty4};; // 8/0: +{ .mii; ld1 te11=[te11] // 9/2:te0[s3>>16] + dep te31=te13,te31,16,8 // 9/0: + shl te01=te01,twenty4};; // 9/1: +{ .mii; ld1 te12=[te12] // 10/3:te0[s0>>16] + dep te33=te20,te33,8,8 // 10/2: + shl te02=te02,twenty4};; // 10/2: +{ .mii; xor t0=t0,te31 // 11/0: + dep te30=te21,te30,8,8 // 11/3: + shl te10=te10,sixteen};; // 11/1: +{ .mii; xor r16=t0,te00 // 12/0:done! + dep te33=te11,te33,16,8 // 12/2: + shl te03=te03,twenty4};; // 12/3: +{ .mmi; xor t1=t1,te01 // 13/1: + xor t2=t2,te02 // 13/2: + dep te30=te12,te30,16,8};; // 13/3: +{ .mmi; xor t1=t1,te32 // 14/1: + xor r24=t2,te33 // 14/2:done! + xor t3=t3,te30 };; // 14/3: +{ .mib; xor r20=t1,te10 // 15/1:done! + xor r28=t3,te03 // 15/3:done! + br.ret.sptk b6 };; .endp _ia64_AES_decrypt# // void AES_decrypt (const void *in,void *out,const AES_KEY *key); .global AES_decrypt# .proc AES_decrypt# .align 32 -.skip 16 AES_decrypt: .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 -{ .mmi; alloc r2=ar.pfs,3,0,12,0 - addl out8=@ltoff(AES_Td#),gp - mov r3=ar.lc } -{ .mmi; and out0=3,in0 - ADDP in0=0,in0 + .save ar.pfs,pfssave +{ .mmi; alloc pfssave=ar.pfs,3,1,12,0 + and out0=3,in0 + mov r3=ip } +{ .mmi; ADDP in0=0,in0 + mov loc0=psr.um ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - .body -{ .mmi; ld8 out8=[out8] // Te0 - ld4 out11=[out11] // AES_KEY->rounds +{ .mmi; ld4 out11=[out11] // AES_KEY->rounds + add out8=(AES_Td#-AES_decrypt#),r3 // Te0 + .save pr,prsave mov prsave=pr } +{ .mmi; rum 1<<3 // clear um.ac + .save ar.lc,lcsave + mov lcsave=ar.lc };; + .body #if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... { .mib; cmp.ne p6,p0=out0,r0 add out0=4,in0 @@ -509,8 +694,9 @@ AES_decrypt: ADDP in1=0,in1 (p6) br.spnt .Ld_o_unaligned };; -{ .mii; mov ar.pfs=r2 - mov ar.lc=r3 } +{ .mii; mov psr.um=loc0 + mov ar.pfs=pfssave + mov ar.lc=lcsave };; { .mmi; st4 [in1]=r16,8 // s0 st4 [in0]=r20,8 // s1 mov pr=prsave,0x1ffff };; @@ -571,13 +757,13 @@ AES_decrypt: shr.u r23=r20,twenty4 }//;; // s1 { .mii; ADDP out2=2,in1 extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; + shr.u r22=r20,sixteen }//;; { .mii; ADDP out3=3,in1 extr.u r25=r24,8,8 // s2 shr.u r27=r24,twenty4 };; { .mii; st1 [out3]=r16,4 extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 + shr.u r31=r28,twenty4 }//;; // s3 { .mii; st1 [out2]=r17,4 extr.u r29=r28,8,8 shr.u r30=r28,sixteen }//;; @@ -593,12 +779,13 @@ AES_decrypt: mov pr=prsave,0x1ffff }//;; { .mmi; st1 [out1]=r26,4 st1 [out0]=r27,4 - mov ar.pfs=r2 };; + mov ar.pfs=pfssave };; { .mmi; st1 [out3]=r28 st1 [out2]=r29 - mov ar.lc=r3 }//;; -{ .mmb; st1 [out1]=r30 - st1 [out0]=r31 + mov ar.lc=lcsave }//;; +{ .mmi; st1 [out1]=r30 + st1 [out0]=r31 } +{ .mfb; mov psr.um=loc0 // restore user mask br.ret.sptk.many b0 };; .endp AES_decrypt# @@ -606,1047 +793,331 @@ AES_decrypt: .align 64 .global AES_Te# .type AES_Te#,@object -AES_Te: data4 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d - data4 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 - data4 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d - data4 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a - data4 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 - data4 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b - data4 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea - data4 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b - data4 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a - data4 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f - data4 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 - data4 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f - data4 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e - data4 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 - data4 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d - data4 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f - data4 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e - data4 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb - data4 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce - data4 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 - data4 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c - data4 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed - data4 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b - data4 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a - data4 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 - data4 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 - data4 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 - data4 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 - data4 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a - data4 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 - data4 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 - data4 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d - data4 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f - data4 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 - data4 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 - data4 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 - data4 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f - data4 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 - data4 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c - data4 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 - data4 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e - data4 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 - data4 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 - data4 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b - data4 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 - data4 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 - data4 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 - data4 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 - data4 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 - data4 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 - data4 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 - data4 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 - data4 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa - data4 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 - data4 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 - data4 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 - data4 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 - data4 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 - data4 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 - data4 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a - data4 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 - data4 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 - data4 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 - data4 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a -// Te1: - data4 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b - data4 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5 - data4 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b - data4 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676 - data4 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d - data4 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0 - data4 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf - data4 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0 - data4 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626 - data4 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc - data4 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1 - data4 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515 - data4 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3 - data4 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a - data4 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2 - data4 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575 - data4 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a - data4 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0 - data4 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3 - data4 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484 - data4 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded - data4 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b - data4 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939 - data4 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf - data4 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb - data4 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585 - data4 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f - data4 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8 - data4 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f - data4 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5 - data4 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121 - data4 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2 - data4 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec - data4 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717 - data4 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d - data4 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373 - data4 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc - data4 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888 - data4 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414 - data4 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb - data4 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a - data4 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c - data4 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262 - data4 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979 - data4 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d - data4 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9 - data4 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea - data4 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808 - data4 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e - data4 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6 - data4 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f - data4 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a - data4 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666 - data4 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e - data4 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9 - data4 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e - data4 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111 - data4 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494 - data4 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9 - data4 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf - data4 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d - data4 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868 - data4 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f - data4 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616 -// Te2: - data4 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b - data4 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5 - data4 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b - data4 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76 - data4 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d - data4 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0 - data4 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af - data4 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0 - data4 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26 - data4 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc - data4 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1 - data4 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15 - data4 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3 - data4 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a - data4 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2 - data4 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75 - data4 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a - data4 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0 - data4 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3 - data4 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384 - data4 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed - data4 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b - data4 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239 - data4 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf - data4 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb - data4 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185 - data4 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f - data4 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8 - data4 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f - data4 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5 - data4 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221 - data4 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2 - data4 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec - data4 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17 - data4 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d - data4 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673 - data4 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc - data4 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88 - data4 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814 - data4 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb - data4 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a - data4 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c - data4 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462 - data4 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279 - data4 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d - data4 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9 - data4 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea - data4 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008 - data4 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e - data4 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6 - data4 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f - data4 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a - data4 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66 - data4 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e - data4 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9 - data4 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e - data4 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211 - data4 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394 - data4 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9 - data4 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df - data4 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d - data4 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068 - data4 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f - data4 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16 -// Te3: - data4 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6 - data4 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491 - data4 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56 - data4 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec - data4 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa - data4 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb - data4 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45 - data4 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b - data4 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c - data4 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83 - data4 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9 - data4 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a - data4 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d - data4 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f - data4 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf - data4 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea - data4 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34 - data4 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b - data4 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d - data4 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713 - data4 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1 - data4 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6 - data4 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72 - data4 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85 - data4 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed - data4 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411 - data4 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe - data4 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b - data4 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05 - data4 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1 - data4 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342 - data4 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf - data4 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3 - data4 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e - data4 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a - data4 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6 - data4 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3 - data4 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b - data4 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28 - data4 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad - data4 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14 - data4 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8 - data4 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4 - data4 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2 - data4 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da - data4 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049 - data4 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf - data4 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810 - data4 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c - data4 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197 - data4 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e - data4 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f - data4 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc - data4 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c - data4 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069 - data4 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927 - data4 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322 - data4 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733 - data4 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9 - data4 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5 - data4 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a - data4 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0 - data4 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e - data4 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c +AES_Te: data4 0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84 + data4 0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d + data4 0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd + data4 0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554 + data4 0x60303050,0x60303050, 0x02010103,0x02010103 + data4 0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d + data4 0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762 + data4 0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a + data4 0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d + data4 0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87 + data4 0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb + data4 0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b + data4 0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467 + data4 0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea + data4 0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7 + data4 0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b + data4 0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c + data4 0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a + data4 0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41 + data4 0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f + data4 0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4 + data4 0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108 + data4 0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873 + data4 0x62313153,0x62313153, 0x2a15153f,0x2a15153f + data4 0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752 + data4 0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e + data4 0x30181828,0x30181828, 0x379696a1,0x379696a1 + data4 0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5 + data4 0x0e070709,0x0e070709, 0x24121236,0x24121236 + data4 0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d + data4 0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769 + data4 0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f + data4 0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e + data4 0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e + data4 0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2 + data4 0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb + data4 0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d + data4 0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce + data4 0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e + data4 0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497 + data4 0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168 + data4 0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c + data4 0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f + data4 0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed + data4 0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46 + data4 0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b + data4 0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4 + data4 0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a + data4 0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a + data4 0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16 + data4 0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7 + data4 0x66333355,0x66333355, 0x11858594,0x11858594 + data4 0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910 + data4 0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81 + data4 0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44 + data4 0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3 + data4 0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe + data4 0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a + data4 0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc + data4 0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504 + data4 0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1 + data4 0xafdada75,0xafdada75, 0x42212163,0x42212163 + data4 0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a + data4 0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d + data4 0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14 + data4 0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f + data4 0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2 + data4 0x884444cc,0x884444cc, 0x2e171739,0x2e171739 + data4 0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2 + data4 0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47 + data4 0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7 + data4 0x3219192b,0x3219192b, 0xe6737395,0xe6737395 + data4 0xc06060a0,0xc06060a0, 0x19818198,0x19818198 + data4 0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f + data4 0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e + data4 0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883 + data4 0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29 + data4 0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c + data4 0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2 + data4 0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76 + data4 0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256 + data4 0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e + data4 0x924949db,0x924949db, 0x0c06060a,0x0c06060a + data4 0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4 + data4 0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e + data4 0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6 + data4 0x399191a8,0x399191a8, 0x319595a4,0x319595a4 + data4 0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b + data4 0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843 + data4 0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7 + data4 0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564 + data4 0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0 + data4 0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa + data4 0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25 + data4 0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e + data4 0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818 + data4 0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888 + data4 0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72 + data4 0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1 + data4 0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651 + data4 0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c + data4 0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21 + data4 0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc + data4 0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85 + data4 0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42 + data4 0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa + data4 0x904848d8,0x904848d8, 0x06030305,0x06030305 + data4 0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12 + data4 0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f + data4 0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0 + data4 0x17868691,0x17868691, 0x99c1c158,0x99c1c158 + data4 0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9 + data4 0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813 + data4 0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133 + data4 0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970 + data4 0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7 + data4 0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22 + data4 0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920 + data4 0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff + data4 0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a + data4 0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8 + data4 0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17 + data4 0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631 + data4 0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8 + data4 0x824141c3,0x824141c3, 0x299999b0,0x299999b0 + data4 0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11 + data4 0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc + data4 0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a // Te4: - data4 0x63000000, 0x7c000000, 0x77000000, 0x7b000000 - data4 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000 - data4 0x30000000, 0x01000000, 0x67000000, 0x2b000000 - data4 0xfe000000, 0xd7000000, 0xab000000, 0x76000000 - data4 0xca000000, 0x82000000, 0xc9000000, 0x7d000000 - data4 0xfa000000, 0x59000000, 0x47000000, 0xf0000000 - data4 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000 - data4 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000 - data4 0xb7000000, 0xfd000000, 0x93000000, 0x26000000 - data4 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000 - data4 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000 - data4 0x71000000, 0xd8000000, 0x31000000, 0x15000000 - data4 0x04000000, 0xc7000000, 0x23000000, 0xc3000000 - data4 0x18000000, 0x96000000, 0x05000000, 0x9a000000 - data4 0x07000000, 0x12000000, 0x80000000, 0xe2000000 - data4 0xeb000000, 0x27000000, 0xb2000000, 0x75000000 - data4 0x09000000, 0x83000000, 0x2c000000, 0x1a000000 - data4 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000 - data4 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000 - data4 0x29000000, 0xe3000000, 0x2f000000, 0x84000000 - data4 0x53000000, 0xd1000000, 0x00000000, 0xed000000 - data4 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000 - data4 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000 - data4 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000 - data4 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000 - data4 0x43000000, 0x4d000000, 0x33000000, 0x85000000 - data4 0x45000000, 0xf9000000, 0x02000000, 0x7f000000 - data4 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000 - data4 0x51000000, 0xa3000000, 0x40000000, 0x8f000000 - data4 0x92000000, 0x9d000000, 0x38000000, 0xf5000000 - data4 0xbc000000, 0xb6000000, 0xda000000, 0x21000000 - data4 0x10000000, 0xff000000, 0xf3000000, 0xd2000000 - data4 0xcd000000, 0x0c000000, 0x13000000, 0xec000000 - data4 0x5f000000, 0x97000000, 0x44000000, 0x17000000 - data4 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000 - data4 0x64000000, 0x5d000000, 0x19000000, 0x73000000 - data4 0x60000000, 0x81000000, 0x4f000000, 0xdc000000 - data4 0x22000000, 0x2a000000, 0x90000000, 0x88000000 - data4 0x46000000, 0xee000000, 0xb8000000, 0x14000000 - data4 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000 - data4 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000 - data4 0x49000000, 0x06000000, 0x24000000, 0x5c000000 - data4 0xc2000000, 0xd3000000, 0xac000000, 0x62000000 - data4 0x91000000, 0x95000000, 0xe4000000, 0x79000000 - data4 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000 - data4 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000 - data4 0x6c000000, 0x56000000, 0xf4000000, 0xea000000 - data4 0x65000000, 0x7a000000, 0xae000000, 0x08000000 - data4 0xba000000, 0x78000000, 0x25000000, 0x2e000000 - data4 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000 - data4 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000 - data4 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000 - data4 0x70000000, 0x3e000000, 0xb5000000, 0x66000000 - data4 0x48000000, 0x03000000, 0xf6000000, 0x0e000000 - data4 0x61000000, 0x35000000, 0x57000000, 0xb9000000 - data4 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000 - data4 0xe1000000, 0xf8000000, 0x98000000, 0x11000000 - data4 0x69000000, 0xd9000000, 0x8e000000, 0x94000000 - data4 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000 - data4 0xce000000, 0x55000000, 0x28000000, 0xdf000000 - data4 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000 - data4 0xbf000000, 0xe6000000, 0x42000000, 0x68000000 - data4 0x41000000, 0x99000000, 0x2d000000, 0x0f000000 - data4 0xb0000000, 0x54000000, 0xbb000000, 0x16000000 -// Te5: - data4 0x00630000, 0x007c0000, 0x00770000, 0x007b0000 - data4 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000 - data4 0x00300000, 0x00010000, 0x00670000, 0x002b0000 - data4 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000 - data4 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000 - data4 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000 - data4 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000 - data4 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000 - data4 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000 - data4 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000 - data4 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000 - data4 0x00710000, 0x00d80000, 0x00310000, 0x00150000 - data4 0x00040000, 0x00c70000, 0x00230000, 0x00c30000 - data4 0x00180000, 0x00960000, 0x00050000, 0x009a0000 - data4 0x00070000, 0x00120000, 0x00800000, 0x00e20000 - data4 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000 - data4 0x00090000, 0x00830000, 0x002c0000, 0x001a0000 - data4 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000 - data4 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000 - data4 0x00290000, 0x00e30000, 0x002f0000, 0x00840000 - data4 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000 - data4 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000 - data4 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000 - data4 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000 - data4 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000 - data4 0x00430000, 0x004d0000, 0x00330000, 0x00850000 - data4 0x00450000, 0x00f90000, 0x00020000, 0x007f0000 - data4 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000 - data4 0x00510000, 0x00a30000, 0x00400000, 0x008f0000 - data4 0x00920000, 0x009d0000, 0x00380000, 0x00f50000 - data4 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000 - data4 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000 - data4 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000 - data4 0x005f0000, 0x00970000, 0x00440000, 0x00170000 - data4 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000 - data4 0x00640000, 0x005d0000, 0x00190000, 0x00730000 - data4 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000 - data4 0x00220000, 0x002a0000, 0x00900000, 0x00880000 - data4 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000 - data4 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000 - data4 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000 - data4 0x00490000, 0x00060000, 0x00240000, 0x005c0000 - data4 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000 - data4 0x00910000, 0x00950000, 0x00e40000, 0x00790000 - data4 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000 - data4 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000 - data4 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000 - data4 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000 - data4 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000 - data4 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000 - data4 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000 - data4 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000 - data4 0x00700000, 0x003e0000, 0x00b50000, 0x00660000 - data4 0x00480000, 0x00030000, 0x00f60000, 0x000e0000 - data4 0x00610000, 0x00350000, 0x00570000, 0x00b90000 - data4 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000 - data4 0x00e10000, 0x00f80000, 0x00980000, 0x00110000 - data4 0x00690000, 0x00d90000, 0x008e0000, 0x00940000 - data4 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000 - data4 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000 - data4 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000 - data4 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000 - data4 0x00410000, 0x00990000, 0x002d0000, 0x000f0000 - data4 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000 -// Te6: - data4 0x00006300, 0x00007c00, 0x00007700, 0x00007b00 - data4 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500 - data4 0x00003000, 0x00000100, 0x00006700, 0x00002b00 - data4 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600 - data4 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00 - data4 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000 - data4 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00 - data4 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000 - data4 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600 - data4 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00 - data4 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100 - data4 0x00007100, 0x0000d800, 0x00003100, 0x00001500 - data4 0x00000400, 0x0000c700, 0x00002300, 0x0000c300 - data4 0x00001800, 0x00009600, 0x00000500, 0x00009a00 - data4 0x00000700, 0x00001200, 0x00008000, 0x0000e200 - data4 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500 - data4 0x00000900, 0x00008300, 0x00002c00, 0x00001a00 - data4 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000 - data4 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300 - data4 0x00002900, 0x0000e300, 0x00002f00, 0x00008400 - data4 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00 - data4 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00 - data4 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900 - data4 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00 - data4 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00 - data4 0x00004300, 0x00004d00, 0x00003300, 0x00008500 - data4 0x00004500, 0x0000f900, 0x00000200, 0x00007f00 - data4 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800 - data4 0x00005100, 0x0000a300, 0x00004000, 0x00008f00 - data4 0x00009200, 0x00009d00, 0x00003800, 0x0000f500 - data4 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100 - data4 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200 - data4 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00 - data4 0x00005f00, 0x00009700, 0x00004400, 0x00001700 - data4 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00 - data4 0x00006400, 0x00005d00, 0x00001900, 0x00007300 - data4 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00 - data4 0x00002200, 0x00002a00, 0x00009000, 0x00008800 - data4 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400 - data4 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00 - data4 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00 - data4 0x00004900, 0x00000600, 0x00002400, 0x00005c00 - data4 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200 - data4 0x00009100, 0x00009500, 0x0000e400, 0x00007900 - data4 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00 - data4 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900 - data4 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00 - data4 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800 - data4 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00 - data4 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600 - data4 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00 - data4 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00 - data4 0x00007000, 0x00003e00, 0x0000b500, 0x00006600 - data4 0x00004800, 0x00000300, 0x0000f600, 0x00000e00 - data4 0x00006100, 0x00003500, 0x00005700, 0x0000b900 - data4 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00 - data4 0x0000e100, 0x0000f800, 0x00009800, 0x00001100 - data4 0x00006900, 0x0000d900, 0x00008e00, 0x00009400 - data4 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900 - data4 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00 - data4 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00 - data4 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800 - data4 0x00004100, 0x00009900, 0x00002d00, 0x00000f00 - data4 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600 -// Te7: - data4 0x00000063, 0x0000007c, 0x00000077, 0x0000007b - data4 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5 - data4 0x00000030, 0x00000001, 0x00000067, 0x0000002b - data4 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076 - data4 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d - data4 0x000000fa, 0x00000059, 0x00000047, 0x000000f0 - data4 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af - data4 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0 - data4 0x000000b7, 0x000000fd, 0x00000093, 0x00000026 - data4 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc - data4 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1 - data4 0x00000071, 0x000000d8, 0x00000031, 0x00000015 - data4 0x00000004, 0x000000c7, 0x00000023, 0x000000c3 - data4 0x00000018, 0x00000096, 0x00000005, 0x0000009a - data4 0x00000007, 0x00000012, 0x00000080, 0x000000e2 - data4 0x000000eb, 0x00000027, 0x000000b2, 0x00000075 - data4 0x00000009, 0x00000083, 0x0000002c, 0x0000001a - data4 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0 - data4 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3 - data4 0x00000029, 0x000000e3, 0x0000002f, 0x00000084 - data4 0x00000053, 0x000000d1, 0x00000000, 0x000000ed - data4 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b - data4 0x0000006a, 0x000000cb, 0x000000be, 0x00000039 - data4 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf - data4 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb - data4 0x00000043, 0x0000004d, 0x00000033, 0x00000085 - data4 0x00000045, 0x000000f9, 0x00000002, 0x0000007f - data4 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8 - data4 0x00000051, 0x000000a3, 0x00000040, 0x0000008f - data4 0x00000092, 0x0000009d, 0x00000038, 0x000000f5 - data4 0x000000bc, 0x000000b6, 0x000000da, 0x00000021 - data4 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2 - data4 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec - data4 0x0000005f, 0x00000097, 0x00000044, 0x00000017 - data4 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d - data4 0x00000064, 0x0000005d, 0x00000019, 0x00000073 - data4 0x00000060, 0x00000081, 0x0000004f, 0x000000dc - data4 0x00000022, 0x0000002a, 0x00000090, 0x00000088 - data4 0x00000046, 0x000000ee, 0x000000b8, 0x00000014 - data4 0x000000de, 0x0000005e, 0x0000000b, 0x000000db - data4 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a - data4 0x00000049, 0x00000006, 0x00000024, 0x0000005c - data4 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062 - data4 0x00000091, 0x00000095, 0x000000e4, 0x00000079 - data4 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d - data4 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9 - data4 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea - data4 0x00000065, 0x0000007a, 0x000000ae, 0x00000008 - data4 0x000000ba, 0x00000078, 0x00000025, 0x0000002e - data4 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6 - data4 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f - data4 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a - data4 0x00000070, 0x0000003e, 0x000000b5, 0x00000066 - data4 0x00000048, 0x00000003, 0x000000f6, 0x0000000e - data4 0x00000061, 0x00000035, 0x00000057, 0x000000b9 - data4 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e - data4 0x000000e1, 0x000000f8, 0x00000098, 0x00000011 - data4 0x00000069, 0x000000d9, 0x0000008e, 0x00000094 - data4 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9 - data4 0x000000ce, 0x00000055, 0x00000028, 0x000000df - data4 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d - data4 0x000000bf, 0x000000e6, 0x00000042, 0x00000068 - data4 0x00000041, 0x00000099, 0x0000002d, 0x0000000f - data4 0x000000b0, 0x00000054, 0x000000bb, 0x00000016 -.size AES_Te#,8*256*4 // HP-UX assembler fails to ".-AES_Te#" + data1 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 + data1 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 + data1 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 + data1 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 + data1 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc + data1 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 + data1 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a + data1 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 + data1 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 + data1 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 + data1 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b + data1 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf + data1 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 + data1 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 + data1 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 + data1 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 + data1 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 + data1 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 + data1 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 + data1 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb + data1 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c + data1 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 + data1 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 + data1 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 + data1 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 + data1 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a + data1 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e + data1 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e + data1 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 + data1 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf + data1 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 + data1 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +.size AES_Te#,2048+256 // HP-UX assembler fails to ".-AES_Te#" .align 64 .global AES_Td# .type AES_Td#,@object -AES_Td: data4 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 - data4 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 - data4 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 - data4 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f - data4 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 - data4 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 - data4 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da - data4 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 - data4 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd - data4 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 - data4 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 - data4 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 - data4 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 - data4 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a - data4 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 - data4 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c - data4 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 - data4 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a - data4 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 - data4 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 - data4 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 - data4 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff - data4 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 - data4 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb - data4 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 - data4 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e - data4 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 - data4 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a - data4 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e - data4 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 - data4 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d - data4 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 - data4 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd - data4 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 - data4 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 - data4 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 - data4 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d - data4 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 - data4 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 - data4 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef - data4 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 - data4 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 - data4 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 - data4 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 - data4 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 - data4 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b - data4 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 - data4 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 - data4 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 - data4 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 - data4 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 - data4 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f - data4 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df - data4 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f - data4 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e - data4 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 - data4 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 - data4 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c - data4 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf - data4 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 - data4 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f - data4 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 - data4 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 - data4 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 -// Td1: - data4 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e - data4 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303 - data4 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c - data4 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3 - data4 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0 - data4 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9 - data4 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259 - data4 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8 - data4 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971 - data4 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a - data4 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f - data4 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b - data4 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8 - data4 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab - data4 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708 - data4 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682 - data4 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2 - data4 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe - data4 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb - data4 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10 - data4 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd - data4 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015 - data4 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e - data4 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee - data4 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000 - data4 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72 - data4 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39 - data4 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e - data4 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91 - data4 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a - data4 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17 - data4 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9 - data4 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60 - data4 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e - data4 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1 - data4 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611 - data4 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1 - data4 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3 - data4 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964 - data4 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390 - data4 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b - data4 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf - data4 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46 - data4 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af - data4 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512 - data4 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb - data4 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a - data4 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8 - data4 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c - data4 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266 - data4 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8 - data4 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6 - data4 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604 - data4 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551 - data4 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41 - data4 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647 - data4 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c - data4 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1 - data4 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737 - data4 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db - data4 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340 - data4 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95 - data4 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1 - data4 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 -// Td2: - data4 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27 - data4 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3 - data4 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502 - data4 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562 - data4 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe - data4 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3 - data4 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552 - data4 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9 - data4 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9 - data4 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce - data4 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253 - data4 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908 - data4 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b - data4 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655 - data4 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337 - data4 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16 - data4 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69 - data4 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6 - data4 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6 - data4 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e - data4 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6 - data4 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050 - data4 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9 - data4 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8 - data4 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000 - data4 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a - data4 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d - data4 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436 - data4 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b - data4 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12 - data4 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b - data4 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e - data4 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f - data4 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb - data4 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4 - data4 0xdccad731, 0x85104263, 0x22401397, 0x112084c6 - data4 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729 - data4 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1 - data4 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9 - data4 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233 - data4 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4 - data4 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad - data4 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e - data4 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3 - data4 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25 - data4 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b - data4 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f - data4 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15 - data4 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0 - data4 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2 - data4 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7 - data4 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791 - data4 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496 - data4 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665 - data4 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b - data4 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6 - data4 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13 - data4 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47 - data4 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7 - data4 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844 - data4 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3 - data4 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d - data4 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456 - data4 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 -// Td3: - data4 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a - data4 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b - data4 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5 - data4 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5 - data4 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d - data4 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b - data4 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95 - data4 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e - data4 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27 - data4 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d - data4 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562 - data4 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9 - data4 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752 - data4 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66 - data4 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3 - data4 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced - data4 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e - data4 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4 - data4 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4 - data4 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd - data4 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d - data4 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60 - data4 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767 - data4 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79 - data4 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000 - data4 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c - data4 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736 - data4 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24 - data4 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b - data4 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c - data4 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12 - data4 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814 - data4 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3 - data4 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b - data4 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8 - data4 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084 - data4 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7 - data4 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077 - data4 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247 - data4 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22 - data4 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698 - data4 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f - data4 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254 - data4 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582 - data4 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf - data4 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb - data4 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883 - data4 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef - data4 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629 - data4 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035 - data4 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533 - data4 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17 - data4 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4 - data4 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46 - data4 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb - data4 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d - data4 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb - data4 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a - data4 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73 - data4 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678 - data4 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2 - data4 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff - data4 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064 - data4 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 +AES_Td: data4 0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553 + data4 0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96 + data4 0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1 + data4 0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393 + data4 0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6 + data4 0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25 + data4 0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7 + data4 0x26354480,0x26354480, 0xb562a38f,0xb562a38f + data4 0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67 + data4 0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1 + data4 0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012 + data4 0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6 + data4 0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95 + data4 0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da + data4 0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3 + data4 0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844 + data4 0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978 + data4 0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd + data4 0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17 + data4 0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4 + data4 0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182 + data4 0x97513360,0x97513360, 0x62537f45,0x62537f45 + data4 0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84 + data4 0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94 + data4 0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19 + data4 0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7 + data4 0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2 + data4 0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a + data4 0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203 + data4 0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5 + data4 0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2 + data4 0x02036aba,0x02036aba, 0xed16825c,0xed16825c + data4 0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492 + data4 0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1 + data4 0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5 + data4 0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a + data4 0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0 + data4 0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75 + data4 0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa + data4 0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051 + data4 0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d + data4 0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46 + data4 0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05 + data4 0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff + data4 0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997 + data4 0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77 + data4 0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88 + data4 0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb + data4 0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9 + data4 0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000 + data4 0x09808683,0x09808683, 0x322bed48,0x322bed48 + data4 0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e + data4 0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856 + data4 0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927 + data4 0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621 + data4 0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a + data4 0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f + data4 0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e + data4 0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2 + data4 0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16 + data4 0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5 + data4 0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d + data4 0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad + data4 0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8 + data4 0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c + data4 0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd + data4 0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc + data4 0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34 + data4 0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc + data4 0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163 + data4 0xd731dcca,0xd731dcca, 0x42638510,0x42638510 + data4 0x13972240,0x13972240, 0x84c61120,0x84c61120 + data4 0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8 + data4 0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d + data4 0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3 + data4 0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0 + data4 0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999 + data4 0x119448fa,0x119448fa, 0x47e96422,0x47e96422 + data4 0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a + data4 0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef + data4 0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1 + data4 0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36 + data4 0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28 + data4 0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4 + data4 0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d + data4 0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662 + data4 0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8 + data4 0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5 + data4 0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c + data4 0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3 + data4 0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7 + data4 0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b + data4 0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4 + data4 0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8 + data4 0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e + data4 0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6 + data4 0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce + data4 0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6 + data4 0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331 + data4 0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0 + data4 0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6 + data4 0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815 + data4 0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7 + data4 0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f + data4 0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d + data4 0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df + data4 0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b + data4 0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f + data4 0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d + data4 0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e + data4 0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252 + data4 0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713 + data4 0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a + data4 0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89 + data4 0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935 + data4 0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c + data4 0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f + data4 0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf + data4 0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b + data4 0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86 + data4 0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e + data4 0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f + data4 0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c + data4 0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541 + data4 0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de + data4 0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190 + data4 0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670 + data4 0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742 // Td4: - data4 0x52000000, 0x09000000, 0x6a000000, 0xd5000000 - data4 0x30000000, 0x36000000, 0xa5000000, 0x38000000 - data4 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000 - data4 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000 - data4 0x7c000000, 0xe3000000, 0x39000000, 0x82000000 - data4 0x9b000000, 0x2f000000, 0xff000000, 0x87000000 - data4 0x34000000, 0x8e000000, 0x43000000, 0x44000000 - data4 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000 - data4 0x54000000, 0x7b000000, 0x94000000, 0x32000000 - data4 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000 - data4 0xee000000, 0x4c000000, 0x95000000, 0x0b000000 - data4 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000 - data4 0x08000000, 0x2e000000, 0xa1000000, 0x66000000 - data4 0x28000000, 0xd9000000, 0x24000000, 0xb2000000 - data4 0x76000000, 0x5b000000, 0xa2000000, 0x49000000 - data4 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000 - data4 0x72000000, 0xf8000000, 0xf6000000, 0x64000000 - data4 0x86000000, 0x68000000, 0x98000000, 0x16000000 - data4 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000 - data4 0x5d000000, 0x65000000, 0xb6000000, 0x92000000 - data4 0x6c000000, 0x70000000, 0x48000000, 0x50000000 - data4 0xfd000000, 0xed000000, 0xb9000000, 0xda000000 - data4 0x5e000000, 0x15000000, 0x46000000, 0x57000000 - data4 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000 - data4 0x90000000, 0xd8000000, 0xab000000, 0x00000000 - data4 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000 - data4 0xf7000000, 0xe4000000, 0x58000000, 0x05000000 - data4 0xb8000000, 0xb3000000, 0x45000000, 0x06000000 - data4 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000 - data4 0xca000000, 0x3f000000, 0x0f000000, 0x02000000 - data4 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000 - data4 0x01000000, 0x13000000, 0x8a000000, 0x6b000000 - data4 0x3a000000, 0x91000000, 0x11000000, 0x41000000 - data4 0x4f000000, 0x67000000, 0xdc000000, 0xea000000 - data4 0x97000000, 0xf2000000, 0xcf000000, 0xce000000 - data4 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000 - data4 0x96000000, 0xac000000, 0x74000000, 0x22000000 - data4 0xe7000000, 0xad000000, 0x35000000, 0x85000000 - data4 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000 - data4 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000 - data4 0x47000000, 0xf1000000, 0x1a000000, 0x71000000 - data4 0x1d000000, 0x29000000, 0xc5000000, 0x89000000 - data4 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000 - data4 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000 - data4 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000 - data4 0xc6000000, 0xd2000000, 0x79000000, 0x20000000 - data4 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000 - data4 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000 - data4 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000 - data4 0x88000000, 0x07000000, 0xc7000000, 0x31000000 - data4 0xb1000000, 0x12000000, 0x10000000, 0x59000000 - data4 0x27000000, 0x80000000, 0xec000000, 0x5f000000 - data4 0x60000000, 0x51000000, 0x7f000000, 0xa9000000 - data4 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000 - data4 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000 - data4 0x93000000, 0xc9000000, 0x9c000000, 0xef000000 - data4 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000 - data4 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000 - data4 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000 - data4 0x83000000, 0x53000000, 0x99000000, 0x61000000 - data4 0x17000000, 0x2b000000, 0x04000000, 0x7e000000 - data4 0xba000000, 0x77000000, 0xd6000000, 0x26000000 - data4 0xe1000000, 0x69000000, 0x14000000, 0x63000000 - data4 0x55000000, 0x21000000, 0x0c000000, 0x7d000000 -// Td5: - data4 0x00520000, 0x00090000, 0x006a0000, 0x00d50000 - data4 0x00300000, 0x00360000, 0x00a50000, 0x00380000 - data4 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000 - data4 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000 - data4 0x007c0000, 0x00e30000, 0x00390000, 0x00820000 - data4 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000 - data4 0x00340000, 0x008e0000, 0x00430000, 0x00440000 - data4 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000 - data4 0x00540000, 0x007b0000, 0x00940000, 0x00320000 - data4 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000 - data4 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000 - data4 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000 - data4 0x00080000, 0x002e0000, 0x00a10000, 0x00660000 - data4 0x00280000, 0x00d90000, 0x00240000, 0x00b20000 - data4 0x00760000, 0x005b0000, 0x00a20000, 0x00490000 - data4 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000 - data4 0x00720000, 0x00f80000, 0x00f60000, 0x00640000 - data4 0x00860000, 0x00680000, 0x00980000, 0x00160000 - data4 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000 - data4 0x005d0000, 0x00650000, 0x00b60000, 0x00920000 - data4 0x006c0000, 0x00700000, 0x00480000, 0x00500000 - data4 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000 - data4 0x005e0000, 0x00150000, 0x00460000, 0x00570000 - data4 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000 - data4 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000 - data4 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000 - data4 0x00f70000, 0x00e40000, 0x00580000, 0x00050000 - data4 0x00b80000, 0x00b30000, 0x00450000, 0x00060000 - data4 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000 - data4 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000 - data4 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000 - data4 0x00010000, 0x00130000, 0x008a0000, 0x006b0000 - data4 0x003a0000, 0x00910000, 0x00110000, 0x00410000 - data4 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000 - data4 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000 - data4 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000 - data4 0x00960000, 0x00ac0000, 0x00740000, 0x00220000 - data4 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000 - data4 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000 - data4 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000 - data4 0x00470000, 0x00f10000, 0x001a0000, 0x00710000 - data4 0x001d0000, 0x00290000, 0x00c50000, 0x00890000 - data4 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000 - data4 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000 - data4 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000 - data4 0x00c60000, 0x00d20000, 0x00790000, 0x00200000 - data4 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000 - data4 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000 - data4 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000 - data4 0x00880000, 0x00070000, 0x00c70000, 0x00310000 - data4 0x00b10000, 0x00120000, 0x00100000, 0x00590000 - data4 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000 - data4 0x00600000, 0x00510000, 0x007f0000, 0x00a90000 - data4 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000 - data4 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000 - data4 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000 - data4 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000 - data4 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000 - data4 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000 - data4 0x00830000, 0x00530000, 0x00990000, 0x00610000 - data4 0x00170000, 0x002b0000, 0x00040000, 0x007e0000 - data4 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000 - data4 0x00e10000, 0x00690000, 0x00140000, 0x00630000 - data4 0x00550000, 0x00210000, 0x000c0000, 0x007d0000 -// Td6: - data4 0x00005200, 0x00000900, 0x00006a00, 0x0000d500 - data4 0x00003000, 0x00003600, 0x0000a500, 0x00003800 - data4 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00 - data4 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00 - data4 0x00007c00, 0x0000e300, 0x00003900, 0x00008200 - data4 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700 - data4 0x00003400, 0x00008e00, 0x00004300, 0x00004400 - data4 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00 - data4 0x00005400, 0x00007b00, 0x00009400, 0x00003200 - data4 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00 - data4 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00 - data4 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00 - data4 0x00000800, 0x00002e00, 0x0000a100, 0x00006600 - data4 0x00002800, 0x0000d900, 0x00002400, 0x0000b200 - data4 0x00007600, 0x00005b00, 0x0000a200, 0x00004900 - data4 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500 - data4 0x00007200, 0x0000f800, 0x0000f600, 0x00006400 - data4 0x00008600, 0x00006800, 0x00009800, 0x00001600 - data4 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00 - data4 0x00005d00, 0x00006500, 0x0000b600, 0x00009200 - data4 0x00006c00, 0x00007000, 0x00004800, 0x00005000 - data4 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00 - data4 0x00005e00, 0x00001500, 0x00004600, 0x00005700 - data4 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400 - data4 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000 - data4 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00 - data4 0x0000f700, 0x0000e400, 0x00005800, 0x00000500 - data4 0x0000b800, 0x0000b300, 0x00004500, 0x00000600 - data4 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00 - data4 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200 - data4 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300 - data4 0x00000100, 0x00001300, 0x00008a00, 0x00006b00 - data4 0x00003a00, 0x00009100, 0x00001100, 0x00004100 - data4 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00 - data4 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00 - data4 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300 - data4 0x00009600, 0x0000ac00, 0x00007400, 0x00002200 - data4 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500 - data4 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800 - data4 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00 - data4 0x00004700, 0x0000f100, 0x00001a00, 0x00007100 - data4 0x00001d00, 0x00002900, 0x0000c500, 0x00008900 - data4 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00 - data4 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00 - data4 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00 - data4 0x0000c600, 0x0000d200, 0x00007900, 0x00002000 - data4 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00 - data4 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400 - data4 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300 - data4 0x00008800, 0x00000700, 0x0000c700, 0x00003100 - data4 0x0000b100, 0x00001200, 0x00001000, 0x00005900 - data4 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00 - data4 0x00006000, 0x00005100, 0x00007f00, 0x0000a900 - data4 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00 - data4 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00 - data4 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00 - data4 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00 - data4 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000 - data4 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00 - data4 0x00008300, 0x00005300, 0x00009900, 0x00006100 - data4 0x00001700, 0x00002b00, 0x00000400, 0x00007e00 - data4 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600 - data4 0x0000e100, 0x00006900, 0x00001400, 0x00006300 - data4 0x00005500, 0x00002100, 0x00000c00, 0x00007d00 -// Td7: - data4 0x00000052, 0x00000009, 0x0000006a, 0x000000d5 - data4 0x00000030, 0x00000036, 0x000000a5, 0x00000038 - data4 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e - data4 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb - data4 0x0000007c, 0x000000e3, 0x00000039, 0x00000082 - data4 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087 - data4 0x00000034, 0x0000008e, 0x00000043, 0x00000044 - data4 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb - data4 0x00000054, 0x0000007b, 0x00000094, 0x00000032 - data4 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d - data4 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b - data4 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e - data4 0x00000008, 0x0000002e, 0x000000a1, 0x00000066 - data4 0x00000028, 0x000000d9, 0x00000024, 0x000000b2 - data4 0x00000076, 0x0000005b, 0x000000a2, 0x00000049 - data4 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025 - data4 0x00000072, 0x000000f8, 0x000000f6, 0x00000064 - data4 0x00000086, 0x00000068, 0x00000098, 0x00000016 - data4 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc - data4 0x0000005d, 0x00000065, 0x000000b6, 0x00000092 - data4 0x0000006c, 0x00000070, 0x00000048, 0x00000050 - data4 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da - data4 0x0000005e, 0x00000015, 0x00000046, 0x00000057 - data4 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084 - data4 0x00000090, 0x000000d8, 0x000000ab, 0x00000000 - data4 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a - data4 0x000000f7, 0x000000e4, 0x00000058, 0x00000005 - data4 0x000000b8, 0x000000b3, 0x00000045, 0x00000006 - data4 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f - data4 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002 - data4 0x000000c1, 0x000000af, 0x000000bd, 0x00000003 - data4 0x00000001, 0x00000013, 0x0000008a, 0x0000006b - data4 0x0000003a, 0x00000091, 0x00000011, 0x00000041 - data4 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea - data4 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce - data4 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073 - data4 0x00000096, 0x000000ac, 0x00000074, 0x00000022 - data4 0x000000e7, 0x000000ad, 0x00000035, 0x00000085 - data4 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8 - data4 0x0000001c, 0x00000075, 0x000000df, 0x0000006e - data4 0x00000047, 0x000000f1, 0x0000001a, 0x00000071 - data4 0x0000001d, 0x00000029, 0x000000c5, 0x00000089 - data4 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e - data4 0x000000aa, 0x00000018, 0x000000be, 0x0000001b - data4 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b - data4 0x000000c6, 0x000000d2, 0x00000079, 0x00000020 - data4 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe - data4 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4 - data4 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033 - data4 0x00000088, 0x00000007, 0x000000c7, 0x00000031 - data4 0x000000b1, 0x00000012, 0x00000010, 0x00000059 - data4 0x00000027, 0x00000080, 0x000000ec, 0x0000005f - data4 0x00000060, 0x00000051, 0x0000007f, 0x000000a9 - data4 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d - data4 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f - data4 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef - data4 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d - data4 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0 - data4 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c - data4 0x00000083, 0x00000053, 0x00000099, 0x00000061 - data4 0x00000017, 0x0000002b, 0x00000004, 0x0000007e - data4 0x000000ba, 0x00000077, 0x000000d6, 0x00000026 - data4 0x000000e1, 0x00000069, 0x00000014, 0x00000063 - data4 0x00000055, 0x00000021, 0x0000000c, 0x0000007d -.size AES_Td#,8*256*4 // HP-UX assembler fails to ".-AES_Td#" + data1 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 + data1 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb + data1 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 + data1 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb + data1 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d + data1 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e + data1 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 + data1 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 + data1 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 + data1 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 + data1 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda + data1 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 + data1 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a + data1 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 + data1 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 + data1 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b + data1 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea + data1 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 + data1 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 + data1 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e + data1 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 + data1 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b + data1 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 + data1 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 + data1 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 + data1 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f + data1 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d + data1 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef + data1 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 + data1 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 + data1 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 + data1 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +.size AES_Td#,2048+256 // HP-UX assembler fails to ".-AES_Td#" diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl new file mode 100755 index 0000000000000..44e0bf8cae3ae --- /dev/null +++ b/crypto/aes/asm/aes-x86_64.pl @@ -0,0 +1,1578 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# Version 1.2. +# +# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on +# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version +# [you'll notice a lot of resemblance], such as compressed S-boxes +# in little-endian byte order, prefetch of these tables in CBC mode, +# as well as avoiding L1 cache aliasing between stack frame and key +# schedule and already mentioned tables, compressed Td4... +# +# Performance in number of cycles per processed byte for 128-bit key: +# +# ECB CBC encrypt +# AMD64 13.7 13.0(*) +# EM64T 20.2 18.6(*) +# +# (*) CBC benchmarks are better than ECB thanks to custom ABI used +# by the private block encryption function. + +$verticalspin=1; # unlike 32-bit version $verticalspin performs + # ~15% better on both AMD and Intel cores +$output=shift; +open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; + +$code=".text\n"; + +$s0="%eax"; +$s1="%ebx"; +$s2="%ecx"; +$s3="%edx"; +$acc0="%esi"; +$acc1="%edi"; +$acc2="%ebp"; +$inp="%r8"; +$out="%r9"; +$t0="%r10d"; +$t1="%r11d"; +$t2="%r12d"; +$rnds="%r13d"; +$sbox="%r14"; +$key="%r15"; + +sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } +sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; + $r =~ s/%[er]([sd]i)/%\1l/; + $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } +sub _data_word() +{ my $i; + while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } +} +sub data_word() +{ my $i; + my $last=pop(@_); + $code.=".long\t"; + while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } + $code.=sprintf"0x%08x\n",$last; +} + +sub data_byte() +{ my $i; + my $last=pop(@_); + $code.=".byte\t"; + while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } + $code.=sprintf"0x%02x\n",$last&0xff; +} + +sub encvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + # favor 3-way issue Opteron pipeline... + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + mov 0($sbox,$acc0,8),$t0 + mov 0($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t2 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb `&lo("$s3")`,$acc2 + xor 3($sbox,$acc0,8),$t0 + xor 3($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t3 + + movzb `&hi("$s3")`,$acc0 + shr \$16,$s2 + movzb `&hi("$s0")`,$acc2 + xor 3($sbox,$acc0,8),$t2 + shr \$16,$s3 + xor 3($sbox,$acc2,8),$t3 + + shr \$16,$s1 + lea 16($key),$key + shr \$16,$s0 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + xor 2($sbox,$acc0,8),$t0 + xor 2($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb `&lo("$s1")`,$acc2 + xor 1($sbox,$acc0,8),$t0 + xor 1($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t3 + + mov 12($key),$s3 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + mov 0($key),$s0 + xor 1($sbox,$acc1,8),$t2 + xor 1($sbox,$acc2,8),$t3 + + mov 4($key),$s1 + mov 8($key),$s2 + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub enclastvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + mov 2($sbox,$acc0,8),$t0 + mov 2($sbox,$acc1,8),$t1 + mov 2($sbox,$acc2,8),$t2 + + and \$0x000000ff,$t0 + and \$0x000000ff,$t1 + and \$0x000000ff,$t2 + + movzb `&lo("$s3")`,$acc0 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + mov 2($sbox,$acc0,8),$t3 + mov 0($sbox,$acc1,8),$acc1 #$t0 + mov 0($sbox,$acc2,8),$acc2 #$t1 + + and \$0x000000ff,$t3 + and \$0x0000ff00,$acc1 + and \$0x0000ff00,$acc2 + + xor $acc1,$t0 + xor $acc2,$t1 + shr \$16,$s2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + shr \$16,$s3 + mov 0($sbox,$acc0,8),$acc0 #$t2 + mov 0($sbox,$acc1,8),$acc1 #$t3 + + and \$0x0000ff00,$acc0 + and \$0x0000ff00,$acc1 + shr \$16,$s1 + xor $acc0,$t2 + xor $acc1,$t3 + shr \$16,$s0 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + mov 0($sbox,$acc0,8),$acc0 #$t0 + mov 0($sbox,$acc1,8),$acc1 #$t1 + mov 0($sbox,$acc2,8),$acc2 #$t2 + + and \$0x00ff0000,$acc0 + and \$0x00ff0000,$acc1 + and \$0x00ff0000,$acc2 + + xor $acc0,$t0 + xor $acc1,$t1 + xor $acc2,$t2 + + movzb `&lo("$s1")`,$acc0 + movzb `&hi("$s3")`,$acc1 + movzb `&hi("$s0")`,$acc2 + mov 0($sbox,$acc0,8),$acc0 #$t3 + mov 2($sbox,$acc1,8),$acc1 #$t0 + mov 2($sbox,$acc2,8),$acc2 #$t1 + + and \$0x00ff0000,$acc0 + and \$0xff000000,$acc1 + and \$0xff000000,$acc2 + + xor $acc0,$t3 + xor $acc1,$t0 + xor $acc2,$t1 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + mov 16+12($key),$s3 + mov 2($sbox,$acc0,8),$acc0 #$t2 + mov 2($sbox,$acc1,8),$acc1 #$t3 + mov 16+0($key),$s0 + + and \$0xff000000,$acc0 + and \$0xff000000,$acc1 + + xor $acc0,$t2 + xor $acc1,$t3 + + mov 16+4($key),$s1 + mov 16+8($key),$s2 + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub encstep() +{ my ($i,@s) = @_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + if ($i==3) { + $tmp0=$s[1]; + $tmp1=$s[2]; + $tmp2=$s[3]; + } + $code.=" movzb ".&lo($s[0]).",$out\n"; + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" lea 16($key),$key\n" if ($i==0); + + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" mov 0($sbox,$out,8),$out\n"; + + $code.=" shr \$16,$tmp1\n"; + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + $code.=" xor 3($sbox,$tmp0,8),$out\n"; + + $code.=" movzb ".&lo($tmp1).",$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + $code.=" xor 4*$i($key),$out\n"; + + $code.=" xor 2($sbox,$tmp1,8),$out\n"; + $code.=" xor 1($sbox,$tmp2,8),$out\n"; + + $code.=" mov $t0,$s[1]\n" if ($i==3); + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" mov $t2,$s[3]\n" if ($i==3); + $code.="\n"; +} + +sub enclast() +{ my ($i,@s)=@_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + if ($i==3) { + $tmp0=$s[1]; + $tmp1=$s[2]; + $tmp2=$s[3]; + } + $code.=" movzb ".&lo($s[0]).",$out\n"; + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + + $code.=" mov 2($sbox,$out,8),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $code.=" and \$0x000000ff,$out\n"; + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" movzb ".&lo($tmp1).",$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; + $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; + $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; + + $code.=" and \$0x0000ff00,$tmp0\n"; + $code.=" and \$0x00ff0000,$tmp1\n"; + $code.=" and \$0xff000000,$tmp2\n"; + + $code.=" xor $tmp0,$out\n"; + $code.=" mov $t0,$s[1]\n" if ($i==3); + $code.=" xor $tmp1,$out\n"; + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" xor $tmp2,$out\n"; + $code.=" mov $t2,$s[3]\n" if ($i==3); + $code.="\n"; +} + +$code.=<<___; +.type _x86_64_AES_encrypt,\@abi-omnipotent +.align 16 +_x86_64_AES_encrypt: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + + mov 240($key),$rnds # load key->rounds + sub \$1,$rnds + jmp .Lenc_loop +.align 16 +.Lenc_loop: +___ + if ($verticalspin) { &encvert(); } + else { &encstep(0,$s0,$s1,$s2,$s3); + &encstep(1,$s1,$s2,$s3,$s0); + &encstep(2,$s2,$s3,$s0,$s1); + &encstep(3,$s3,$s0,$s1,$s2); + } +$code.=<<___; + sub \$1,$rnds + jnz .Lenc_loop +___ + if ($verticalspin) { &enclastvert(); } + else { &enclast(0,$s0,$s1,$s2,$s3); + &enclast(1,$s1,$s2,$s3,$s0); + &enclast(2,$s2,$s3,$s0,$s1); + &enclast(3,$s3,$s0,$s1,$s2); + $code.=<<___; + xor 16+0($key),$s0 # xor with key + xor 16+4($key),$s1 + xor 16+8($key),$s2 + xor 16+12($key),$s3 +___ + } +$code.=<<___; + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt +___ + +# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); +$code.=<<___; +.globl AES_encrypt +.type AES_encrypt,\@function,3 +.align 16 +AES_encrypt: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov %rdx,$key + mov %rdi,$inp + mov %rsi,$out + + .picmeup $sbox + lea AES_Te-.($sbox),$sbox + + mov 0($inp),$s0 + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + + call _x86_64_AES_encrypt + + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + ret +.size AES_encrypt,.-AES_encrypt +___ + +#------------------------------------------------------------------# + +sub decvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + # favor 3-way issue Opteron pipeline... + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + mov 0($sbox,$acc0,8),$t0 + mov 0($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb `&lo("$s3")`,$acc2 + xor 3($sbox,$acc0,8),$t0 + xor 3($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t3 + + movzb `&hi("$s1")`,$acc0 + shr \$16,$s0 + movzb `&hi("$s2")`,$acc2 + xor 3($sbox,$acc0,8),$t2 + shr \$16,$s3 + xor 3($sbox,$acc2,8),$t3 + + shr \$16,$s1 + lea 16($key),$key + shr \$16,$s2 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + xor 2($sbox,$acc0,8),$t0 + xor 2($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t2 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb `&lo("$s1")`,$acc2 + xor 1($sbox,$acc0,8),$t0 + xor 1($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t3 + + movzb `&hi("$s3")`,$acc0 + mov 12($key),$s3 + movzb `&hi("$s0")`,$acc2 + xor 1($sbox,$acc0,8),$t2 + mov 0($key),$s0 + xor 1($sbox,$acc2,8),$t3 + + xor $t0,$s0 + mov 4($key),$s1 + mov 8($key),$s2 + xor $t2,$s2 + xor $t1,$s1 + xor $t3,$s3 +___ +} + +sub declastvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + movzb 2048($sbox,$acc0,1),$t0 + movzb 2048($sbox,$acc1,1),$t1 + movzb 2048($sbox,$acc2,1),$t2 + + movzb `&lo("$s3")`,$acc0 + movzb `&hi("$s3")`,$acc1 + movzb `&hi("$s0")`,$acc2 + movzb 2048($sbox,$acc0,1),$t3 + movzb 2048($sbox,$acc1,1),$acc1 #$t0 + movzb 2048($sbox,$acc2,1),$acc2 #$t1 + + shl \$8,$acc1 + shl \$8,$acc2 + + xor $acc1,$t0 + xor $acc2,$t1 + shr \$16,$s3 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + shr \$16,$s0 + movzb 2048($sbox,$acc0,1),$acc0 #$t2 + movzb 2048($sbox,$acc1,1),$acc1 #$t3 + + shl \$8,$acc0 + shl \$8,$acc1 + shr \$16,$s1 + xor $acc0,$t2 + xor $acc1,$t3 + shr \$16,$s2 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + movzb 2048($sbox,$acc0,1),$acc0 #$t0 + movzb 2048($sbox,$acc1,1),$acc1 #$t1 + movzb 2048($sbox,$acc2,1),$acc2 #$t2 + + shl \$16,$acc0 + shl \$16,$acc1 + shl \$16,$acc2 + + xor $acc0,$t0 + xor $acc1,$t1 + xor $acc2,$t2 + + movzb `&lo("$s1")`,$acc0 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + movzb 2048($sbox,$acc0,1),$acc0 #$t3 + movzb 2048($sbox,$acc1,1),$acc1 #$t0 + movzb 2048($sbox,$acc2,1),$acc2 #$t1 + + shl \$16,$acc0 + shl \$24,$acc1 + shl \$24,$acc2 + + xor $acc0,$t3 + xor $acc1,$t0 + xor $acc2,$t1 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + mov 16+12($key),$s3 + movzb 2048($sbox,$acc0,1),$acc0 #$t2 + movzb 2048($sbox,$acc1,1),$acc1 #$t3 + mov 16+0($key),$s0 + + shl \$24,$acc0 + shl \$24,$acc1 + + xor $acc0,$t2 + xor $acc1,$t3 + + mov 16+4($key),$s1 + mov 16+8($key),$s2 + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub decstep() +{ my ($i,@s) = @_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + $code.=" mov $s[0],$out\n" if ($i!=3); + $tmp1=$s[2] if ($i==3); + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" and \$0xFF,$out\n"; + + $code.=" mov 0($sbox,$out,8),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $tmp2=$s[3] if ($i==3); + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $tmp0=$s[1] if ($i==3); + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" and \$0xFF,$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" xor 3($sbox,$tmp0,8),$out\n"; + $code.=" xor 2($sbox,$tmp1,8),$out\n"; + $code.=" xor 1($sbox,$tmp2,8),$out\n"; + + $code.=" mov $t2,$s[1]\n" if ($i==3); + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" mov $t0,$s[3]\n" if ($i==3); + $code.="\n"; +} + +sub declast() +{ my ($i,@s)=@_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + $code.=" mov $s[0],$out\n" if ($i!=3); + $tmp1=$s[2] if ($i==3); + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" and \$0xFF,$out\n"; + + $code.=" movzb 2048($sbox,$out,1),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $tmp2=$s[3] if ($i==3); + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $tmp0=$s[1] if ($i==3); + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" and \$0xFF,$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; + $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; + $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; + + $code.=" shl \$8,$tmp0\n"; + $code.=" shl \$16,$tmp1\n"; + $code.=" shl \$24,$tmp2\n"; + + $code.=" xor $tmp0,$out\n"; + $code.=" mov $t2,$s[1]\n" if ($i==3); + $code.=" xor $tmp1,$out\n"; + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" xor $tmp2,$out\n"; + $code.=" mov $t0,$s[3]\n" if ($i==3); + $code.="\n"; +} + +$code.=<<___; +.type _x86_64_AES_decrypt,\@abi-omnipotent +.align 16 +_x86_64_AES_decrypt: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + + mov 240($key),$rnds # load key->rounds + sub \$1,$rnds + jmp .Ldec_loop +.align 16 +.Ldec_loop: +___ + if ($verticalspin) { &decvert(); } + else { &decstep(0,$s0,$s3,$s2,$s1); + &decstep(1,$s1,$s0,$s3,$s2); + &decstep(2,$s2,$s1,$s0,$s3); + &decstep(3,$s3,$s2,$s1,$s0); + $code.=<<___; + lea 16($key),$key + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 +___ + } +$code.=<<___; + sub \$1,$rnds + jnz .Ldec_loop +___ + if ($verticalspin) { &declastvert(); } + else { &declast(0,$s0,$s3,$s2,$s1); + &declast(1,$s1,$s0,$s3,$s2); + &declast(2,$s2,$s1,$s0,$s3); + &declast(3,$s3,$s2,$s1,$s0); + $code.=<<___; + xor 16+0($key),$s0 # xor with key + xor 16+4($key),$s1 + xor 16+8($key),$s2 + xor 16+12($key),$s3 +___ + } +$code.=<<___; + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt +___ + +# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +$code.=<<___; +.globl AES_decrypt +.type AES_decrypt,\@function,3 +.align 16 +AES_decrypt: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov %rdx,$key + mov %rdi,$inp + mov %rsi,$out + + .picmeup $sbox + lea AES_Td-.($sbox),$sbox + + # prefetch Td4 + lea 2048+128($sbox),$sbox; + mov 0-128($sbox),$s0 + mov 32-128($sbox),$s1 + mov 64-128($sbox),$s2 + mov 96-128($sbox),$s3 + mov 128-128($sbox),$s0 + mov 160-128($sbox),$s1 + mov 192-128($sbox),$s2 + mov 224-128($sbox),$s3 + lea -2048-128($sbox),$sbox; + + mov 0($inp),$s0 + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + + call _x86_64_AES_decrypt + + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + ret +.size AES_decrypt,.-AES_decrypt +___ +#------------------------------------------------------------------# + +sub enckey() +{ +$code.=<<___; + movz %dl,%esi # rk[i]>>0 + mov 2(%rbp,%rsi,8),%ebx + movz %dh,%esi # rk[i]>>8 + and \$0xFF000000,%ebx + xor %ebx,%eax + + mov 2(%rbp,%rsi,8),%ebx + shr \$16,%edx + and \$0x000000FF,%ebx + movz %dl,%esi # rk[i]>>16 + xor %ebx,%eax + + mov 0(%rbp,%rsi,8),%ebx + movz %dh,%esi # rk[i]>>24 + and \$0x0000FF00,%ebx + xor %ebx,%eax + + mov 0(%rbp,%rsi,8),%ebx + and \$0x00FF0000,%ebx + xor %ebx,%eax + + xor 2048(%rbp,%rcx,4),%eax # rcon +___ +} + +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +$code.=<<___; +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function,3 +.align 16 +AES_set_encrypt_key: + push %rbx + push %rbp + + mov %esi,%ecx # %ecx=bits + mov %rdi,%rsi # %rsi=userKey + mov %rdx,%rdi # %rdi=key + + test \$-1,%rsi + jz .Lbadpointer + test \$-1,%rdi + jz .Lbadpointer + + .picmeup %rbp + lea AES_Te-.(%rbp),%rbp + + cmp \$128,%ecx + je .L10rounds + cmp \$192,%ecx + je .L12rounds + cmp \$256,%ecx + je .L14rounds + mov \$-2,%rax # invalid number of bits + jmp .Lexit + +.L10rounds: + mov 0(%rsi),%eax # copy first 4 dwords + mov 4(%rsi),%ebx + mov 8(%rsi),%ecx + mov 12(%rsi),%edx + mov %eax,0(%rdi) + mov %ebx,4(%rdi) + mov %ecx,8(%rdi) + mov %edx,12(%rdi) + + xor %ecx,%ecx + jmp .L10shortcut +.align 4 +.L10loop: + mov 0(%rdi),%eax # rk[0] + mov 12(%rdi),%edx # rk[3] +.L10shortcut: +___ + &enckey (); +$code.=<<___; + mov %eax,16(%rdi) # rk[4] + xor 4(%rdi),%eax + mov %eax,20(%rdi) # rk[5] + xor 8(%rdi),%eax + mov %eax,24(%rdi) # rk[6] + xor 12(%rdi),%eax + mov %eax,28(%rdi) # rk[7] + add \$1,%ecx + lea 16(%rdi),%rdi + cmp \$10,%ecx + jl .L10loop + + movl \$10,80(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.L12rounds: + mov 0(%rsi),%eax # copy first 6 dwords + mov 4(%rsi),%ebx + mov 8(%rsi),%ecx + mov 12(%rsi),%edx + mov %eax,0(%rdi) + mov %ebx,4(%rdi) + mov %ecx,8(%rdi) + mov %edx,12(%rdi) + mov 16(%rsi),%ecx + mov 20(%rsi),%edx + mov %ecx,16(%rdi) + mov %edx,20(%rdi) + + xor %ecx,%ecx + jmp .L12shortcut +.align 4 +.L12loop: + mov 0(%rdi),%eax # rk[0] + mov 20(%rdi),%edx # rk[5] +.L12shortcut: +___ + &enckey (); +$code.=<<___; + mov %eax,24(%rdi) # rk[6] + xor 4(%rdi),%eax + mov %eax,28(%rdi) # rk[7] + xor 8(%rdi),%eax + mov %eax,32(%rdi) # rk[8] + xor 12(%rdi),%eax + mov %eax,36(%rdi) # rk[9] + + cmp \$7,%ecx + je .L12break + add \$1,%ecx + + xor 16(%rdi),%eax + mov %eax,40(%rdi) # rk[10] + xor 20(%rdi),%eax + mov %eax,44(%rdi) # rk[11] + + lea 24(%rdi),%rdi + jmp .L12loop +.L12break: + movl \$12,72(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.L14rounds: + mov 0(%rsi),%eax # copy first 8 dwords + mov 4(%rsi),%ebx + mov 8(%rsi),%ecx + mov 12(%rsi),%edx + mov %eax,0(%rdi) + mov %ebx,4(%rdi) + mov %ecx,8(%rdi) + mov %edx,12(%rdi) + mov 16(%rsi),%eax + mov 20(%rsi),%ebx + mov 24(%rsi),%ecx + mov 28(%rsi),%edx + mov %eax,16(%rdi) + mov %ebx,20(%rdi) + mov %ecx,24(%rdi) + mov %edx,28(%rdi) + + xor %ecx,%ecx + jmp .L14shortcut +.align 4 +.L14loop: + mov 28(%rdi),%edx # rk[4] +.L14shortcut: + mov 0(%rdi),%eax # rk[0] +___ + &enckey (); +$code.=<<___; + mov %eax,32(%rdi) # rk[8] + xor 4(%rdi),%eax + mov %eax,36(%rdi) # rk[9] + xor 8(%rdi),%eax + mov %eax,40(%rdi) # rk[10] + xor 12(%rdi),%eax + mov %eax,44(%rdi) # rk[11] + + cmp \$6,%ecx + je .L14break + add \$1,%ecx + + mov %eax,%edx + mov 16(%rdi),%eax # rk[4] + movz %dl,%esi # rk[11]>>0 + mov 2(%rbp,%rsi,8),%ebx + movz %dh,%esi # rk[11]>>8 + and \$0x000000FF,%ebx + xor %ebx,%eax + + mov 0(%rbp,%rsi,8),%ebx + shr \$16,%edx + and \$0x0000FF00,%ebx + movz %dl,%esi # rk[11]>>16 + xor %ebx,%eax + + mov 0(%rbp,%rsi,8),%ebx + movz %dh,%esi # rk[11]>>24 + and \$0x00FF0000,%ebx + xor %ebx,%eax + + mov 2(%rbp,%rsi,8),%ebx + and \$0xFF000000,%ebx + xor %ebx,%eax + + mov %eax,48(%rdi) # rk[12] + xor 20(%rdi),%eax + mov %eax,52(%rdi) # rk[13] + xor 24(%rdi),%eax + mov %eax,56(%rdi) # rk[14] + xor 28(%rdi),%eax + mov %eax,60(%rdi) # rk[15] + + lea 32(%rdi),%rdi + jmp .L14loop +.L14break: + movl \$14,48(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.Lbadpointer: + mov \$-1,%rax +.Lexit: + pop %rbp + pop %rbx + ret +.size AES_set_encrypt_key,.-AES_set_encrypt_key +___ + +sub deckey() +{ my ($i,$ptr,$te,$td) = @_; +$code.=<<___; + mov $i($ptr),%eax + mov %eax,%edx + movz %ah,%ebx + shr \$16,%edx + and \$0xFF,%eax + movzb 2($te,%rax,8),%rax + movzb 2($te,%rbx,8),%rbx + mov 0($td,%rax,8),%eax + xor 3($td,%rbx,8),%eax + movzb %dh,%ebx + and \$0xFF,%edx + movzb 2($te,%rdx,8),%rdx + movzb 2($te,%rbx,8),%rbx + xor 2($td,%rdx,8),%eax + xor 1($td,%rbx,8),%eax + mov %eax,$i($ptr) +___ +} + +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +$code.=<<___; +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function,3 +.align 16 +AES_set_decrypt_key: + push %rdx + call AES_set_encrypt_key + cmp \$0,%eax + je .Lproceed + lea 24(%rsp),%rsp + ret +.Lproceed: + mov (%rsp),%r8 # restore key schedule + mov %rbx,(%rsp) + + mov 240(%r8),%ecx # pull number of rounds + xor %rdi,%rdi + lea (%rdi,%rcx,4),%rcx + mov %r8,%rsi + lea (%r8,%rcx,4),%rdi # pointer to last chunk +.align 4 +.Linvert: + mov 0(%rsi),%rax + mov 8(%rsi),%rbx + mov 0(%rdi),%rcx + mov 8(%rdi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rcx,0(%rsi) + mov %rdx,8(%rsi) + lea 16(%rsi),%rsi + lea -16(%rdi),%rdi + cmp %rsi,%rdi + jne .Linvert + + .picmeup %r9 + lea AES_Td-.(%r9),%rdi + lea AES_Te-AES_Td(%rdi),%r9 + + mov %r8,%rsi + mov 240(%r8),%ecx # pull number of rounds + sub \$1,%ecx +.align 4 +.Lpermute: + lea 16(%rsi),%rsi +___ + &deckey (0,"%rsi","%r9","%rdi"); + &deckey (4,"%rsi","%r9","%rdi"); + &deckey (8,"%rsi","%r9","%rdi"); + &deckey (12,"%rsi","%r9","%rdi"); +$code.=<<___; + sub \$1,%ecx + jnz .Lpermute + + xor %rax,%rax + pop %rbx + ret +.size AES_set_decrypt_key,.-AES_set_decrypt_key +___ + +# void AES_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +{ +# stack frame layout +# -8(%rsp) return address +my $_rsp="0(%rsp)"; # saved %rsp +my $_len="8(%rsp)"; # copy of 3rd parameter, length +my $_key="16(%rsp)"; # copy of 4th parameter, key +my $_ivp="24(%rsp)"; # copy of 5th parameter, ivp +my $keyp="32(%rsp)"; # one to pass as $key +my $ivec="40(%rsp)"; # ivec[16] +my $aes_key="56(%rsp)"; # copy of aes_key +my $mark="56+240(%rsp)"; # copy of aes_key->rounds + +$code.=<<___; +.globl AES_cbc_encrypt +.type AES_cbc_encrypt,\@function,6 +.align 16 +AES_cbc_encrypt: + cmp \$0,%rdx # check length + je .Lcbc_just_ret + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + cld + mov %r9d,%r9d # clear upper half of enc + + .picmeup $sbox +.Lcbc_pic_point: + + cmp \$0,%r9 + je .LDECRYPT + + lea AES_Te-.Lcbc_pic_point($sbox),$sbox + + # allocate aligned stack frame... + lea -64-248(%rsp),$key + and \$-64,$key + + # ... and make it doesn't alias with AES_Te modulo 4096 + mov $sbox,%r10 + lea 2048($sbox),%r11 + mov $key,%r12 + and \$0xFFF,%r10 # s = $sbox&0xfff + and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff + and \$0xFFF,%r12 # p = %rsp&0xfff + + cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); + jb .Lcbc_te_break_out + sub %r11,%r12 + sub %r12,$key + jmp .Lcbc_te_ok +.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz + sub %r10,%r12 + and \$0xFFF,%r12 + add \$320,%r12 + sub %r12,$key +.align 4 +.Lcbc_te_ok: + + xchg %rsp,$key + add \$8,%rsp # reserve for return address! + mov $key,$_rsp # save %rsp + mov %rdx,$_len # save copy of len + mov %rcx,$_key # save copy of key + mov %r8,$_ivp # save copy of ivp + movl \$0,$mark # copy of aes_key->rounds = 0; + mov %r8,%rbp # rearrange input arguments + mov %rsi,$out + mov %rdi,$inp + mov %rcx,$key + + # do we copy key schedule to stack? + mov $key,%r10 + sub $sbox,%r10 + and \$0xfff,%r10 + cmp \$2048,%r10 + jb .Lcbc_do_ecopy + cmp \$4096-248,%r10 + jb .Lcbc_skip_ecopy +.align 4 +.Lcbc_do_ecopy: + mov $key,%rsi + lea $aes_key,%rdi + lea $aes_key,$key + mov \$240/8,%ecx + .long 0x90A548F3 # rep movsq + mov (%rsi),%eax # copy aes_key->rounds + mov %eax,(%rdi) +.Lcbc_skip_ecopy: + mov $key,$keyp # save key pointer + + mov \$16,%ecx +.align 4 +.Lcbc_prefetch_te: + mov 0($sbox),%r10 + mov 32($sbox),%r11 + mov 64($sbox),%r12 + mov 96($sbox),%r13 + lea 128($sbox),$sbox + sub \$1,%ecx + jnz .Lcbc_prefetch_te + sub \$2048,$sbox + + test \$-16,%rdx # check upon length + mov %rdx,%r10 + mov 0(%rbp),$s0 # load iv + mov 4(%rbp),$s1 + mov 8(%rbp),$s2 + mov 12(%rbp),$s3 + jz .Lcbc_enc_tail # short input... + +.align 4 +.Lcbc_enc_loop: + xor 0($inp),$s0 + xor 4($inp),$s1 + xor 8($inp),$s2 + xor 12($inp),$s3 + mov $inp,$ivec # if ($verticalspin) save inp + + mov $keyp,$key # restore key + call _x86_64_AES_encrypt + + mov $ivec,$inp # if ($verticalspin) restore inp + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + mov $_len,%r10 + lea 16($inp),$inp + lea 16($out),$out + sub \$16,%r10 + test \$-16,%r10 + mov %r10,$_len + jnz .Lcbc_enc_loop + test \$15,%r10 + jnz .Lcbc_enc_tail + mov $_ivp,%rbp # restore ivp + mov $s0,0(%rbp) # save ivec + mov $s1,4(%rbp) + mov $s2,8(%rbp) + mov $s3,12(%rbp) + +.align 4 +.Lcbc_cleanup: + cmpl \$0,$mark # was the key schedule copied? + lea $aes_key,%rdi + mov $_rsp,%rsp + je .Lcbc_exit + mov \$240/8,%ecx + xor %rax,%rax + .long 0x90AB48F3 # rep stosq +.Lcbc_exit: + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx +.Lcbc_just_ret: + ret +.align 4 +.Lcbc_enc_tail: + cmp $inp,$out + je .Lcbc_enc_in_place + mov %r10,%rcx + mov $inp,%rsi + mov $out,%rdi + .long 0xF689A4F3 # rep movsb +.Lcbc_enc_in_place: + mov \$16,%rcx # zero tail + sub %r10,%rcx + xor %rax,%rax + .long 0xF689AAF3 # rep stosb + mov $out,$inp # this is not a mistake! + movq \$16,$_len # len=16 + jmp .Lcbc_enc_loop # one more spin... +#----------------------------- DECRYPT -----------------------------# +.align 16 +.LDECRYPT: + lea AES_Td-.Lcbc_pic_point($sbox),$sbox + + # allocate aligned stack frame... + lea -64-248(%rsp),$key + and \$-64,$key + + # ... and make it doesn't alias with AES_Td modulo 4096 + mov $sbox,%r10 + lea 2304($sbox),%r11 + mov $key,%r12 + and \$0xFFF,%r10 # s = $sbox&0xfff + and \$0xFFF,%r11 # e = ($sbox+2048+256)&0xfff + and \$0xFFF,%r12 # p = %rsp&0xfff + + cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); + jb .Lcbc_td_break_out + sub %r11,%r12 + sub %r12,$key + jmp .Lcbc_td_ok +.Lcbc_td_break_out: # else %rsp -= (p-s)&0xfff + framesz + sub %r10,%r12 + and \$0xFFF,%r12 + add \$320,%r12 + sub %r12,$key +.align 4 +.Lcbc_td_ok: + + xchg %rsp,$key + add \$8,%rsp # reserve for return address! + mov $key,$_rsp # save %rsp + mov %rdx,$_len # save copy of len + mov %rcx,$_key # save copy of key + mov %r8,$_ivp # save copy of ivp + movl \$0,$mark # copy of aes_key->rounds = 0; + mov %r8,%rbp # rearrange input arguments + mov %rsi,$out + mov %rdi,$inp + mov %rcx,$key + + # do we copy key schedule to stack? + mov $key,%r10 + sub $sbox,%r10 + and \$0xfff,%r10 + cmp \$2304,%r10 + jb .Lcbc_do_dcopy + cmp \$4096-248,%r10 + jb .Lcbc_skip_dcopy +.align 4 +.Lcbc_do_dcopy: + mov $key,%rsi + lea $aes_key,%rdi + lea $aes_key,$key + mov \$240/8,%ecx + .long 0x90A548F3 # rep movsq + mov (%rsi),%eax # copy aes_key->rounds + mov %eax,(%rdi) +.Lcbc_skip_dcopy: + mov $key,$keyp # save key pointer + + mov \$18,%ecx +.align 4 +.Lcbc_prefetch_td: + mov 0($sbox),%r10 + mov 32($sbox),%r11 + mov 64($sbox),%r12 + mov 96($sbox),%r13 + lea 128($sbox),$sbox + sub \$1,%ecx + jnz .Lcbc_prefetch_td + sub \$2304,$sbox + + cmp $inp,$out + je .Lcbc_dec_in_place + + mov %rbp,$ivec +.align 4 +.Lcbc_dec_loop: + mov 0($inp),$s0 # read input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + mov $inp,8+$ivec # if ($verticalspin) save inp + + mov $keyp,$key # restore key + call _x86_64_AES_decrypt + + mov $ivec,%rbp # load ivp + mov 8+$ivec,$inp # if ($verticalspin) restore inp + xor 0(%rbp),$s0 # xor iv + xor 4(%rbp),$s1 + xor 8(%rbp),$s2 + xor 12(%rbp),$s3 + mov $inp,%rbp # current input, next iv + + mov $_len,%r10 # load len + sub \$16,%r10 + jc .Lcbc_dec_partial + mov %r10,$_len # update len + mov %rbp,$ivec # update ivp + + mov $s0,0($out) # write output + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + jnz .Lcbc_dec_loop +.Lcbc_dec_end: + mov $_ivp,%r12 # load user ivp + mov 0(%rbp),%r10 # load iv + mov 8(%rbp),%r11 + mov %r10,0(%r12) # copy back to user + mov %r11,8(%r12) + jmp .Lcbc_cleanup + +.align 4 +.Lcbc_dec_partial: + mov $s0,0+$ivec # dump output to stack + mov $s1,4+$ivec + mov $s2,8+$ivec + mov $s3,12+$ivec + mov $out,%rdi + lea $ivec,%rsi + mov \$16,%rcx + add %r10,%rcx # number of bytes to copy + .long 0xF689A4F3 # rep movsb + jmp .Lcbc_dec_end + +.align 16 +.Lcbc_dec_in_place: + mov 0($inp),$s0 # load input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + + mov $inp,$ivec # if ($verticalspin) save inp + mov $keyp,$key + call _x86_64_AES_decrypt + + mov $ivec,$inp # if ($verticalspin) restore inp + mov $_ivp,%rbp + xor 0(%rbp),$s0 + xor 4(%rbp),$s1 + xor 8(%rbp),$s2 + xor 12(%rbp),$s3 + + mov 0($inp),%r10 # copy input to iv + mov 8($inp),%r11 + mov %r10,0(%rbp) + mov %r11,8(%rbp) + + mov $s0,0($out) # save output [zaps input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + mov $_len,%rcx + lea 16($inp),$inp + lea 16($out),$out + sub \$16,%rcx + jc .Lcbc_dec_in_place_partial + mov %rcx,$_len + jnz .Lcbc_dec_in_place + jmp .Lcbc_cleanup + +.align 4 +.Lcbc_dec_in_place_partial: + # one can argue if this is actually required + lea ($out,%rcx),%rdi + lea (%rbp,%rcx),%rsi + neg %rcx + .long 0xF689A4F3 # rep movsb # restore tail + jmp .Lcbc_cleanup +.size AES_cbc_encrypt,.-AES_cbc_encrypt +___ +} + +$code.=<<___; +.globl AES_Te +.align 64 +AES_Te: +___ + &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); + &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); + &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); + &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); + &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); + &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); + &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); + &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); + &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); + &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); + &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); + &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); + &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); + &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); + &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); + &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); + &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); + &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); + &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); + &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); + &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); + &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); + &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); + &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); + &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); + &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); + &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); + &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); + &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); + &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); + &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); + &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); + &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); + &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); + &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); + &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); + &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); + &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); + &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); + &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); + &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); + &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); + &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); + &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); + &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); + &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); + &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); + &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); + &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); + &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); + &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); + &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); + &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); + &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); + &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); + &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); + &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); + &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); + &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); + &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); + &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); + &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); + &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); + &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); +#rcon: +$code.=<<___; + .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 + .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 + .long 0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0 +___ +$code.=<<___; +.globl AES_Td +.align 64 +AES_Td: +___ + &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); + &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); + &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); + &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); + &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); + &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); + &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); + &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); + &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); + &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); + &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); + &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); + &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); + &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); + &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); + &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); + &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); + &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); + &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); + &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); + &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); + &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); + &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); + &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); + &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); + &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); + &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); + &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); + &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); + &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); + &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); + &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); + &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); + &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); + &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); + &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); + &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); + &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); + &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); + &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); + &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); + &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); + &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); + &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); + &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); + &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); + &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); + &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); + &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); + &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); + &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); + &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); + &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); + &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); + &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); + &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); + &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); + &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); + &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); + &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); + &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); + &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); + &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); + &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); +#Td4: + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; + +close STDOUT; diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index f67c5ebd711a1..63066899d0bdd 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -26,7 +26,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ + f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ @@ -38,7 +38,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ + f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \ asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o @@ -213,11 +213,11 @@ a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h -a_object.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_object.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_object.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_object.o: ../../include/openssl/opensslconf.h +a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c @@ -292,7 +292,8 @@ a_type.o: ../../e_os.h ../../include/openssl/asn1.h a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_type.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c @@ -362,6 +363,20 @@ asn1_par.o: ../../include/openssl/opensslconf.h asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c +asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h +asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h +asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +asn_mime.o: ../cryptlib.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index a36356e34474e..dc980421d098b 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -62,6 +62,7 @@ #include #include #include +#include int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a6acef16f3b3f..36beceacdb07e 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include int ASN1_TYPE_get(ASN1_TYPE *a) { @@ -79,6 +80,31 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) a->value.ptr=value; } +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) + { + if (!value || (type == V_ASN1_BOOLEAN)) + { + void *p = (void *)value; + ASN1_TYPE_set(a, type, p); + } + else if (type == V_ASN1_OBJECT) + { + ASN1_OBJECT *odup; + odup = OBJ_dup(value); + if (!odup) + return 0; + ASN1_TYPE_set(a, type, odup); + } + else + { + ASN1_STRING *sdup; + sdup = ASN1_STRING_dup((ASN1_STRING *)value); + if (!sdup) + return 0; + ASN1_TYPE_set(a, type, sdup); + } + return 1; + } IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 30f1eecd5b90b..424cd348bb5e1 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -158,7 +158,12 @@ extern "C" { #define MBSTRING_BMP (MBSTRING_FLAG|2) #define MBSTRING_UNIV (MBSTRING_FLAG|4) +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 + struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ @@ -218,6 +223,13 @@ typedef struct asn1_object_st * be inserted in the memory buffer */ #define ASN1_STRING_FLAG_NDEF 0x010 + +/* This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been + * accessed. The flag will be reset when content has been written to it. + */ +#define ASN1_STRING_FLAG_CONT 0x020 + /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { @@ -311,8 +323,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; int i2d_##name##_NDEF(name *a, unsigned char **out); #define DECLARE_ASN1_FUNCTIONS_const(name) \ - name *name##_new(void); \ - void name##_free(name *a); + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ type *name##_new(void); \ @@ -322,6 +334,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; #define I2D_OF(type) int (*)(type *,unsigned char **) #define I2D_OF_const(type) int (*)(const type *,unsigned char **) +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) #define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) @@ -511,6 +534,7 @@ typedef struct asn1_type_st * contain the set or sequence bytes */ ASN1_STRING * set; ASN1_STRING * sequence; + ASN1_VALUE * asn1_value; } value; } ASN1_TYPE; @@ -741,6 +765,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -763,6 +788,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); /* Since this is used to store all sorts of things, via macros, for now, make its data void * */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); int ASN1_STRING_length(ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); int ASN1_STRING_type(ASN1_STRING *x); @@ -902,23 +928,47 @@ int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); + #define ASN1_dup_of(type,i2d,d2i,x) \ - ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + #define ASN1_dup_of_const(type,i2d,d2i,x) \ - ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, void *x); +/* ASN1 alloc/free macros for when a type is only used internally */ + +#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +#define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + #ifndef OPENSSL_NO_FP_API void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); + #define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ - ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x) + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); + #define ASN1_i2d_fp_of(type,i2d,out,x) \ - ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + #define ASN1_i2d_fp_of_const(type,i2d,out,x) \ - ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); #endif @@ -927,14 +977,26 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); #ifndef OPENSSL_NO_BIO void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); + #define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ - ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x) + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); + #define ASN1_i2d_bio_of(type,i2d,out,x) \ - ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + #define ASN1_i2d_bio_of_const(type,i2d,out,x) \ - ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); @@ -977,8 +1039,12 @@ void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_OCTET_STRING **oct); + #define ASN1_pack_string_of(type,obj,i2d,oct) \ - ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct) + (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ + CHECKED_I2D_OF(type, i2d), \ + oct)) + ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); @@ -1009,7 +1075,17 @@ void ASN1_add_oid_module(void); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); - + +typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it); + +int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, + asn1_output_data_fn *data_fn, + const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -1059,6 +1135,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_ITEM_VERIFY 197 #define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 +#define ASN1_F_ASN1_OUTPUT_DATA 207 #define ASN1_F_ASN1_PACK_STRING 124 #define ASN1_F_ASN1_PCTX_NEW 205 #define ASN1_F_ASN1_PKCS5_PBE_SET 125 @@ -1078,6 +1155,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_UNPACK_STRING 136 #define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_B64_READ_ASN1 208 +#define ASN1_F_B64_WRITE_ASN1 209 #define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 @@ -1118,6 +1197,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_PKCS5_PBE_SET 202 +#define ASN1_F_SMIME_READ_ASN1 210 +#define ASN1_F_SMIME_TEXT 211 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 #define ASN1_F_X509_INFO_NEW 170 @@ -1129,6 +1210,8 @@ void ERR_load_ASN1_strings(void); /* Reason codes. */ #define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 198 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 199 #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 @@ -1175,6 +1258,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 200 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 @@ -1184,6 +1268,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 #define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 201 +#define ASN1_R_MIME_PARSE_ERROR 202 +#define ASN1_R_MIME_SIG_PARSE_ERROR 203 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 #define ASN1_R_MISSING_VALUE 189 @@ -1193,7 +1280,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_NON_HEX_CHARACTERS 141 #define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 204 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 +#define ASN1_R_NO_MULTIPART_BOUNDARY 206 +#define ASN1_R_NO_SIG_CONTENT_TYPE 207 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 @@ -1203,6 +1294,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 208 +#define ASN1_R_STREAMING_NOT_SUPPORTED 209 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index f6b5c3f3dd770..f8a3e2e6cd015 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -110,6 +110,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, +{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, @@ -129,6 +130,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, +{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, +{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, @@ -169,6 +172,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, +{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, +{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, @@ -183,6 +188,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= static ERR_STRING_DATA ASN1_str_reasons[]= { {ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, +{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"}, +{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"}, {ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, {ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, @@ -229,6 +236,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, +{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, @@ -238,6 +246,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, {ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, +{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"}, +{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"}, +{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"}, {ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, {ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, @@ -247,7 +258,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, +{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, +{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, @@ -257,6 +272,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, {ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, +{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"}, {ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, {ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index d5ae5b2258a4d..5af559ef8da70 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -393,6 +393,14 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) return(1); } +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) + { + if (str->data) + OPENSSL_free(str->data); + str->data = data; + str->length = len; + } + ASN1_STRING *ASN1_STRING_new(void) { return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index adbc2a63dd0f3..bf315e65ed38b 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -169,6 +169,9 @@ extern "C" { #define ASN1_NDEF_SEQUENCE(tname) \ ASN1_SEQUENCE(tname) +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + #define ASN1_SEQUENCE_cb(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) @@ -368,6 +371,10 @@ extern "C" { #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +/* EXPLICIT using indefinite length constructed form */ +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + /* EXPLICIT OPTIONAL using indefinite length constructed form */ #define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c new file mode 100644 index 0000000000000..bc80b20d6323a --- /dev/null +++ b/crypto/asn1/asn_mime.c @@ -0,0 +1,876 @@ +/* asn_mime.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include + +/* Generalised MIME like utilities for streaming ASN1. Although many + * have a PKCS7/CMS like flavour others are more general purpose. + */ + +/* MIME format structures + * Note that all are translated to lower case apart from + * parameter values. Quotes are stripped off + */ + +typedef struct { +char *param_name; /* Param name e.g. "micalg" */ +char *param_value; /* Param value e.g. "sha1" */ +} MIME_PARAM; + +DECLARE_STACK_OF(MIME_PARAM) +IMPLEMENT_STACK_OF(MIME_PARAM) + +typedef struct { +char *name; /* Name of line e.g. "content-type" */ +char *value; /* Value of line e.g. "text/plain" */ +STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ +} MIME_HEADER; + +DECLARE_STACK_OF(MIME_HEADER) +IMPLEMENT_STACK_OF(MIME_HEADER) + +static char * strip_ends(char *name); +static char * strip_start(char *name); +static char * strip_end(char *name); +static MIME_HEADER *mime_hdr_new(char *name, char *value); +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); +static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b); +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b); +static void mime_param_free(MIME_PARAM *param); +static int mime_bound_check(char *line, int linelen, char *bound, int blen); +static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); +static int strip_eol(char *linebuf, int *plen); +static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); +static void mime_hdr_free(MIME_HEADER *hdr); + +#define MAX_SMLEN 1024 +#define mime_debug(x) /* x */ + +/* Base 64 read and write of ASN1 structure */ + +static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it) + { + BIO *b64; + int r; + b64 = BIO_new(BIO_f_base64()); + if(!b64) + { + ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE); + return 0; + } + /* prepend the b64 BIO so all data is base64 encoded. + */ + out = BIO_push(b64, out); + r = ASN1_item_i2d_bio(it, out, val); + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(b64); + return r; + } + +static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) +{ + BIO *b64; + ASN1_VALUE *val; + if(!(b64 = BIO_new(BIO_f_base64()))) { + ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + val = ASN1_item_d2i_bio(it, bio, NULL); + if(!val) + ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR); + (void)BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return val; +} + +/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ + +static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + { + const EVP_MD *md; + int i, have_unknown = 0, write_comma, md_nid; + have_unknown = 0; + write_comma = 0; + for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) + { + if (write_comma) + BIO_write(out, ",", 1); + write_comma = 1; + md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + md = EVP_get_digestbynid(md_nid); + switch(md_nid) + { + case NID_sha1: + BIO_puts(out, "sha1"); + break; + + case NID_md5: + BIO_puts(out, "md5"); + break; + + case NID_sha256: + BIO_puts(out, "sha-256"); + break; + + case NID_sha384: + BIO_puts(out, "sha-384"); + break; + + case NID_sha512: + BIO_puts(out, "sha-512"); + break; + + default: + if (have_unknown) + write_comma = 0; + else + { + BIO_puts(out, "unknown"); + have_unknown = 1; + } + break; + + } + } + + return 1; + + } + +/* SMIME sender */ + +int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, + asn1_output_data_fn *data_fn, + const ASN1_ITEM *it) +{ + char bound[33], c; + int i; + const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; + const char *msg_type=NULL; + if (flags & SMIME_OLDMIME) + mime_prefix = "application/x-pkcs7-"; + else + mime_prefix = "application/pkcs7-"; + + if (flags & SMIME_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; + if((flags & SMIME_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ + RAND_pseudo_bytes((unsigned char *)bound, 32); + for(i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if(c < 10) c += '0'; + else c += 'A' - 10; + bound[i] = c; + } + bound[32] = 0; + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Type: multipart/signed;"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_puts(bio, " micalg=\""); + asn1_write_micalg(bio, mdalgs); + BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); + /* Now write out the first part */ + BIO_printf(bio, "------%s%s", bound, mime_eol); + if (!data_fn(bio, data, val, flags, it)) + return 0; + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); + + /* Headers for signature */ + + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); + B64_write_ASN1(bio, val, NULL, 0, it); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); + return 1; + } + + /* Determine smime-type header */ + + if (ctype_nid == NID_pkcs7_enveloped) + msg_type = "enveloped-data"; + else if (ctype_nid == NID_pkcs7_signed) + { + if (econt_nid == NID_id_smime_ct_receipt) + msg_type = "signed-receipt"; + else if (sk_X509_ALGOR_num(mdalgs) >= 0) + msg_type = "signed-data"; + else + msg_type = "certs-only"; + } + else if (ctype_nid == NID_id_smime_ct_compressedData) + { + msg_type = "compressed-data"; + cname = "smime.p7z"; + } + /* MIME headers */ + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + if (msg_type) + BIO_printf(bio, " smime-type=%s;", msg_type); + BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); + if (!B64_write_ASN1(bio, val, data, flags, it)) + return 0; + BIO_printf(bio, "%s", mime_eol); + return 1; +} + +#if 0 + +/* Handle output of ASN1 data */ + + +static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) + { + BIO *tmpbio; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; + + if (!(flags & SMIME_DETACHED)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + if (!aux || !aux->asn1_cb) + { + ASN1err(ASN1_F_ASN1_OUTPUT_DATA, + ASN1_R_STREAMING_NOT_SUPPORTED); + return 0; + } + + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; + + /* Let ASN1 code prepend any needed BIOs */ + + if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ + SMIME_crlf_copy(data, sarg.ndef_bio, flags); + + /* Finalize structure */ + if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) + return 0; + + /* Now remove any digests prepended to the BIO */ + + while (sarg.ndef_bio != out) + { + tmpbio = BIO_pop(sarg.ndef_bio); + BIO_free(sarg.ndef_bio); + sarg.ndef_bio = tmpbio; + } + + return 1; + + } + +#endif + +/* SMIME reader: handle multipart/signed and opaque signing. + * in multipart case the content is placed in a memory BIO + * pointed to by "bcont". In opaque this is set to NULL + */ + +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) +{ + BIO *asnin; + STACK_OF(MIME_HEADER) *headers = NULL; + STACK_OF(BIO) *parts = NULL; + MIME_HEADER *hdr; + MIME_PARAM *prm; + ASN1_VALUE *val; + int ret; + + if(bcont) *bcont = NULL; + + if (!(headers = mime_parse_hdr(bio))) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR); + return NULL; + } + + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); + return NULL; + } + + /* Handle multipart/signed */ + + if(!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if(!prm || !prm->param_value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); + return NULL; + } + ret = multi_split(bio, prm->param_value, &parts); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + if(!ret || (sk_BIO_num(parts) != 2) ) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + /* Parse the signature piece */ + asnin = sk_BIO_value(parts, 1); + + if (!(headers = mime_parse_hdr(asnin))) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + /* Get content type */ + + if(!(hdr = mime_hdr_find(headers, "content-type")) || + !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + return NULL; + } + + if(strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + /* Read in ASN1 */ + if(!(val = b64_read_asn1(asnin, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + if(bcont) { + *bcont = sk_BIO_value(parts, 0); + BIO_free(asnin); + sk_BIO_free(parts); + } else sk_BIO_pop_free(parts, BIO_vfree); + return val; + } + + /* OK, if not multipart/signed try opaque signature */ + + if (strcmp (hdr->value, "application/x-pkcs7-mime") && + strcmp (hdr->value, "application/pkcs7-mime")) { + ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return NULL; + } + + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + + if(!(val = b64_read_asn1(bio, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); + return NULL; + } + return val; + +} + +/* Copy text from one BIO to another making the output CRLF at EOL */ +int SMIME_crlf_copy(BIO *in, BIO *out, int flags) +{ + BIO *bf; + char eol; + int len; + char linebuf[MAX_SMLEN]; + /* Buffer output so we don't write one line at a time. This is + * useful when streaming as we don't end up with one OCTET STRING + * per line. + */ + bf = BIO_new(BIO_f_buffer()); + if (!bf) + return 0; + out = BIO_push(bf, out); + if(flags & SMIME_BINARY) + { + while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + } + else + { + if(flags & SMIME_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) + { + eol = strip_eol(linebuf, &len); + if (len) + BIO_write(out, linebuf, len); + if(eol) BIO_write(out, "\r\n", 2); + } + } + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(bf); + return 1; +} + +/* Strip off headers if they are text/plain */ +int SMIME_text(BIO *in, BIO *out) +{ + char iobuf[4096]; + int len; + STACK_OF(MIME_HEADER) *headers; + MIME_HEADER *hdr; + + if (!(headers = mime_parse_hdr(in))) { + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR); + return 0; + } + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return 0; + } + if (strcmp (hdr->value, "text/plain")) { + ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return 0; + } + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) + BIO_write(out, iobuf, len); + if (len < 0) + return 0; + return 1; +} + +/* Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ + +static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) +{ + char linebuf[MAX_SMLEN]; + int len, blen; + int eol = 0, next_eol = 0; + BIO *bpart = NULL; + STACK_OF(BIO) *parts; + char state, part, first; + + blen = strlen(bound); + part = 0; + state = 0; + first = 1; + parts = sk_BIO_new_null(); + *ret = parts; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if(state == 1) { + first = 1; + part++; + } else if(state == 2) { + sk_BIO_push(parts, bpart); + return 1; + } else if(part) { + /* Strip CR+LF from linebuf */ + next_eol = strip_eol(linebuf, &len); + if(first) { + first = 0; + if(bpart) sk_BIO_push(parts, bpart); + bpart = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bpart, 0); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); + } + } + return 0; +} + +/* This is the big one: parse MIME header lines up to message body */ + +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 + + +static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) +{ + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; + MIME_HEADER *mhdr = NULL; + STACK_OF(MIME_HEADER) *headers; + int len, state, save_state = 0; + + headers = sk_MIME_HEADER_new(mime_hdr_cmp); + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; + else state = MIME_START; + ntmp = NULL; + /* Go through all characters */ + for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + + /* State machine to handle MIME headers + * if this looks horrible that's because it *is* + */ + + switch(state) { + case MIME_START: + if(c == ':') { + state = MIME_TYPE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_TYPE: + if(c == ';') { + mime_debug("Found End Value\n"); + *p = 0; + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_MIME_HEADER_push(headers, mhdr); + ntmp = NULL; + q = p + 1; + state = MIME_NAME; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_COMMENT: + if(c == ')') { + state = save_state; + } + break; + + case MIME_NAME: + if(c == '=') { + state = MIME_VALUE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break ; + + case MIME_VALUE: + if(c == ';') { + state = MIME_NAME; + *p = 0; + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + ntmp = NULL; + q = p + 1; + } else if (c == '"') { + mime_debug("Found Quote\n"); + state = MIME_QUOTE; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_QUOTE: + if(c == '"') { + mime_debug("Found Match Quote\n"); + state = MIME_VALUE; + } + break; + } + } + + if(state == MIME_TYPE) { + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_MIME_HEADER_push(headers, mhdr); + } else if(state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + if(p == linebuf) break; /* Blank line means end of headers */ +} + +return headers; + +} + +static char *strip_ends(char *name) +{ + return strip_end(strip_start(name)); +} + +/* Strip a parameter of whitespace from start of param */ +static char *strip_start(char *name) +{ + char *p, c; + /* Look for first non white space or quote */ + for(p = name; (c = *p) ;p++) { + if(c == '"') { + /* Next char is start of string if non null */ + if(p[1]) return p + 1; + /* Else null string */ + return NULL; + } + if(!isspace((unsigned char)c)) return p; + } + return NULL; +} + +/* As above but strip from end of string : maybe should handle brackets? */ +static char *strip_end(char *name) +{ + char *p, c; + if(!name) return NULL; + /* Look for first non white space or quote */ + for(p = name + strlen(name) - 1; p >= name ;p--) { + c = *p; + if(c == '"') { + if(p - 1 == name) return NULL; + *p = 0; + return name; + } + if(isspace((unsigned char)c)) *p = 0; + else return name; + } + return NULL; +} + +static MIME_HEADER *mime_hdr_new(char *name, char *value) +{ + MIME_HEADER *mhdr; + char *tmpname, *tmpval, *p; + int c; + if(name) { + if(!(tmpname = BUF_strdup(name))) return NULL; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + if(!(tmpval = BUF_strdup(value))) return NULL; + for(p = tmpval ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpval = NULL; + mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); + if(!mhdr) return NULL; + mhdr->name = tmpname; + mhdr->value = tmpval; + if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; + return mhdr; +} + +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) +{ + char *tmpname, *tmpval, *p; + int c; + MIME_PARAM *mparam; + if(name) { + tmpname = BUF_strdup(name); + if(!tmpname) return 0; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + tmpval = BUF_strdup(value); + if(!tmpval) return 0; + } else tmpval = NULL; + /* Parameter values are case sensitive so leave as is */ + mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); + if(!mparam) return 0; + mparam->param_name = tmpname; + mparam->param_value = tmpval; + sk_MIME_PARAM_push(mhdr->params, mparam); + return 1; +} + +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b) +{ + return(strcmp((*a)->name, (*b)->name)); +} + +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b) +{ + return(strcmp((*a)->param_name, (*b)->param_name)); +} + +/* Find a header with a given name (if possible) */ + +static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) +{ + MIME_HEADER htmp; + int idx; + htmp.name = name; + idx = sk_MIME_HEADER_find(hdrs, &htmp); + if(idx < 0) return NULL; + return sk_MIME_HEADER_value(hdrs, idx); +} + +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) +{ + MIME_PARAM param; + int idx; + param.param_name = name; + idx = sk_MIME_PARAM_find(hdr->params, ¶m); + if(idx < 0) return NULL; + return sk_MIME_PARAM_value(hdr->params, idx); +} + +static void mime_hdr_free(MIME_HEADER *hdr) +{ + if(hdr->name) OPENSSL_free(hdr->name); + if(hdr->value) OPENSSL_free(hdr->value); + if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); + OPENSSL_free(hdr); +} + +static void mime_param_free(MIME_PARAM *param) +{ + if(param->param_name) OPENSSL_free(param->param_name); + if(param->param_value) OPENSSL_free(param->param_value); + OPENSSL_free(param); +} + +/* Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ +static int mime_bound_check(char *line, int linelen, char *bound, int blen) +{ + if(linelen == -1) linelen = strlen(line); + if(blen == -1) blen = strlen(bound); + /* Quickly eliminate if line length too short */ + if(blen + 2 > linelen) return 0; + /* Check for part boundary */ + if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { + if(!strncmp(line + blen + 2, "--", 2)) return 2; + else return 1; + } + return 0; +} + +static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; + int is_eol = 0; + p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) + { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; + } diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 72cc1210becdc..9132350f10780 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -149,7 +149,7 @@ static int do_create(char *value, char *name) if (lntmp == NULL) return 0; memcpy(lntmp, ln, p - ln); - lntmp[p - ln + 1] = 0; + lntmp[p - ln] = 0; oid = OBJ_nid2obj(nid); oid->ln = lntmp; } diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index c779a9bb18050..5557e0658448b 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -244,7 +244,7 @@ get_next: } } } - if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) + if(!(cflag & X509_FLAG_NO_EXTENSIONS)) { exts = X509_REQ_get_extensions(x); if(exts) @@ -262,7 +262,7 @@ get_next: j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) goto err; - if(!X509V3_EXT_print(bp, ex, 0, 16)) + if(!X509V3_EXT_print(bp, ex, cflag, 16)) { BIO_printf(bp, "%16s", ""); M_ASN1_OCTET_STRING_print(bp,ex->value); diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index fe2ea4046d2bd..ae72b525d7d41 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -393,8 +393,9 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) d= (v[6]-'0')*10+(v[7]-'0'); h= (v[8]-'0')*10+(v[9]-'0'); m= (v[10]-'0')*10+(v[11]-'0'); - if ( (v[12] >= '0') && (v[12] <= '9') && - (v[13] >= '0') && (v[13] <= '9')) + if (i >= 14 && + (v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) s= (v[12]-'0')*10+(v[13]-'0'); if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", @@ -428,8 +429,9 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) d= (v[4]-'0')*10+(v[5]-'0'); h= (v[6]-'0')*10+(v[7]-'0'); m= (v[8]-'0')*10+(v[9]-'0'); - if ( (v[10] >= '0') && (v[10] <= '9') && - (v[11] >= '0') && (v[11] <= '9')) + if (i >=12 && + (v[10] >= '0') && (v[10] <= '9') && + (v[11] >= '0') && (v[11] <= '9')) s= (v[10]-'0')*10+(v[11]-'0'); if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", @@ -449,13 +451,13 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) l=80-2-obase; - b=s=X509_NAME_oneline(name,NULL,0); - if (!*s) + b=X509_NAME_oneline(name,NULL,0); + if (!*b) { OPENSSL_free(b); return 1; } - s++; /* skip the first slash */ + s=b+1; /* skip the first slash */ c=s; for (;;) @@ -480,8 +482,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { i=s-c; if (BIO_write(bp,c,i) != i) goto err; - c+=i; - c++; + c=s+1; /* skip following slash */ if (*s != '\0') { if (BIO_write(bp,", ",2) != 2) goto err; @@ -502,4 +503,3 @@ err: OPENSSL_free(b); return(ret); } - diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 66d229b08b39b..0ee406231e7cc 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -130,7 +130,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, ASN1_VALUE *ptmpval = NULL; if (!pval) pval = &ptmpval; - asn1_tlc_clear(&c); + c.valid = 0; if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) return *pval; return NULL; @@ -140,7 +140,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) { ASN1_TLC c; - asn1_tlc_clear(&c); + c.valid = 0; return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); } @@ -944,7 +944,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); opval = pval; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; } switch(utype) { diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 25c94aa1d95a0..be19b36acd5f4 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -494,7 +494,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, { for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) - sk_ASN1_VALUE_set(sk, i, tder->field); + (void)sk_ASN1_VALUE_set(sk, i, tder->field); } OPENSSL_free(derlst); OPENSSL_free(tmpdat); @@ -597,7 +597,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, typ = (ASN1_TYPE *)*pval; utype = typ->type; *putype = utype; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; } else utype = *putype; diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index b68b66a23b18d..bb7c1e2af4894 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -115,8 +115,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c return; } i = asn1_get_choice_selector(pval, it); - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_PRE, pval, it); if ((i >= 0) && (i < it->tcount)) { ASN1_VALUE **pchval; @@ -221,7 +219,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; utype = typ->type; - pval = (ASN1_VALUE **)&typ->value.ptr; + pval = &typ->value.asn1_value; if (!*pval) return; } diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 00b9ea54a15fa..33533aba862bb 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -66,8 +66,65 @@ ASN1_SEQUENCE(X509_ALGOR) = { ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) } ASN1_SEQUENCE_END(X509_ALGOR) +ASN1_ITEM_TEMPLATE(X509_ALGORS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) +ASN1_ITEM_TEMPLATE_END(X509_ALGORS) + IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) IMPLEMENT_STACK_OF(X509_ALGOR) IMPLEMENT_ASN1_SET_OF(X509_ALGOR) + +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) + { + if (!alg) + return 0; + if (ptype != V_ASN1_UNDEF) + { + if (alg->parameter == NULL) + alg->parameter = ASN1_TYPE_new(); + if (alg->parameter == NULL) + return 0; + } + if (alg) + { + if (alg->algorithm) + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + } + if (ptype == 0) + return 1; + if (ptype == V_ASN1_UNDEF) + { + if (alg->parameter) + { + ASN1_TYPE_free(alg->parameter); + alg->parameter = NULL; + } + } + else + ASN1_TYPE_set(alg->parameter, ptype, pval); + return 1; + } + +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor) + { + if (paobj) + *paobj = algor->algorithm; + if (pptype) + { + if (algor->parameter == NULL) + { + *pptype = V_ASN1_UNDEF; + return; + } + else + *pptype = algor->parameter->type; + if (ppval) + *ppval = algor->parameter->value.ptr; + } + } + diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index b99f8fc522c1e..70d56a67f26a2 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -84,7 +84,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) * would affect the output of X509_CRL_print(). */ case ASN1_OP_D2I_POST: - sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); + (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); break; } return 1; diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c index 702421b6c851d..1732e667125c5 100644 --- a/crypto/asn1/x_exten.c +++ b/crypto/asn1/x_exten.c @@ -67,5 +67,10 @@ ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_EXTENSION) +ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) +ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) + IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 681e5d110fada..04380abc3ff9b 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -160,40 +160,40 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len int tag, int aclass, char opt, ASN1_TLC *ctx) { const unsigned char *p = *in, *q; - STACK *intname = NULL, **intname_pp = &intname; + union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; + union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; int i, j, ret; - X509_NAME *nm = NULL, **nm_pp = &nm; STACK_OF(X509_NAME_ENTRY) *entries; X509_NAME_ENTRY *entry; q = p; /* Get internal representation of Name */ - ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp, + ret = ASN1_item_ex_d2i(&intname.a, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx); if(ret <= 0) return ret; if(*val) x509_name_ex_free(val, NULL); - if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err; + if(!x509_name_ex_new(&nm.a, NULL)) goto err; /* We've decoded it: now cache encoding */ - if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; - memcpy(nm->bytes->data, q, p - q); + if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; + memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ - for(i = 0; i < sk_num(intname); i++) { - entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i); + for(i = 0; i < sk_num(intname.s); i++) { + entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; - if(!sk_X509_NAME_ENTRY_push(nm->entries, entry)) + if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; } sk_X509_NAME_ENTRY_free(entries); } - sk_free(intname); - nm->modified = 0; - *val = (ASN1_VALUE *)nm; + sk_free(intname.s); + nm.x->modified = 0; + *val = nm.a; *in = p; return ret; err: @@ -219,35 +219,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT static int x509_name_encode(X509_NAME *a) { - STACK *intname = NULL, **intname_pp = &intname; + union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; int len; unsigned char *p; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry; int i, set = -1; - intname = sk_new_null(); - if(!intname) goto memerr; + intname.s = sk_new_null(); + if(!intname.s) goto memerr; for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { entry = sk_X509_NAME_ENTRY_value(a->entries, i); if(entry->set != set) { entries = sk_X509_NAME_ENTRY_new_null(); if(!entries) goto memerr; - if(!sk_push(intname, (char *)entries)) goto memerr; + if(!sk_push(intname.s, (char *)entries)) goto memerr; set = entry->set; } if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; } - len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL, + len = ASN1_item_ex_i2d(&intname.a, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); if (!BUF_MEM_grow(a->bytes,len)) goto memerr; p=(unsigned char *)a->bytes->data; - ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, + ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - sk_pop_free(intname, sk_internal_free); + sk_pop_free(intname.s, sk_internal_free); a->modified = 0; return len; memerr: - sk_pop_free(intname, sk_internal_free); + sk_pop_free(intname.s, sk_internal_free); ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 4857cfe0ce841..3a87b0ec0b2ec 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -79,7 +79,7 @@ #include /* To get BN_LLONG properly defined */ #include -#ifdef BN_LLONG +#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT) # ifndef HAVE_LONG_LONG # define HAVE_LONG_LONG 1 # endif @@ -117,7 +117,7 @@ #if HAVE_LONG_LONG # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -# define LLONG _int64 +# define LLONG __int64 # else # define LLONG long long # endif diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 4b3860b991e30..ead477d8a29e0 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -63,7 +63,11 @@ #include "cryptlib.h" #include #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) -#include "netdb.h" +#include +#if defined(NETWARE_CLIB) +#include +NETDB_DEFINE_CONTEXT +#endif #endif #ifndef OPENSSL_NO_SOCK @@ -178,11 +182,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr) /* Note: under VMS with SOCKETSHR, it seems like the first * parameter is 'char *', instead of 'const char *' */ - s=getservbyname( #ifndef CONST_STRICT - (char *) + s=getservbyname((char *)str,"tcp"); +#else + s=getservbyname(str,"tcp"); #endif - str,"tcp"); if(s != NULL) *port_ptr=ntohs((unsigned short)s->s_port); CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); @@ -360,7 +364,11 @@ struct hostent *BIO_gethostbyname(const char *name) #if 1 /* Caching gethostbyname() results forever is wrong, * so we have to let the true gethostbyname() worry about this */ +#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) + return gethostbyname((char*)name); +#else return gethostbyname(name); +#endif #else struct hostent *ret; int i,lowi=0,j; @@ -400,11 +408,11 @@ struct hostent *BIO_gethostbyname(const char *name) /* Note: under VMS with SOCKETSHR, it seems like the first * parameter is 'char *', instead of 'const char *' */ - ret=gethostbyname( # ifndef CONST_STRICT - (char *) + ret=gethostbyname((char *)name); +# else + ret=gethostbyname(name); # endif - name); if (ret == NULL) goto end; @@ -456,9 +464,6 @@ int BIO_sock_init(void) { int err; -#ifdef SIGINT - signal(SIGINT,(void (*)(int))BIO_sock_cleanup); -#endif wsa_init_done=1; memset(&wsa_state,0,sizeof(wsa_state)); if (WSAStartup(0x0101,&wsa_state)!=0) @@ -484,11 +489,6 @@ int BIO_sock_init(void) if (!wsa_init_done) { - -# ifdef SIGINT - signal(SIGINT,(void (*)(int))BIO_sock_cleanup); -# endif - wsa_init_done=1; wVerReq = MAKEWORD( 2, 0 ); err = WSAStartup(wVerReq,&wsaData); @@ -511,7 +511,7 @@ void BIO_sock_cleanup(void) { wsa_init_done=0; #ifndef OPENSSL_SYS_WINCE - WSACancelBlockingCall(); + WSACancelBlockingCall(); /* Winsock 1.1 specific */ #endif WSACleanup(); } diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 2c9e8a7c804a7..cecb6a720771f 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -95,6 +95,7 @@ extern "C" { #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ #define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#define BIO_TYPE_COMP (23|0x0200) /* filter */ #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ #define BIO_TYPE_FILTER 0x0200 @@ -129,8 +130,8 @@ extern "C" { /* dgram BIO stuff */ #define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ #define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally - * connected socket to be - * passed in */ + * connected socket to be + * passed in */ #define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ #define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ #define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ @@ -146,14 +147,14 @@ extern "C" { #define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ #define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ #define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for - * MTU. want to use this - * if asking the kernel - * fails */ + * MTU. want to use this + * if asking the kernel + * fails */ #define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU - * was exceed in the - * previous write - * operation */ + * was exceed in the + * previous write + * operation */ #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index a0cb29b3dcee8..c3da6dc82fa9e 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -82,7 +82,7 @@ static int dgram_new(BIO *h); static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); -int BIO_dgram_should_retry(int s); +static int BIO_dgram_should_retry(int s); static BIO_METHOD methods_dgramp= { @@ -208,9 +208,13 @@ static int dgram_write(BIO *b, const char *in, int inl) clear_socket_error(); if ( data->connected ) - ret=send(b->num,in,inl,0); + ret=writesocket(b->num,in,inl); else +#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) + ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer)); +#else ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); +#endif BIO_clear_retry_flags(b); if (ret <= 0) @@ -341,30 +345,90 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) memcpy(&(data->peer), to, sizeof(struct sockaddr)); break; +#if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif +#if defined(SO_SNDTIMEO) case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: /* fall-through */ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: +#ifdef OPENSSL_SYS_WINDOWS + if ( data->_errno == WSAETIMEDOUT) +#else if ( data->_errno == EAGAIN) +#endif { ret = 1; data->_errno = 0; @@ -399,7 +463,7 @@ static int dgram_puts(BIO *bp, const char *str) return(ret); } -int BIO_dgram_should_retry(int i) +static int BIO_dgram_should_retry(int i) { int err; diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index b277367da3a4e..4df9927c437e0 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -89,6 +89,10 @@ #include "bio_lcl.h" #include +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +#include +#endif + #if !defined(OPENSSL_NO_STDIO) static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); @@ -285,9 +289,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) /* Under CLib there are differences in file modes */ if (num & BIO_FP_TEXT) - _setmode(fd,O_TEXT); + setmode(fd,O_TEXT); else - _setmode(fd,O_BINARY); + setmode(fd,O_BINARY); #elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 5c3e08fa80850..0491e3db4c474 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -67,16 +67,22 @@ bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@) co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@) +mo86-elf.s: asm/mo-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@) # COFF bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@) co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@) +mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@) # a.out bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@) co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@) +mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@) sparcv8.o: asm/sparcv8.S $(CC) $(CFLAGS) -c asm/sparcv8.S @@ -91,6 +97,8 @@ bn-mips3.o: asm/mips3.s x86_64-gcc.o: asm/x86_64-gcc.c $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c +x86_64-mont.s: asm/x86_64-mont.pl + $(PERL) asm/x86_64-mont.pl $@ bn-ia64.s: asm/ia64.S $(CC) $(CFLAGS) -E asm/ia64.S > $@ @@ -108,6 +116,7 @@ linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@ aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ +osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 7b82b820e62aa..951abc53ea5bb 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -171,21 +171,21 @@ .skip 32 // makes the loop body aligned at 64-byte boundary bn_add_words: .prologue - .fframe 0 .save ar.pfs,r2 { .mii; alloc r2=ar.pfs,4,12,0,16 cmp4.le p6,p0=r35,r0 };; { .mfb; mov r8=r0 // return value (p6) br.ret.spnt.many b0 };; - .save ar.lc,r3 { .mib; sub r10=r35,r0,1 + .save ar.lc,r3 mov r3=ar.lc brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 } - .body { .mib; ADDP r14=0,r32 // rp + .save pr,r9 mov r9=pr };; + .body { .mii; ADDP r15=0,r33 // ap mov ar.lc=r10 mov ar.ec=6 } @@ -224,21 +224,21 @@ bn_add_words: .skip 32 // makes the loop body aligned at 64-byte boundary bn_sub_words: .prologue - .fframe 0 .save ar.pfs,r2 { .mii; alloc r2=ar.pfs,4,12,0,16 cmp4.le p6,p0=r35,r0 };; { .mfb; mov r8=r0 // return value (p6) br.ret.spnt.many b0 };; - .save ar.lc,r3 { .mib; sub r10=r35,r0,1 + .save ar.lc,r3 mov r3=ar.lc brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 } - .body { .mib; ADDP r14=0,r32 // rp + .save pr,r9 mov r9=pr };; + .body { .mii; ADDP r15=0,r33 // ap mov ar.lc=r10 mov ar.ec=6 } @@ -283,7 +283,6 @@ bn_sub_words: .skip 32 // makes the loop body aligned at 64-byte boundary bn_mul_words: .prologue - .fframe 0 .save ar.pfs,r2 #ifdef XMA_TEMPTATION { .mfi; alloc r2=ar.pfs,4,0,0,0 };; @@ -294,9 +293,10 @@ bn_mul_words: cmp4.le p6,p0=r34,r0 (p6) br.ret.spnt.many b0 };; - .save ar.lc,r3 { .mii; sub r10=r34,r0,1 + .save ar.lc,r3 mov r3=ar.lc + .save pr,r9 mov r9=pr };; .body @@ -397,22 +397,21 @@ bn_mul_words: .skip 48 // makes the loop body aligned at 64-byte boundary bn_mul_add_words: .prologue - .fframe 0 .save ar.pfs,r2 - .save ar.lc,r3 - .save pr,r9 { .mmi; alloc r2=ar.pfs,4,4,0,8 cmp4.le p6,p0=r34,r0 + .save ar.lc,r3 mov r3=ar.lc };; { .mib; mov r8=r0 // return value sub r10=r34,r0,1 (p6) br.ret.spnt.many b0 };; - .body { .mib; setf.sig f8=r35 // w + .save pr,r9 mov r9=pr brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 } + .body { .mmi; ADDP r14=0,r32 // rp ADDP r15=0,r33 // ap mov ar.lc=r10 } @@ -466,7 +465,6 @@ bn_mul_add_words: .skip 32 // makes the loop body aligned at 64-byte boundary bn_sqr_words: .prologue - .fframe 0 .save ar.pfs,r2 { .mii; alloc r2=ar.pfs,3,0,0,0 sxt4 r34=r34 };; @@ -476,9 +474,10 @@ bn_sqr_words: nop.f 0x0 (p6) br.ret.spnt.many b0 };; - .save ar.lc,r3 { .mii; sub r10=r34,r0,1 + .save ar.lc,r3 mov r3=ar.lc + .save pr,r9 mov r9=pr };; .body @@ -545,7 +544,6 @@ bn_sqr_words: .align 64 bn_sqr_comba8: .prologue - .fframe 0 .save ar.pfs,r2 #if defined(_HPUX_SOURCE) && !defined(_LP64) { .mii; alloc r2=ar.pfs,2,1,0,0 @@ -617,7 +615,6 @@ bn_sqr_comba8: .align 64 bn_mul_comba8: .prologue - .fframe 0 .save ar.pfs,r2 #if defined(_HPUX_SOURCE) && !defined(_LP64) { .mii; alloc r2=ar.pfs,3,0,0,0 @@ -1175,7 +1172,6 @@ bn_mul_comba8: .align 64 bn_sqr_comba4: .prologue - .fframe 0 .save ar.pfs,r2 #if defined(_HPUX_SOURCE) && !defined(_LP64) { .mii; alloc r2=ar.pfs,2,1,0,0 @@ -1208,7 +1204,6 @@ bn_sqr_comba4: .align 64 bn_mul_comba4: .prologue - .fframe 0 .save ar.pfs,r2 #if defined(_HPUX_SOURCE) && !defined(_LP64) { .mii; alloc r2=ar.pfs,3,0,0,0 @@ -1411,11 +1406,11 @@ equ=p24 .align 64 bn_div_words: .prologue - .fframe 0 .save ar.pfs,r2 - .save b0,r3 { .mii; alloc r2=ar.pfs,3,5,0,8 + .save b0,r3 mov r3=b0 + .save pr,r10 mov r10=pr };; { .mmb; cmp.eq p6,p0=r34,r0 mov r8=-1 diff --git a/crypto/bn/asm/mo-586.pl b/crypto/bn/asm/mo-586.pl new file mode 100755 index 0000000000000..0982293094d98 --- /dev/null +++ b/crypto/bn/asm/mo-586.pl @@ -0,0 +1,603 @@ +#!/usr/bin/env perl + +# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl) +# from OpenSSL 0.9.9-dev + +sub ::asciz +{ my @str=unpack("C*",shift); + push @str,0; + while ($#str>15) { + &data_byte(@str[0..15]); + foreach (0..15) { shift @str; } + } + &data_byte(@str) if (@str); +} + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# October 2005 +# +# This is a "teaser" code, as it can be improved in several ways... +# First of all non-SSE2 path should be implemented (yes, for now it +# performs Montgomery multiplication/convolution only on SSE2-capable +# CPUs such as P4, others fall down to original code). Then inner loop +# can be unrolled and modulo-scheduled to improve ILP and possibly +# moved to 128-bit XMM register bank (though it would require input +# rearrangement and/or increase bus bandwidth utilization). Dedicated +# squaring procedure should give further performance improvement... +# Yet, for being draft, the code improves rsa512 *sign* benchmark by +# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-) + +# December 2006 +# +# Modulo-scheduling SSE2 loops results in further 15-20% improvement. +# Integer-only code [being equipped with dedicated squaring procedure] +# gives ~40% on rsa512 sign benchmark... + +push(@INC,"perlasm","../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],$0); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +&function_begin("bn_mul_mont"); + +$i="edx"; +$j="ecx"; +$ap="esi"; $tp="esi"; # overlapping variables!!! +$rp="edi"; $bp="edi"; # overlapping variables!!! +$np="ebp"; +$num="ebx"; + +$_num=&DWP(4*0,"esp"); # stack top layout +$_rp=&DWP(4*1,"esp"); +$_ap=&DWP(4*2,"esp"); +$_bp=&DWP(4*3,"esp"); +$_np=&DWP(4*4,"esp"); +$_n0=&DWP(4*5,"esp"); $_n0q=&QWP(4*5,"esp"); +$_sp=&DWP(4*6,"esp"); +$_bpend=&DWP(4*7,"esp"); +$frame=32; # size of above frame rounded up to 16n + + &xor ("eax","eax"); + &mov ("edi",&wparam(5)); # int num + &cmp ("edi",4); + &jl (&label("just_leave")); + + &lea ("esi",&wparam(0)); # put aside pointer to argument block + &lea ("edx",&wparam(1)); # load ap + &mov ("ebp","esp"); # saved stack pointer! + &add ("edi",2); # extra two words on top of tp + &neg ("edi"); + &lea ("esp",&DWP(-$frame,"esp","edi",4)); # alloca($frame+4*(num+2)) + &neg ("edi"); + + # minimize cache contention by arraning 2K window between stack + # pointer and ap argument [np is also position sensitive vector, + # but it's assumed to be near ap, as it's allocated at ~same + # time]. + &mov ("eax","esp"); + &sub ("eax","edx"); + &and ("eax",2047); + &sub ("esp","eax"); # this aligns sp and ap modulo 2048 + + &xor ("edx","esp"); + &and ("edx",2048); + &xor ("edx",2048); + &sub ("esp","edx"); # this splits them apart modulo 4096 + + &and ("esp",-64); # align to cache line + + ################################# load argument block... + &mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp + &mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap + &mov ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp + &mov ("edx",&DWP(3*4,"esi"));# const BN_ULONG *np + &mov ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0 + #&mov ("edi",&DWP(5*4,"esi"));# int num + + &mov ("esi",&DWP(0,"esi")); # pull n0[0] + &mov ($_rp,"eax"); # ... save a copy of argument block + &mov ($_ap,"ebx"); + &mov ($_bp,"ecx"); + &mov ($_np,"edx"); + &mov ($_n0,"esi"); + &lea ($num,&DWP(-3,"edi")); # num=num-1 to assist modulo-scheduling + #&mov ($_num,$num); # redundant as $num is not reused + &mov ($_sp,"ebp"); # saved stack pointer! + +if($sse2) { +$acc0="mm0"; # mmx register bank layout +$acc1="mm1"; +$car0="mm2"; +$car1="mm3"; +$mul0="mm4"; +$mul1="mm5"; +$temp="mm6"; +$mask="mm7"; + + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"eax"),26); + &jnc (&label("non_sse2")); + + &mov ("eax",-1); + &movd ($mask,"eax"); # mask 32 lower bits + + &mov ($ap,$_ap); # load input pointers + &mov ($bp,$_bp); + &mov ($np,$_np); + + &xor ($i,$i); # i=0 + &xor ($j,$j); # j=0 + + &movd ($mul0,&DWP(0,$bp)); # bp[0] + &movd ($mul1,&DWP(0,$ap)); # ap[0] + &movd ($car1,&DWP(0,$np)); # np[0] + + &pmuludq($mul1,$mul0); # ap[0]*bp[0] + &movq ($car0,$mul1); + &movq ($acc0,$mul1); # I wish movd worked for + &pand ($acc0,$mask); # inter-register transfers + + &pmuludq($mul1,$_n0q); # *=n0 + + &pmuludq($car1,$mul1); # "t[0]"*np[0]*n0 + &paddq ($car1,$acc0); + + &movd ($acc1,&DWP(4,$np)); # np[1] + &movd ($acc0,&DWP(4,$ap)); # ap[1] + + &psrlq ($car0,32); + &psrlq ($car1,32); + + &inc ($j); # j++ +&set_label("1st",16); + &pmuludq($acc0,$mul0); # ap[j]*bp[0] + &pmuludq($acc1,$mul1); # np[j]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] + &paddq ($car1,$acc0); # +=ap[j]*bp[0]; + &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] + &psrlq ($car0,32); + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[j-1]= + &psrlq ($car1,32); + + &lea ($j,&DWP(1,$j)); + &cmp ($j,$num); + &jl (&label("1st")); + + &pmuludq($acc0,$mul0); # ap[num-1]*bp[0] + &pmuludq($acc1,$mul1); # np[num-1]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &paddq ($car1,$acc0); # +=ap[num-1]*bp[0]; + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= + + &psrlq ($car0,32); + &psrlq ($car1,32); + + &paddq ($car1,$car0); + &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] + + &inc ($i); # i++ +&set_label("outer"); + &xor ($j,$j); # j=0 + + &movd ($mul0,&DWP(0,$bp,$i,4)); # bp[i] + &movd ($mul1,&DWP(0,$ap)); # ap[0] + &movd ($temp,&DWP($frame,"esp")); # tp[0] + &movd ($car1,&DWP(0,$np)); # np[0] + &pmuludq($mul1,$mul0); # ap[0]*bp[i] + + &paddq ($mul1,$temp); # +=tp[0] + &movq ($acc0,$mul1); + &movq ($car0,$mul1); + &pand ($acc0,$mask); + + &pmuludq($mul1,$_n0q); # *=n0 + + &pmuludq($car1,$mul1); + &paddq ($car1,$acc0); + + &movd ($temp,&DWP($frame+4,"esp")); # tp[1] + &movd ($acc1,&DWP(4,$np)); # np[1] + &movd ($acc0,&DWP(4,$ap)); # ap[1] + + &psrlq ($car0,32); + &psrlq ($car1,32); + &paddq ($car0,$temp); # +=tp[1] + + &inc ($j); # j++ + &dec ($num); +&set_label("inner"); + &pmuludq($acc0,$mul0); # ap[j]*bp[i] + &pmuludq($acc1,$mul1); # np[j]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &movd ($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1] + &pand ($acc0,$mask); + &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] + &paddq ($car1,$acc0); # +=ap[j]*bp[i]+tp[j] + &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] + &psrlq ($car0,32); + &movd (&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]= + &psrlq ($car1,32); + &paddq ($car0,$temp); # +=tp[j+1] + + &dec ($num); + &lea ($j,&DWP(1,$j)); # j++ + &jnz (&label("inner")); + + &mov ($num,$j); + &pmuludq($acc0,$mul0); # ap[num-1]*bp[i] + &pmuludq($acc1,$mul1); # np[num-1]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &paddq ($car1,$acc0); # +=ap[num-1]*bp[i]+tp[num-1] + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= + &psrlq ($car0,32); + &psrlq ($car1,32); + + &movd ($temp,&DWP($frame+4,"esp",$num,4)); # += tp[num] + &paddq ($car1,$car0); + &paddq ($car1,$temp); + &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] + + &lea ($i,&DWP(1,$i)); # i++ + &cmp ($i,$num); + &jle (&label("outer")); + + &emms (); # done with mmx bank + &jmp (&label("common_tail")); + +&set_label("non_sse2",16); +} + +if (0) { + &mov ("esp",$_sp); + &xor ("eax","eax"); # signal "not fast enough [yet]" + &jmp (&label("just_leave")); + # While the below code provides competitive performance for + # all key lengthes on modern Intel cores, it's still more + # than 10% slower for 4096-bit key elsewhere:-( "Competitive" + # means compared to the original integer-only assembler. + # 512-bit RSA sign is better by ~40%, but that's about all + # one can say about all CPUs... +} else { +$inp="esi"; # integer path uses these registers differently +$word="edi"; +$carry="ebp"; + + &mov ($inp,$_ap); + &lea ($carry,&DWP(1,$num)); + &mov ($word,$_bp); + &xor ($j,$j); # j=0 + &mov ("edx",$inp); + &and ($carry,1); # see if num is even + &sub ("edx",$word); # see if ap==bp + &lea ("eax",&DWP(4,$word,$num,4)); # &bp[num] + &or ($carry,"edx"); + &mov ($word,&DWP(0,$word)); # bp[0] + &jz (&label("bn_sqr_mont")); + &mov ($_bpend,"eax"); + &mov ("eax",&DWP(0,$inp)); + &xor ("edx","edx"); + +&set_label("mull",16); + &mov ($carry,"edx"); + &mul ($word); # ap[j]*bp[0] + &add ($carry,"eax"); + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] + &cmp ($j,$num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("mull")); + + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*bp[0] + &mov ($word,$_n0); + &add ("eax",$carry); + &mov ($inp,$_np); + &adc ("edx",0); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &mov (&DWP($frame,"esp",$num,4),"eax"); # tp[num-1]= + &xor ($j,$j); + &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= + &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= + + &mov ("eax",&DWP(0,$inp)); # np[0] + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ("eax",&DWP(4,$inp)); # np[1] + &adc ("edx",0); + &inc ($j); + + &jmp (&label("2ndmadd")); + +&set_label("1stmadd",16); + &mov ($carry,"edx"); + &mul ($word); # ap[j]*bp[i] + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("1stmadd")); + + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*bp[i] + &add ("eax",&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &mov ($word,$_n0); + &adc ("edx",0); + &mov ($inp,$_np); + &add ($carry,"eax"); + &adc ("edx",0); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &xor ($j,$j); + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &mov (&DWP($frame,"esp",$num,4),$carry); # tp[num-1]= + &adc ($j,0); + &mov ("eax",&DWP(0,$inp)); # np[0] + &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= + &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ("eax",&DWP(4,$inp)); # np[1] + &adc ("edx",0); + &mov ($j,1); + +&set_label("2ndmadd",16); + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+1] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j-1]= + &jl (&label("2ndmadd")); + + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &adc ("edx",0); + &add ($carry,"eax"); + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= + + &xor ("eax","eax"); + &mov ($j,$_bp); # &bp[i] + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] + &lea ($j,&DWP(4,$j)); + &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= + &cmp ($j,$_bpend); + &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= + &je (&label("common_tail")); + + &mov ($word,&DWP(0,$j)); # bp[i+1] + &mov ($inp,$_ap); + &mov ($_bp,$j); # &bp[++i] + &xor ($j,$j); + &xor ("edx","edx"); + &mov ("eax",&DWP(0,$inp)); + &jmp (&label("1stmadd")); + +&set_label("bn_sqr_mont",16); +$sbit=$num; + &mov ($_num,$num); + &mov ($_bp,$j); # i=0 + + &mov ("eax",$word); # ap[0] + &mul ($word); # ap[0]*ap[0] + &mov (&DWP($frame,"esp"),"eax"); # tp[0]= + &mov ($sbit,"edx"); + &shr ("edx",1); + &and ($sbit,1); + &inc ($j); +&set_label("sqr",16); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] + &mov ($carry,"edx"); + &mul ($word); # ap[j]*ap[0] + &add ("eax",$carry); + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &lea ($carry,&DWP(0,$sbit,"eax",2)); + &shr ("eax",31); + &cmp ($j,$_num); + &mov ($sbit,"eax"); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("sqr")); + + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[num-1] + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*ap[0] + &add ("eax",$carry); + &mov ($word,$_n0); + &adc ("edx",0); + &mov ($inp,$_np); + &lea ($carry,&DWP(0,$sbit,"eax",2)); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + &shr ("eax",31); + &mov (&DWP($frame,"esp",$j,4),$carry); # tp[num-1]= + + &lea ($carry,&DWP(0,"eax","edx",2)); + &mov ("eax",&DWP(0,$inp)); # np[0] + &shr ("edx",31); + &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num]= + &mov (&DWP($frame+8,"esp",$j,4),"edx"); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ($num,$j); + &adc ("edx",0); + &mov ("eax",&DWP(4,$inp)); # np[1] + &mov ($j,1); + +&set_label("3rdmadd",16); + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(4,$inp,$j,4)); # np[j+1] + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j-1]= + + &mov ($carry,"edx"); + &mul ($word); # np[j+1]*m + &add ($carry,&DWP($frame+4,"esp",$j,4)); # +=tp[j+1] + &lea ($j,&DWP(2,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+2] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j]= + &jl (&label("3rdmadd")); + + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &adc ("edx",0); + &add ($carry,"eax"); + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= + + &mov ($j,$_bp); # i + &xor ("eax","eax"); + &mov ($inp,$_ap); + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] + &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= + &cmp ($j,$num); + &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= + &je (&label("common_tail")); + + &mov ($word,&DWP(4,$inp,$j,4)); # ap[i] + &lea ($j,&DWP(1,$j)); + &mov ("eax",$word); + &mov ($_bp,$j); # ++i + &mul ($word); # ap[i]*ap[i] + &add ("eax",&DWP($frame,"esp",$j,4)); # +=tp[i] + &adc ("edx",0); + &mov (&DWP($frame,"esp",$j,4),"eax"); # tp[i]= + &xor ($carry,$carry); + &cmp ($j,$num); + &lea ($j,&DWP(1,$j)); + &je (&label("sqrlast")); + + &mov ($sbit,"edx"); # zaps $num + &shr ("edx",1); + &and ($sbit,1); +&set_label("sqradd",16); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] + &mov ($carry,"edx"); + &mul ($word); # ap[j]*ap[i] + &add ("eax",$carry); + &lea ($carry,&DWP(0,"eax","eax")); + &adc ("edx",0); + &shr ("eax",31); + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("eax",0); + &add ($carry,$sbit); + &adc ("eax",0); + &cmp ($j,$_num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &mov ($sbit,"eax"); + &jle (&label("sqradd")); + + &mov ($carry,"edx"); + &lea ("edx",&DWP(0,$sbit,"edx",2)); + &shr ($carry,31); +&set_label("sqrlast"); + &mov ($word,$_n0); + &mov ($inp,$_np); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &add ("edx",&DWP($frame,"esp",$j,4)); # +=tp[num] + &mov ("eax",&DWP(0,$inp)); # np[0] + &adc ($carry,0); + &mov (&DWP($frame,"esp",$j,4),"edx"); # tp[num]= + &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &lea ($num,&DWP(-1,$j)); + &adc ("edx",0); + &mov ($j,1); + &mov ("eax",&DWP(4,$inp)); # np[1] + + &jmp (&label("3rdmadd")); +} + +&set_label("common_tail",16); + &mov ($np,$_np); # load modulus pointer + &mov ($rp,$_rp); # load result pointer + &lea ($tp,&DWP($frame,"esp")); # [$ap and $bp are zapped] + + &mov ("eax",&DWP(0,$tp)); # tp[0] + &mov ($j,$num); # j=num-1 + &xor ($i,$i); # i=0 and clear CF! + +&set_label("sub",16); + &sbb ("eax",&DWP(0,$np,$i,4)); + &mov (&DWP(0,$rp,$i,4),"eax"); # rp[i]=tp[i]-np[i] + &dec ($j); # doesn't affect CF! + &mov ("eax",&DWP(4,$tp,$i,4)); # tp[i+1] + &lea ($i,&DWP(1,$i)); # i++ + &jge (&label("sub")); + + &sbb ("eax",0); # handle upmost overflow bit + &and ($tp,"eax"); + ¬ ("eax"); + &mov ($np,$rp); + &and ($np,"eax"); + &or ($tp,$np); # tp=carry?tp:rp + +&set_label("copy",16); # copy or in-place refresh + &mov ("eax",&DWP(0,$tp,$num,4)); + &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &dec ($num); + &jge (&label("copy")); + + &mov ("esp",$_sp); # pull saved stack pointer + &mov ("eax",1); +&set_label("just_leave"); +&function_end("bn_mul_mont"); + +&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl new file mode 100755 index 0000000000000..c43b69592a5ce --- /dev/null +++ b/crypto/bn/asm/x86_64-mont.pl @@ -0,0 +1,214 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# October 2005. +# +# Montgomery multiplication routine for x86_64. While it gives modest +# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more +# than twice, >2x, as fast. Most common rsa1024 sign is improved by +# respectful 50%. It remains to be seen if loop unrolling and +# dedicated squaring routine can provide further improvement... + +$output=shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $output"; + +# int bn_mul_mont( +$rp="%rdi"; # BN_ULONG *rp, +$ap="%rsi"; # const BN_ULONG *ap, +$bp="%rdx"; # const BN_ULONG *bp, +$np="%rcx"; # const BN_ULONG *np, +$n0="%r8"; # const BN_ULONG *n0, +$num="%r9"; # int num); +$lo0="%r10"; +$hi0="%r11"; +$bp="%r12"; # reassign $bp +$hi1="%r13"; +$i="%r14"; +$j="%r15"; +$m0="%rbx"; +$m1="%rbp"; + +$code=<<___; +.text + +.globl bn_mul_mont +.type bn_mul_mont,\@function,6 +.align 16 +bn_mul_mont: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov ${num}d,${num}d + lea 2($num),%rax + mov %rsp,%rbp + neg %rax + lea (%rsp,%rax,8),%rsp # tp=alloca(8*(num+2)) + and \$-1024,%rsp # minimize TLB usage + + mov %rbp,8(%rsp,$num,8) # tp[num+1]=%rsp + mov %rdx,$bp # $bp reassigned, remember? + + mov ($n0),$n0 # pull n0[0] value + + xor $i,$i # i=0 + xor $j,$j # j=0 + + mov ($bp),$m0 # m0=bp[0] + mov ($ap),%rax + mulq $m0 # ap[0]*bp[0] + mov %rax,$lo0 + mov %rdx,$hi0 + + imulq $n0,%rax # "tp[0]"*n0 + mov %rax,$m1 + + mulq ($np) # np[0]*m1 + add $lo0,%rax # discarded + adc \$0,%rdx + mov %rdx,$hi1 + + lea 1($j),$j # j++ +.L1st: + mov ($ap,$j,8),%rax + mulq $m0 # ap[j]*bp[0] + add $hi0,%rax + adc \$0,%rdx + mov %rax,$lo0 + mov ($np,$j,8),%rax + mov %rdx,$hi0 + + mulq $m1 # np[j]*m1 + add $hi1,%rax + lea 1($j),$j # j++ + adc \$0,%rdx + add $lo0,%rax # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov %rax,-16(%rsp,$j,8) # tp[j-1] + cmp $num,$j + mov %rdx,$hi1 + jl .L1st + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ +.align 4 +.Louter: + xor $j,$j # j=0 + + mov ($bp,$i,8),$m0 # m0=bp[i] + mov ($ap),%rax # ap[0] + mulq $m0 # ap[0]*bp[i] + add (%rsp),%rax # ap[0]*bp[i]+tp[0] + adc \$0,%rdx + mov %rax,$lo0 + mov %rdx,$hi0 + + imulq $n0,%rax # tp[0]*n0 + mov %rax,$m1 + + mulq ($np,$j,8) # np[0]*m1 + add $lo0,%rax # discarded + mov 8(%rsp),$lo0 # tp[1] + adc \$0,%rdx + mov %rdx,$hi1 + + lea 1($j),$j # j++ +.align 4 +.Linner: + mov ($ap,$j,8),%rax + mulq $m0 # ap[j]*bp[i] + add $hi0,%rax + adc \$0,%rdx + add %rax,$lo0 # ap[j]*bp[i]+tp[j] + mov ($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$hi0 + + mulq $m1 # np[j]*m1 + add $hi1,%rax + lea 1($j),$j # j++ + adc \$0,%rdx + add $lo0,%rax # np[j]*m1+ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov (%rsp,$j,8),$lo0 + cmp $num,$j + mov %rax,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + jl .Linner + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + add $lo0,$hi1 # pull upmost overflow bit + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ + cmp $num,$i + jl .Louter + + lea (%rsp),$ap # borrow ap for tp + lea -1($num),$j # j=num-1 + + mov ($ap),%rax # tp[0] + xor $i,$i # i=0 and clear CF! + jmp .Lsub +.align 16 +.Lsub: sbb ($np,$i,8),%rax + mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] + dec $j # doesn't affect CF! + mov 8($ap,$i,8),%rax # tp[i+1] + lea 1($i),$i # i++ + jge .Lsub + + sbb \$0,%rax # handle upmost overflow bit + and %rax,$ap + not %rax + mov $rp,$np + and %rax,$np + lea -1($num),$j + or $np,$ap # ap=borrow?tp:rp +.align 16 +.Lcopy: # copy or in-place refresh + mov ($ap,$j,8),%rax + mov %rax,($rp,$j,8) # rp[i]=tp[i] + mov $i,(%rsp,$j,8) # zap temporary vector + dec $j + jge .Lcopy + + mov 8(%rsp,$num,8),%rsp # restore %rsp + mov \$1,%rax + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + ret +.size bn_mul_mont,.-bn_mul_mont +.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by " +___ + +print $code; +close STDOUT; diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 95c5d643cbd15..6d754d5547767 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -245,8 +245,18 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 -#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ + /* avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#endif + #ifndef OPENSSL_NO_DEPRECATED #define BN_FLG_FREE 0x8000 /* used for debuging */ #endif @@ -293,7 +303,12 @@ struct bn_mont_ctx_st BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ +#if 0 + /* OpenSSL 0.9.9 preview: */ + BN_ULONG n0[2];/* least significant word(s) of Ni */ +#else BN_ULONG n0; /* least significant word of Ni */ +#endif int flags; }; @@ -534,7 +549,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, #define BN_BLINDING_NO_UPDATE 0x00000001 #define BN_BLINDING_NO_RECREATE 0x00000002 -BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); void BN_BLINDING_free(BN_BLINDING *b); int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); @@ -546,7 +561,7 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx); @@ -775,6 +790,7 @@ void ERR_load_BN_strings(void); #define BN_F_BN_CTX_NEW 106 #define BN_F_BN_CTX_START 129 #define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_NO_BRANCH 138 #define BN_F_BN_DIV_RECP 130 #define BN_F_BN_EXP 123 #define BN_F_BN_EXPAND2 108 @@ -793,6 +809,7 @@ void ERR_load_BN_strings(void); #define BN_F_BN_MOD_EXP_RECP 125 #define BN_F_BN_MOD_EXP_SIMPLE 126 #define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 #define BN_F_BN_MOD_LSHIFT_QUICK 119 #define BN_F_BN_MOD_MUL_RECIPROCAL 111 #define BN_F_BN_MOD_SQRT 121 diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index ca22d4f8bdcb0..c11fb4ccc2d3e 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -131,7 +131,7 @@ struct bn_blinding_st BN_MONT_CTX *m_ctx); }; -BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod) { BN_BLINDING *ret=NULL; @@ -151,7 +151,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; } - ret->mod = mod; + + /* save a copy of mod in the BN_BLINDING structure */ + if ((ret->mod = BN_dup(mod)) == NULL) goto err; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(ret->mod, BN_FLG_CONSTTIME); + ret->counter = BN_BLINDING_COUNTER; return(ret); err: @@ -167,6 +172,7 @@ void BN_BLINDING_free(BN_BLINDING *r) if (r->A != NULL) BN_free(r->A ); if (r->Ai != NULL) BN_free(r->Ai); if (r->e != NULL) BN_free(r->e ); + if (r->mod != NULL) BN_free(r->mod); OPENSSL_free(r); } @@ -278,7 +284,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) } BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 2857f44861a70..1e8e57626be3e 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -169,13 +169,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #endif /* OPENSSL_NO_ASM */ -/* BN_div computes dv := num / divisor, rounding towards zero, and sets up - * rm such that dv*divisor + rm = num holds. +/* BN_div[_no_branch] computes dv := num / divisor, rounding towards + * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) * rm->neg == num->neg (unless the remainder is zero) * If 'dv' or 'rm' is NULL, the respective value is not returned. */ +static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + const BIGNUM *divisor, BN_CTX *ctx); int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { @@ -185,9 +187,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG d0,d1; int num_n,div_n; + /* Invalid zero-padding would have particularly bad consequences + * in the case of 'num', so don't just rely on bn_check_top() for this one + * (bn_check_top() works only for BN_DEBUG builds) */ + if (num->top > 0 && num->d[num->top - 1] == 0) + { + BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); + return 0; + } + + bn_check_top(num); + + if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) + { + return BN_div_no_branch(dv, rm, num, divisor, ctx); + } + bn_check_top(dv); bn_check_top(rm); - bn_check_top(num); + /* bn_check_top(num); */ /* 'num' has been checked already */ bn_check_top(divisor); if (BN_is_zero(divisor)) @@ -397,4 +415,229 @@ err: return(0); } + +/* BN_div_no_branch is a special version of BN_div. It does not contain + * branches that may leak sensitive information. + */ +static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + const BIGNUM *divisor, BN_CTX *ctx) + { + int norm_shift,i,loop; + BIGNUM *tmp,wnum,*snum,*sdiv,*res; + BN_ULONG *resp,*wnump; + BN_ULONG d0,d1; + int num_n,div_n; + + bn_check_top(dv); + bn_check_top(rm); + /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ + bn_check_top(divisor); + + if (BN_is_zero(divisor)) + { + BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); + return(0); + } + + BN_CTX_start(ctx); + tmp=BN_CTX_get(ctx); + snum=BN_CTX_get(ctx); + sdiv=BN_CTX_get(ctx); + if (dv == NULL) + res=BN_CTX_get(ctx); + else res=dv; + if (sdiv == NULL || res == NULL) goto err; + + /* First we normalise the numbers */ + norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); + if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; + sdiv->neg=0; + norm_shift+=BN_BITS2; + if (!(BN_lshift(snum,num,norm_shift))) goto err; + snum->neg=0; + + /* Since we don't know whether snum is larger than sdiv, + * we pad snum with enough zeroes without changing its + * value. + */ + if (snum->top <= sdiv->top+1) + { + if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; + for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; + snum->top = sdiv->top + 2; + } + else + { + if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; + snum->d[snum->top] = 0; + snum->top ++; + } + + div_n=sdiv->top; + num_n=snum->top; + loop=num_n-div_n; + /* Lets setup a 'window' into snum + * This is the part that corresponds to the current + * 'area' being divided */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ + + /* Get the top 2 words of sdiv */ + /* div_n=sdiv->top; */ + d0=sdiv->d[div_n-1]; + d1=(div_n == 1)?0:sdiv->d[div_n-2]; + + /* pointer to the 'top' of snum */ + wnump= &(snum->d[num_n-1]); + + /* Setup to 'res' */ + res->neg= (num->neg^divisor->neg); + if (!bn_wexpand(res,(loop+1))) goto err; + res->top=loop-1; + resp= &(res->d[loop-1]); + + /* space for temp */ + if (!bn_wexpand(tmp,(div_n+1))) goto err; + + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ + if (res->top == 0) + res->neg = 0; + else + resp--; + + for (i=0; i 0x%08X\n", + n0, n1, d0, q); +#endif +#endif + +#ifndef REMAINDER_IS_ALREADY_CALCULATED + /* + * rem doesn't have to be BN_ULLONG. The least we + * know it's less that d0, isn't it? + */ + rem=(n1-q*d0)&BN_MASK2; +#endif + t2=(BN_ULLONG)d1*q; + + for (;;) + { + if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", + n0, n1, d0, q); +#endif +#ifndef REMAINDER_IS_ALREADY_CALCULATED + rem=(n1-q*d0)&BN_MASK2; +#endif + +#if defined(BN_UMULT_LOHI) + BN_UMULT_LOHI(t2l,t2h,d1,q); +#elif defined(BN_UMULT_HIGH) + t2l = d1 * q; + t2h = BN_UMULT_HIGH(d1,q); +#else + t2l=LBITS(d1); t2h=HBITS(d1); + ql =LBITS(q); qh =HBITS(q); + mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ +#endif + + for (;;) + { + if ((t2h < rem) || + ((t2h == rem) && (t2l <= wnump[-2]))) + break; + q--; + rem += d0; + if (rem < d0) break; /* don't let rem overflow */ + if (t2l < d1) t2h--; t2l -= d1; + } +#endif /* !BN_LLONG */ + } +#endif /* !BN_DIV3W */ + + l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); + tmp->d[div_n]=l0; + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) + { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ + q--; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; + } + /* store part of the result */ + *resp = q; + } + bn_correct_top(snum); + if (rm != NULL) + { + /* Keep a copy of the neg flag in num because if rm==num + * BN_rshift() will overwrite it. + */ + int neg = num->neg; + BN_rshift(rm,snum,norm_shift); + if (!BN_is_zero(rm)) + rm->neg = neg; + bn_check_top(rm); + } + bn_correct_top(res); + BN_CTX_end(ctx); + return(1); +err: + bn_check_top(rm); + BN_CTX_end(ctx); + return(0); + } + #endif diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 24fbbb772d0fc..cfe2eb94a0ce7 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -82,6 +82,7 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, +{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, @@ -100,6 +101,7 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, +{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 8f8c694481911..70a33f0d936c8 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -122,9 +122,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int i,bits,ret=0; BIGNUM *v,*rr; - if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } @@ -213,7 +213,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD - if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0)) + if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); @@ -245,9 +245,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } @@ -379,7 +379,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; - if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); } @@ -745,9 +745,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } @@ -881,9 +881,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index f02e6fcdb4229..4a352119ba8aa 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -203,6 +203,8 @@ err: /* solves ax == 1 (mod n) */ +static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { @@ -210,6 +212,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *ret=NULL; int sign; + if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) + { + return BN_mod_inverse_no_branch(in, a, n, ctx); + } + bn_check_top(a); bn_check_top(n); @@ -491,3 +498,157 @@ err: bn_check_top(ret); return(ret); } + + +/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. + * It does not contain branches that may leak sensitive information. + */ +static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) + { + BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; + BIGNUM local_A, local_B; + BIGNUM *pA, *pB; + BIGNUM *ret=NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) goto err; + + if (in == NULL) + R=BN_new(); + else + R=in; + if (R == NULL) goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B,a) == NULL) goto err; + if (BN_copy(A,n) == NULL) goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) + { + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pB = &local_B; + BN_with_flags(pB, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, pB, A, ctx)) goto err; + } + sign = -1; + /* From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) + { + BIGNUM *tmp; + + /* + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pA = &local_A; + BN_with_flags(pA, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D,M,pA,B,ctx)) goto err; + + /* Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp=A; /* keep the BIGNUM object, the value does not matter */ + + /* (A, B) := (B, A mod B) ... */ + A=B; + B=M; + /* ... so we have 0 <= B < A again */ + + /* Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp,D,X,ctx)) goto err; + if (!BN_add(tmp,tmp,Y)) goto err; + + M=Y; /* keep the BIGNUM object, the value does not matter */ + Y=X; + X=tmp; + sign = -sign; + } + + /* + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) + { + if (!BN_sub(Y,n,Y)) goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) + { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y,n) < 0) + { + if (!BN_copy(R,Y)) goto err; + } + else + { + if (!BN_nnmod(R,Y,n,ctx)) goto err; + } + } + else + { + BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE); + goto err; + } + ret=R; +err: + if ((ret == NULL) && (in == NULL)) BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return(ret); + } diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 6a793857e1305..306f029f2789c 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -384,7 +384,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (zz == 0) break; d1 = BN_BITS2 - d0; - if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ + /* clear up the top d1 bits */ + if (d0) + z[dN] = (z[dN] << d1) >> d1; + else + z[dN] = 0; z[0] ^= zz; /* reduction t^0 component */ for (k = 1; p[k] != 0; k++) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index ad4ca7ff305a8..27ac4397a1517 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -481,6 +481,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); #ifdef __cplusplus } diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 210ccb42bba1b..2649b8c538510 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -763,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n) i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) return 0; - return((a->d[i]&(((BN_ULONG)1)<d[i])>>j)&((BN_ULONG)1)); } int BN_mask_bits(BIGNUM *a, int n) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 961ca67ea1f58..4799b152ddcba 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -122,11 +122,50 @@ #define MONT_WORD /* use the faster word-based algorithm */ +#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +/* This condition means we have a specific non-default build: + * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any + * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. + * I.e., if we are here, the user intentionally deviates from the + * normal stable build to get better Montgomery performance from + * the 0.9.9-dev backport. + * + * In this case only, we also enable BN_from_montgomery_word() + * (another non-stable feature from 0.9.9-dev). + */ +#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#endif + +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +#endif + + + int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret=0; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) + int num = mont->N.top; + + if (num>1 && a->top==num && b->top==num) + { + if (bn_wexpand(r,num) == NULL) return(0); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) +#else + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) +#endif + { + r->neg = a->neg^b->neg; + r->top = num; + bn_correct_top(r); + return(1); + } + } +#endif BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); @@ -142,7 +181,11 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (!BN_mul(tmp,a,b,ctx)) goto err; } /* reduce from aRR to aR */ +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + if (!BN_from_montgomery_word(r,tmp,mont)) goto err; +#else if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; +#endif bn_check_top(r); ret=1; err: @@ -150,6 +193,150 @@ err: return(ret); } +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + { + BIGNUM *n; + BN_ULONG *ap,*np,*rp,n0,v,*nrp; + int al,nl,max,i,x,ri; + + n= &(mont->N); + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ + al=ri=mont->ri/BN_BITS2; + + nl=n->top; + if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } + + max=(nl+al+1); /* allow for overflow (no?) XXX */ + if (bn_wexpand(r,max) == NULL) return(0); + + r->neg^=n->neg; + np=n->d; + rp=r->d; + nrp= &(r->d[nl]); + + /* clear the top words of T */ + for (i=r->top; id[i]=0; + + r->top=max; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + n0=mont->n0[0]; +#else + n0=mont->n0; +#endif + +#ifdef BN_COUNT + fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); +#endif + for (i=0; i= v) + continue; + else + { + if (((++nrp[0])&BN_MASK2) != 0) continue; + if (((++nrp[1])&BN_MASK2) != 0) continue; + for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; + } + } + bn_correct_top(r); + + /* mont->ri will be a multiple of the word size and below code + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ + if (r->top <= ri) + { + ret->top=0; + return(1); + } + al=r->top-ri; + + if (bn_wexpand(ret,ri) == NULL) return(0); + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); + + { + size_t m1,m2; + + v=bn_sub_words(rp,ap,np,ri); + /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ + /* in other words if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ + m1|=m2; /* (al!=ri) */ + m1|=(0-(size_t)v); /* (al!=ri || v) */ + m1&=~m2; /* (al!=ri || v) && !al>ri */ + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + } + + /* 'ineg=a->neg^n->neg; np=n->d; @@ -228,19 +414,72 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, } bn_correct_top(r); - /* mont->ri will be a multiple of the word size */ -#if 0 - BN_rshift(ret,r,mont->ri); -#else - ret->neg = r->neg; - x=ri; + /* mont->ri will be a multiple of the word size and below code + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ + if (r->top <= ri) + { + ret->top=0; + retn=1; + goto err; + } + al=r->top-ri; + +# define BRANCH_FREE 1 +# if BRANCH_FREE + if (bn_wexpand(ret,ri) == NULL) goto err; + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ + ret->neg=r->neg; + rp=ret->d; - ap= &(r->d[x]); - if (r->top < x) - al=0; - else - al=r->top-x; + ap=&(r->d[ri]); + + { + size_t m1,m2; + + v=bn_sub_words(rp,ap,np,ri); + /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ + /* in other words if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ + m1|=m2; /* (al!=ri) */ + m1|=(0-(size_t)v); /* (al!=ri || v) */ + m1&=~m2; /* (al!=ri || v) && !al>ri */ + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + } + + /* 'itop=al; + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); al-=4; for (i=0; iri)) goto err; #endif /* MONT_WORD */ +#if !defined(BRANCH_FREE) || BRANCH_FREE==0 if (BN_ucmp(ret, &(mont->N)) >= 0) { if (!BN_usub(ret,ret,&(mont->N))) goto err; } +#endif retn=1; bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); } +#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ BN_MONT_CTX *BN_MONT_CTX_new(void) { @@ -307,6 +549,11 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx) BN_init(&(ctx->RR)); BN_init(&(ctx->N)); BN_init(&(ctx->Ni)); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + ctx->n0[0] = ctx->n0[1] = 0; +#else + ctx->n0 = 0; +#endif ctx->flags=0; } @@ -340,14 +587,51 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; BN_zero(R); +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", + only certain BN_BITS2<=32 platforms actually need this */ + if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ +#else if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ +#endif buf[0]=mod->d[0]; /* tmod = N mod word size */ buf[1]=0; + + BN_init(&tmod); tmod.d=buf; tmod.top = buf[0] != 0 ? 1 : 0; tmod.dmax=2; tmod.neg=0; + +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; + only certain BN_BITS2<=32 platforms actually need this */ + tmod.top=0; + if ((buf[0] = mod->d[0])) tmod.top=1; + if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; + + if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) + goto err; + if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) + { + if (!BN_sub_word(Ri,1)) goto err; + } + else /* if N mod word size == 1 */ + { + if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) + goto err; + /* Ri-- (mod double word size) */ + Ri->neg=0; + Ri->d[0]=BN_MASK2; + Ri->d[1]=BN_MASK2; + Ri->top=2; + } + if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; + /* Ni = (R*Ri-1)/N, + * keep only couple of least significant words: */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; +#else /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) goto err; @@ -363,7 +647,13 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; /* Ni = (R*Ri-1)/N, * keep only least significant word: */ +# if 0 /* for OpenSSL 0.9.9 mont->n0 */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = 0; +# else mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; +# endif +#endif } #else /* !MONT_WORD */ { /* bignum version */ @@ -399,7 +689,12 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) if (!BN_copy(&(to->N),&(from->N))) return NULL; if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; to->ri=from->ri; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + to->n0[0]=from->n0[0]; + to->n0[1]=from->n0[1]; +#else to->n0=from->n0; +#endif return(to); } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index aec1eafc65fbb..b848c8cc60f4d 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -389,6 +389,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ +/* dnX may not be positive, but n2/2+dnX has to be */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna, int dnb, BN_ULONG *t) { @@ -398,7 +399,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); # endif # ifdef BN_MUL_COMBA # if 0 @@ -545,6 +546,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* n+tn is the word length * t needs to be n*4 is size, as does r */ +/* tnX may not be negative but less than n */ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { @@ -553,8 +555,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", - tna, n, tnb, n); + fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", + n, tna, n, tnb); # endif if (n < 8) { @@ -655,14 +657,17 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, for (;;) { i/=2; - if (i < tna && i < tnb) + /* these simplified conditions work + * exclusively because difference + * between tna and tnb is 1 or 0 */ + if (i < tna || i < tnb) { bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), i,tna-i,tnb-i,p); break; } - else if (i <= tna && i <= tnb) + else if (i == tna || i == tnb) { bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index f8e306bb82d38..1fc94f55c32cb 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -59,6 +59,7 @@ #include "bn_lcl.h" #include "cryptlib.h" + #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 @@ -99,114 +100,106 @@ static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; -#elif BN_BITS2 == 16 -static const BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000, - 0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF, - 0xFFFF}; -static const BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000, - 0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; -static const BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, - 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF}; -#elif BN_BITS2 == 8 -static const BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF}; -static const BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; -static const BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0x01}; #endif + +static const BIGNUM _bignum_nist_p_192 = + { + (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, + BN_NIST_192_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_224 = + { + (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, + BN_NIST_224_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_256 = + { + (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, + BN_NIST_256_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_384 = + { + (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, + BN_NIST_384_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_521 = + { + (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, + BN_NIST_521_TOP, + 0, + BN_FLG_STATIC_DATA + }; + + const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, - BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_192; + return &_bignum_nist_p_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, - BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_224; + return &_bignum_nist_p_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, - BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_256; + return &_bignum_nist_p_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, - BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_384; + return &_bignum_nist_p_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_521; + return &_bignum_nist_p_521; } -/* some misc internal functions */ -#if BN_BITS2 != 64 -static BN_ULONG _256_data[BN_NIST_256_TOP*6]; -static int _is_set_256_data = 0; -static void _init_256_data(void); - -static BN_ULONG _384_data[BN_NIST_384_TOP*8]; -static int _is_set_384_data = 0; -static void _init_384_data(void); -#endif - -#define BN_NIST_ADD_ONE(a) while (!(++(*(a)))) ++(a); static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - for (i = (max) - (top); i != 0; i--) - *_tmp1++ = (BN_ULONG) 0; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + + OPENSSL_assert(top <= max); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + for (i = (max) - (top); i != 0; i--) + *_tmp1++ = (BN_ULONG) 0; + } static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + } #if BN_BITS2 == 64 -#define bn_cp_64(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; /* TBD */ -#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; #else #define bn_cp_64(to, n, from, m) \ @@ -220,26 +213,8 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) bn_32_set_0(to, (n)*2+1); \ } #if BN_BITS2 == 32 -#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -#elif BN_BITS2 == 16 -#define bn_cp_32(to, n, from, m) \ - { \ - (to)[(n)*2] = (from)[(m)*2]; \ - (to)[(n)*2+1] = (from)[(m)*2+1];\ - } -#define bn_32_set_0(to, n) { (to)[(n)*2] = 0; (to)[(n)*2+1] = 0; } -#elif BN_BITS2 == 8 -#define bn_cp_32(to, n, from, m) \ - { \ - (to)[(n)*4] = (from)[(m)*4]; \ - (to)[(n)*4+1] = (from)[(m)*4+1];\ - (to)[(n)*4+2] = (from)[(m)*4+2];\ - (to)[(n)*4+3] = (from)[(m)*4+3];\ - } -#define bn_32_set_0(to, n) \ - { (to)[(n)*4] = (BN_ULONG)0; (to)[(n)*4+1] = (BN_ULONG)0; \ - (to)[(n)*4+2] = (BN_ULONG)0; (to)[(n)*4+3] = (BN_ULONG)0; } #endif #endif /* BN_BITS2 != 64 */ @@ -255,10 +230,18 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { int top = a->top, i; - BN_ULONG carry = 0; + int carry; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_192_TOP], - buf[BN_NIST_192_TOP]; + buf[BN_NIST_192_TOP], + c_d[BN_NIST_192_TOP], + *res; + size_t mask; + + field = &_bignum_nist_p_192; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP) + return BN_nnmod(r, field, a, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -269,9 +252,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a) ? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_192_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_192_TOP)) @@ -284,41 +264,33 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma message save -# pragma message disable BADSUBSCRIPT -#endif - nist_set_192(t_d, buf, 0, 3, 3); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; - + carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_192(t_d, buf, 4, 4, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; - -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma message restore -#endif + carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); nist_set_192(t_d, buf, 5, 5, 5) - if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - while (carry) - { - if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP)) - --carry; - } + nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) + + if (BN_ucmp(field, r) <= 0) { - bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); - bn_correct_top(r); + if (!BN_usub(r, r, field)) return 0; } - bn_check_top(r); return 1; } @@ -336,12 +308,20 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int top = a->top, i; - int carry = 0; + int carry; BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_224_TOP], - buf[BN_NIST_224_TOP]; + buf[BN_NIST_224_TOP], + c_d[BN_NIST_224_TOP], + *res; + size_t mask; + + field = &_bignum_nist_p_224; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP) + return BN_nnmod(r, field, a, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -352,9 +332,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_224_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_224_TOP)) @@ -368,65 +345,53 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - ++carry; + carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); + bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP)) + bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#endif nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - --carry; - - if (carry > 0) - while (carry) - { - if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) - --carry; - } - else if (carry < 0) - while (carry) - { - if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) - ++carry; - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); + bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#endif r->top = BN_NIST_224_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) + + if (BN_ucmp(field, r) <= 0) { - bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); - bn_correct_top(r); + if (!BN_usub(r, r, field)) return 0; } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } -#if BN_BITS2 != 64 -static void _init_256_data(void) - { - int i; - BN_ULONG *tmp1 = _256_data; - const BN_ULONG *tmp2 = tmp1; - - memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG)); - tmp1 += BN_NIST_256_TOP; - - for (i=0; i<5; i++) - { - bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP); - tmp2 = tmp1; - tmp1 += BN_NIST_256_TOP; - } - _is_set_256_data = 1; - } -#endif - #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ { \ if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ @@ -442,24 +407,21 @@ static void _init_256_data(void) int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; BN_ULONG t_d[BN_NIST_256_TOP], - t_d2[BN_NIST_256_TOP], - buf[BN_NIST_256_TOP]; + buf[BN_NIST_256_TOP], + c_d[BN_NIST_256_TOP], + *res; + size_t mask; + + field = &_bignum_nist_p_256; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP) + return BN_nnmod(r, field, a, ctx); - if (!_is_set_256_data) - { - CRYPTO_w_lock(CRYPTO_LOCK_BN); - - if (!_is_set_256_data) - _init_256_data(); - - CRYPTO_w_unlock(CRYPTO_LOCK_BN); - } - i = BN_ucmp(field, a); if (i == 0) { @@ -469,9 +431,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_256_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_256_TOP)) @@ -487,98 +446,96 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /*S1*/ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(t_d2,buf, 0, 15, 14, 13, 12, 0, 0, 0); - if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP)) - carry = 2; - /* left shift */ - { - register BN_ULONG *ap,t,c; - ap = t_d; - c=0; - for (i = BN_NIST_256_TOP; i != 0; --i) - { - t= *ap; - *(ap++)=((t<<1)|c)&BN_MASK2; - c=(t & BN_TBIT)?1:0; - } - if (c) - ++carry; - } + nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0); + carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); + + carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); + + carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; /*S3*/ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S4*/ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*D1*/ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP)) + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D2*/ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D3*/ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif /*D4*/ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - --carry; - - if (carry) - { - if (carry > 0) - bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP * - --carry, BN_NIST_256_TOP); - else - { - carry = -carry; - bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP * - --carry, BN_NIST_256_TOP); - } - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); + bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); +#endif r->top = BN_NIST_256_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) + + if (BN_ucmp(field, r) <= 0) { - bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); - bn_correct_top(r); + if (!BN_usub(r, r, field)) return 0; } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } -#if BN_BITS2 != 64 -static void _init_384_data(void) - { - int i; - BN_ULONG *tmp1 = _384_data; - const BN_ULONG *tmp2 = tmp1; - - memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG)); - tmp1 += BN_NIST_384_TOP; - - for (i=0; i<7; i++) - { - bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP); - tmp2 = tmp1; - tmp1 += BN_NIST_384_TOP; - } - _is_set_384_data = 1; - } -#endif - #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ { \ if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ @@ -598,22 +555,20 @@ static void _init_384_data(void) int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 != 64 +#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_384_TOP], - buf[BN_NIST_384_TOP]; + buf[BN_NIST_384_TOP], + c_d[BN_NIST_384_TOP], + *res; + size_t mask; - if (!_is_set_384_data) - { - CRYPTO_w_lock(CRYPTO_LOCK_BN); - - if (!_is_set_384_data) - _init_384_data(); + field = &_bignum_nist_p_384; /* just to make sure */ - CRYPTO_w_unlock(CRYPTO_LOCK_BN); - } + if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP) + return BN_nnmod(r, field, a, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -624,9 +579,6 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_384_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_384_TOP)) @@ -646,72 +598,108 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, register BN_ULONG *ap,t,c; ap = t_d; c=0; - for (i = BN_NIST_256_TOP; i != 0; --i) + for (i = 3; i != 0; --i) { t= *ap; *(ap++)=((t<<1)|c)&BN_MASK2; c=(t & BN_TBIT)?1:0; } + *ap=c; } - if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), - t_d, BN_NIST_256_TOP)) - ++carry; + carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + t_d, BN_NIST_256_TOP); + /* + * we need if (result>=modulus) subtract(result,modulus); + * in n-bit space this can be expressed as + * if (carry || result>=modulus) subtract(result,modulus); + * the catch is that comparison implies subtraction and + * therefore one can write tmp=subtract(result,modulus); + * and then if(carry || !borrow) result=tmp; this's what + * happens below, but without explicit if:-) a. + */ + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S2 */ - if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S5*/ - nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4); - if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), - t_d, BN_NIST_256_TOP)) - ++carry; + nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); - if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - ++carry; + carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = ~mask | (0-(size_t)carry); + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else + if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP)) + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); +#else if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - --carry; - - if (carry) - { - if (carry > 0) - bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP * - --carry, BN_NIST_384_TOP); - else - { - carry = -carry; - bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP * - --carry, BN_NIST_384_TOP); - } - } +#if BRANCH_FREE + carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); + bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); + mask = 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); +#else + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); +#endif r->top = BN_NIST_384_TOP; bn_correct_top(r); - if (BN_ucmp(r, field) >= 0) + + if (BN_ucmp(field, r) <= 0) { - bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); - bn_correct_top(r); + if (!BN_usub(r, r, field)) return 0; } - bn_check_top(r); + return 1; -#else +#else /* BN_BITS!=32 */ return 0; #endif } @@ -723,20 +711,37 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #elif BN_BITS2 == 32 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 16 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 8 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1 #endif int top, ret = 0; - BN_ULONG *r_d; BIGNUM *tmp; + field = &_bignum_nist_p_521; /* just to make sure */ + + if (BN_is_negative(a)) + return BN_nnmod(r, field, a, ctx); + /* check whether a reduction is necessary */ top = a->top; if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && - (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) - return (r == a)? 1 : (BN_copy(r ,a) != NULL); + (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) + { + int i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else + { +#ifdef BN_DEBUG + OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */ +#endif + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + } + } + + if (BN_num_bits(a) > 2*521) + return BN_nnmod(r, field, a, ctx); BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); @@ -756,15 +761,11 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (!BN_uadd(r, tmp, r)) goto err; - top = r->top; - r_d = r->d; - if (top == BN_NIST_521_TOP && - (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) + + if (BN_ucmp(field, r) <= 0) { - BN_NIST_ADD_ONE(r_d) - r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + if (!BN_usub(r, r, field)) goto err; } - bn_correct_top(r); ret = 1; err: diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 5bab019553bf2..7b25979dd1c45 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -377,14 +377,14 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, static int probable_prime(BIGNUM *rnd, int bits) { int i; - BN_ULONG mods[NUMPRIMES]; + prime_t mods[NUMPRIMES]; BN_ULONG delta,maxdelta; again: if (!BN_rand(rnd,bits,1,1)) return(0); /* we now have a random number 'rand' to test. */ for (i=1; i> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_asn1.o: ../../include/openssl/opensslconf.h +cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_asn1.o: cms.h cms_asn1.c cms_lcl.h +cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_att.o: cms.h cms_att.c cms_lcl.h +cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_err.o: cms_err.c +cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h +cms_io.o: cms_io.c cms_lcl.h +cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h +cms_lib.o: cms_lcl.h cms_lib.c +cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c +cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h +cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_smime.o: ../../include/openssl/objects.h +cms_smime.o: ../../include/openssl/opensslconf.h +cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h new file mode 100644 index 0000000000000..25f88745f23e8 --- /dev/null +++ b/crypto/cms/cms.h @@ -0,0 +1,473 @@ +/* crypto/cms/cms.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMS_H +#define HEADER_CMS_H + +#include + +#ifdef OPENSSL_NO_CMS +#error CMS is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(GENERAL_NAMES) +DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +#ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +#endif + +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, + unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, + unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +#ifdef HEADER_X509V3_H + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); + +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMS_strings(void); + +/* Error codes for the CMS functions. */ + +/* Function codes. */ +#define CMS_F_CHECK_CONTENT 99 +#define CMS_F_CMS_ADD0_CERT 164 +#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +#define CMS_F_CMS_ADD1_SIGNER 102 +#define CMS_F_CMS_ADD1_SIGNINGTIME 103 +#define CMS_F_CMS_COMPRESS 104 +#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +#define CMS_F_CMS_COPY_CONTENT 107 +#define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +#define CMS_F_CMS_DATA 109 +#define CMS_F_CMS_DATAFINAL 110 +#define CMS_F_CMS_DATAINIT 111 +#define CMS_F_CMS_DECRYPT 112 +#define CMS_F_CMS_DECRYPT_SET1_KEY 113 +#define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +#define CMS_F_CMS_DIGEST_VERIFY 118 +#define CMS_F_CMS_ENCODE_RECEIPT 161 +#define CMS_F_CMS_ENCRYPT 119 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +#define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +#define CMS_F_CMS_FINAL 127 +#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +#define CMS_F_CMS_GET0_CONTENT 129 +#define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +#define CMS_F_CMS_GET0_ENVELOPED 131 +#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +#define CMS_F_CMS_GET0_SIGNED 133 +#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +#define CMS_F_CMS_RECEIPT_VERIFY 160 +#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +#define CMS_F_CMS_SET_DETACHED 147 +#define CMS_F_CMS_SIGN 148 +#define CMS_F_CMS_SIGNED_DATA_INIT 149 +#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +#define CMS_F_CMS_SIGNERINFO_SIGN 151 +#define CMS_F_CMS_SIGNERINFO_VERIFY 152 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +#define CMS_F_CMS_SIGN_RECEIPT 163 +#define CMS_F_CMS_STREAM 155 +#define CMS_F_CMS_UNCOMPRESS 156 +#define CMS_F_CMS_VERIFY 157 + +/* Reason codes. */ +#define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +#define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +#define CMS_R_CIPHER_INITIALISATION_ERROR 101 +#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +#define CMS_R_CMS_DATAFINAL_ERROR 103 +#define CMS_R_CMS_LIB 104 +#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +#define CMS_R_CONTENT_NOT_FOUND 105 +#define CMS_R_CONTENT_TYPE_MISMATCH 171 +#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +#define CMS_R_CONTENT_VERIFY_ERROR 109 +#define CMS_R_CTRL_ERROR 110 +#define CMS_R_CTRL_FAILURE 111 +#define CMS_R_DECRYPT_ERROR 112 +#define CMS_R_DIGEST_ERROR 161 +#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +#define CMS_R_ERROR_SETTING_KEY 115 +#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +#define CMS_R_INVALID_KEY_LENGTH 118 +#define CMS_R_MD_BIO_INIT_ERROR 119 +#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +#define CMS_R_MSGSIGDIGEST_ERROR 172 +#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +#define CMS_R_NEED_ONE_SIGNER 164 +#define CMS_R_NOT_A_SIGNED_RECEIPT 165 +#define CMS_R_NOT_ENCRYPTED_DATA 122 +#define CMS_R_NOT_KEK 123 +#define CMS_R_NOT_KEY_TRANSPORT 124 +#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +#define CMS_R_NO_CIPHER 126 +#define CMS_R_NO_CONTENT 127 +#define CMS_R_NO_CONTENT_TYPE 173 +#define CMS_R_NO_DEFAULT_DIGEST 128 +#define CMS_R_NO_DIGEST_SET 129 +#define CMS_R_NO_KEY 130 +#define CMS_R_NO_KEY_OR_CERT 174 +#define CMS_R_NO_MATCHING_DIGEST 131 +#define CMS_R_NO_MATCHING_RECIPIENT 132 +#define CMS_R_NO_MATCHING_SIGNATURE 166 +#define CMS_R_NO_MSGSIGDIGEST 167 +#define CMS_R_NO_PRIVATE_KEY 133 +#define CMS_R_NO_PUBLIC_KEY 134 +#define CMS_R_NO_RECEIPT_REQUEST 168 +#define CMS_R_NO_SIGNERS 135 +#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +#define CMS_R_RECEIPT_DECODE_ERROR 169 +#define CMS_R_RECIPIENT_ERROR 137 +#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +#define CMS_R_SIGNFINAL_ERROR 139 +#define CMS_R_SMIME_TEXT_ERROR 140 +#define CMS_R_STORE_INIT_ERROR 141 +#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +#define CMS_R_TYPE_NOT_DATA 143 +#define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +#define CMS_R_UNKNOWN_CIPHER 148 +#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 +#define CMS_R_UNKNOWN_ID 150 +#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 +#define CMS_R_UNSUPPORTED_TYPE 156 +#define CMS_R_UNWRAP_ERROR 157 +#define CMS_R_VERIFICATION_FAILURE 158 +#define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c new file mode 100644 index 0000000000000..7664921861837 --- /dev/null +++ b/crypto/cms/cms_asn1.c @@ -0,0 +1,346 @@ +/* crypto/cms/cms_asn1.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + + +ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) +} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber) + +ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { + ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) + +ASN1_CHOICE(CMS_CertificateChoices) = { + ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), + ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), + ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), + ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), + ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) +} ASN1_CHOICE_END(CMS_CertificateChoices) + +ASN1_CHOICE(CMS_SignerIdentifier) = { + ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) +} ASN1_CHOICE_END(CMS_SignerIdentifier) + +ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { + ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), + ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) +} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) + +/* Minor tweak to operation: free up signer key, cert */ +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { + if(operation == ASN1_OP_FREE_POST) + { + CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; + if (si->pkey) + EVP_PKEY_free(si->pkey); + if (si->signer) + X509_free(si->signer); + } + return 1; + } + +ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { + ASN1_SIMPLE(CMS_SignerInfo, version, LONG), + ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), + ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) +} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo) + +ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { + ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) + +ASN1_CHOICE(CMS_RevocationInfoChoice) = { + ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), + ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) +} ASN1_CHOICE_END(CMS_RevocationInfoChoice) + +ASN1_NDEF_SEQUENCE(CMS_SignedData) = { + ASN1_SIMPLE(CMS_SignedData, version, LONG), + ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), + ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), + ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) +} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) + +ASN1_SEQUENCE(CMS_OriginatorInfo) = { + ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) +} ASN1_SEQUENCE_END(CMS_OriginatorInfo) + +ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), + ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) +} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) + +ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo) + +ASN1_SEQUENCE(CMS_OtherKeyAttribute) = { + ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), + ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute) + +ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { + ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) +} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) + +ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { + ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) +} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) + +ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { + ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), + ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey) + +ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { + ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) + +ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { + ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) +} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) + +ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = { + ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG), + ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), + ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), + ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) +} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo) + +ASN1_SEQUENCE(CMS_KEKIdentifier) = { + ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) +} ASN1_SEQUENCE_END(CMS_KEKIdentifier) + +ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { + ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG), + ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), + ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) + +ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { + ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG), + ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) + +ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { + ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) +} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) + +/* Free up RecipientInfo additional data */ +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { + if(operation == ASN1_OP_FREE_PRE) + { + CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; + if (ri->type == CMS_RECIPINFO_TRANS) + { + CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + if (ktri->pkey) + EVP_PKEY_free(ktri->pkey); + if (ktri->recip) + X509_free(ktri->recip); + } + else if (ri->type == CMS_RECIPINFO_KEK) + { + CMS_KEKRecipientInfo *kekri = ri->d.kekri; + if (kekri->key) + { + OPENSSL_cleanse(kekri->key, kekri->keylen); + OPENSSL_free(kekri->key); + } + } + } + return 1; + } + +ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { + ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), + ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), + ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), + ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), + ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) +} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) + +ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { + ASN1_SIMPLE(CMS_EnvelopedData, version, LONG), + ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) +} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) + +ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { + ASN1_SIMPLE(CMS_DigestedData, version, LONG), + ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) +} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) + +ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { + ASN1_SIMPLE(CMS_EncryptedData, version, LONG), + ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) +} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) + +ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { + ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG), + ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), + ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), + ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), + ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) +} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) + +ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { + ASN1_SIMPLE(CMS_CompressedData, version, LONG), + ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), +} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) + +/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ + +ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0); + +ASN1_ADB(CMS_ContentInfo) = { + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), + ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), + ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), +} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); + +ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = { + ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), + ASN1_ADB_OBJECT(CMS_ContentInfo) +} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo) + +/* Specials for signed attributes */ + +/* When signing attributes we want to reorder them to match the sorted + * encoding. + */ + +ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) + +/* When verifying attributes we need to use the received order. So + * we use SEQUENCE OF and tag it to SET OF + */ + +ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) + + + +ASN1_CHOICE(CMS_ReceiptsFrom) = { + ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), + ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) +} ASN1_CHOICE_END(CMS_ReceiptsFrom) + +ASN1_SEQUENCE(CMS_ReceiptRequest) = { + ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), + ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) +} ASN1_SEQUENCE_END(CMS_ReceiptRequest) + +ASN1_SEQUENCE(CMS_Receipt) = { + ASN1_SIMPLE(CMS_Receipt, version, LONG), + ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_Receipt) + diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c new file mode 100644 index 0000000000000..5b71722ebc80e --- /dev/null +++ b/crypto/cms/cms_att.c @@ -0,0 +1,195 @@ +/* crypto/cms/cms_att.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +/* CMS SignedData Attribute utilities */ + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si) +{ + return X509at_get_attr_count(si->signedAttrs); +} + +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); +} + +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); +} + +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) +{ + return X509at_get_attr(si->signedAttrs, loc); +} + +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) +{ + return X509at_delete_attr(si->signedAttrs, loc); +} + +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&si->signedAttrs, attr)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, + type, bytes, len)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&si->signedAttrs, nid, + type, bytes, len)) return 1; + return 0; +} + +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname, + type, bytes, len)) return 1; + return 0; +} + +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type) +{ + return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); +} + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) +{ + return X509at_get_attr_count(si->unsignedAttrs); +} + +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); +} + +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); +} + +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) +{ + return X509at_get_attr(si->unsignedAttrs, loc); +} + +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) +{ + return X509at_delete_attr(si->unsignedAttrs, loc); +} + +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, + type, bytes, len)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, + type, bytes, len)) return 1; + return 0; +} + +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, + type, bytes, len)) return 1; + return 0; +} + +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type) +{ + return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); +} + +/* Specific attribute cases */ diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c new file mode 100644 index 0000000000000..a5fc2c4e2b425 --- /dev/null +++ b/crypto/cms/cms_cd.c @@ -0,0 +1,134 @@ +/* crypto/cms/cms_cd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +DECLARE_ASN1_ITEM(CMS_CompressedData) + +#ifdef ZLIB + +/* CMS CompressedData Utilities */ + +CMS_ContentInfo *cms_CompressedData_create(int comp_nid) + { + CMS_ContentInfo *cms; + CMS_CompressedData *cd; + /* Will need something cleverer if there is ever more than one + * compression algorithm or parameters have some meaning... + */ + if (comp_nid != NID_zlib_compression) + { + CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE, + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; + + cd = M_ASN1_new_of(CMS_CompressedData); + + if (!cd) + goto err; + + cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData); + cms->d.compressedData = cd; + + cd->version = 0; + + X509_ALGOR_set0(cd->compressionAlgorithm, + OBJ_nid2obj(NID_zlib_compression), + V_ASN1_UNDEF, NULL); + + cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); + + return cms; + + err: + + if (cms) + CMS_ContentInfo_free(cms); + + return NULL; + } + +BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) + { + CMS_CompressedData *cd; + ASN1_OBJECT *compoid; + if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) + { + CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, + CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); + return NULL; + } + cd = cms->d.compressedData; + X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); + if (OBJ_obj2nid(compoid) != NID_zlib_compression) + { + CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + return BIO_new(BIO_f_zlib()); + } + +#endif diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c new file mode 100644 index 0000000000000..8919c15be1268 --- /dev/null +++ b/crypto/cms/cms_dd.c @@ -0,0 +1,148 @@ +/* crypto/cms/cms_dd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +DECLARE_ASN1_ITEM(CMS_DigestedData) + +/* CMS DigestedData Utilities */ + +CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) + { + CMS_ContentInfo *cms; + CMS_DigestedData *dd; + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; + + dd = M_ASN1_new_of(CMS_DigestedData); + + if (!dd) + goto err; + + cms->contentType = OBJ_nid2obj(NID_pkcs7_digest); + cms->d.digestedData = dd; + + dd->version = 0; + dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); + + cms_DigestAlgorithm_set(dd->digestAlgorithm, md); + + return cms; + + err: + + if (cms) + CMS_ContentInfo_free(cms); + + return NULL; + } + +BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) + { + CMS_DigestedData *dd; + dd = cms->d.digestedData; + return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); + } + +int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) + { + EVP_MD_CTX mctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + int r = 0; + CMS_DigestedData *dd; + EVP_MD_CTX_init(&mctx); + + dd = cms->d.digestedData; + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + goto err; + + if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + goto err; + + if (verify) + { + if (mdlen != (unsigned int)dd->digest->length) + { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, + CMS_R_MESSAGEDIGEST_WRONG_LENGTH); + goto err; + } + + if (memcmp(md, dd->digest->data, mdlen)) + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, + CMS_R_VERIFICATION_FAILURE); + else + r = 1; + } + else + { + if (!ASN1_STRING_set(dd->digest, md, mdlen)) + goto err; + r = 1; + } + + err: + EVP_MD_CTX_cleanup(&mctx); + + return r; + + } diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c new file mode 100644 index 0000000000000..bab26235bdc46 --- /dev/null +++ b/crypto/cms/cms_enc.c @@ -0,0 +1,262 @@ +/* crypto/cms/cms_enc.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS EncryptedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_EncryptedData) + +/* Return BIO based on EncryptedContentInfo and key */ + +BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) + { + BIO *b; + EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *ciph; + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; + + int ok = 0; + + int enc, keep_key = 0; + + enc = ec->cipher ? 1 : 0; + + b = BIO_new(BIO_f_cipher()); + if (!b) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + BIO_get_cipher_ctx(b, &ctx); + + if (enc) + { + ciph = ec->cipher; + /* If not keeping key set cipher to NULL so subsequent calls + * decrypt. + */ + if (ec->key) + ec->cipher = NULL; + } + else + { + ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (!ciph) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_UNKNOWN_CIPHER); + goto err; + } + } + + if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_INITIALISATION_ERROR); + goto err; + } + + if (enc) + { + int ivlen; + calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + /* Generate a random IV if we need one */ + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + if (ivlen > 0) + { + if (RAND_pseudo_bytes(iv, ivlen) <= 0) + goto err; + piv = iv; + } + } + else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } + + + if (enc && !ec->key) + { + /* Generate random key */ + if (!ec->keylen) + ec->keylen = EVP_CIPHER_CTX_key_length(ctx); + ec->key = OPENSSL_malloc(ec->keylen); + if (!ec->key) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0) + goto err; + keep_key = 1; + } + else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx)) + { + /* If necessary set key length */ + if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + } + + if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_INITIALISATION_ERROR); + goto err; + } + + if (piv) + { + calg->parameter = ASN1_TYPE_new(); + if (!calg->parameter) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } + } + ok = 1; + + err: + if (ec->key && !keep_key) + { + OPENSSL_cleanse(ec->key, ec->keylen); + OPENSSL_free(ec->key); + ec->key = NULL; + } + if (ok) + return b; + BIO_free(b); + return NULL; + } + +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen) + { + ec->cipher = cipher; + if (key) + { + ec->key = OPENSSL_malloc(keylen); + if (!ec->key) + return 0; + memcpy(ec->key, key, keylen); + } + ec->keylen = keylen; + if (cipher) + ec->contentType = OBJ_nid2obj(NID_pkcs7_data); + return 1; + } + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen) + { + CMS_EncryptedContentInfo *ec; + if (!key || !keylen) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); + return 0; + } + if (ciph) + { + cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); + if (!cms->d.encryptedData) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); + cms->d.encryptedData->version = 0; + } + else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, + CMS_R_NOT_ENCRYPTED_DATA); + return 0; + } + ec = cms->d.encryptedData->encryptedContentInfo; + return cms_EncryptedContent_init(ec, ciph, key, keylen); + } + +BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) + { + CMS_EncryptedData *enc = cms->d.encryptedData; + if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) + enc->version = 2; + return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); + } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c new file mode 100644 index 0000000000000..d499ae85b4000 --- /dev/null +++ b/crypto/cms/cms_env.c @@ -0,0 +1,825 @@ +/* crypto/cms/cms_env.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS EnvelopedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ITEM(CMS_RecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) +DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) + +DECLARE_STACK_OF(CMS_RecipientInfo) + +static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) + { + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) + { + CMSerr(CMS_F_CMS_GET0_ENVELOPED, + CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + return NULL; + } + return cms->d.envelopedData; + } + +static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) + { + if (cms->d.other == NULL) + { + cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); + if (!cms->d.envelopedData) + { + CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + cms->d.envelopedData->version = 0; + cms->d.envelopedData->encryptedContentInfo->contentType = + OBJ_nid2obj(NID_pkcs7_data); + ASN1_OBJECT_free(cms->contentType); + cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); + return cms->d.envelopedData; + } + return cms_get0_enveloped(cms); + } + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) + { + CMS_EnvelopedData *env; + env = cms_get0_enveloped(cms); + if (!env) + return NULL; + return env->recipientInfos; + } + +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) + { + return ri->type; + } + +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) + { + CMS_ContentInfo *cms; + CMS_EnvelopedData *env; + cms = CMS_ContentInfo_new(); + if (!cms) + goto merr; + env = cms_enveloped_data_init(cms); + if (!env) + goto merr; + if (!cms_EncryptedContent_init(env->encryptedContentInfo, + cipher, NULL, 0)) + goto merr; + return cms; + merr: + if (cms) + CMS_ContentInfo_free(cms); + CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); + return NULL; + } + +/* Key Transport Recipient Info (KTRI) routines */ + +/* Add a recipient certificate. For now only handle key transport. + * If we ever handle key agreement will need updating. + */ + +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags) + { + CMS_RecipientInfo *ri = NULL; + CMS_KeyTransRecipientInfo *ktri; + CMS_EnvelopedData *env; + EVP_PKEY *pk = NULL; + int type; + env = cms_get0_enveloped(cms); + if (!env) + goto err; + + /* Initialize recipient info */ + ri = M_ASN1_new_of(CMS_RecipientInfo); + if (!ri) + goto merr; + + /* Initialize and add key transport recipient info */ + + ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); + if (!ri->d.ktri) + goto merr; + ri->type = CMS_RECIPINFO_TRANS; + + ktri = ri->d.ktri; + + X509_check_purpose(recip, -1, -1); + pk = X509_get_pubkey(recip); + if (!pk) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_ERROR_GETTING_PUBLIC_KEY); + goto err; + } + CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); + ktri->pkey = pk; + ktri->recip = recip; + + if (flags & CMS_USE_KEYID) + { + ktri->version = 2; + type = CMS_RECIPINFO_KEYIDENTIFIER; + } + else + { + ktri->version = 0; + type = CMS_RECIPINFO_ISSUER_SERIAL; + } + + /* Not a typo: RecipientIdentifier and SignerIdentifier are the + * same structure. + */ + + if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) + goto err; + + /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, + * hard code algorithm parameters. + */ + + if (pk->type == EVP_PKEY_RSA) + { + X509_ALGOR_set0(ktri->keyEncryptionAlgorithm, + OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + } + else + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + goto merr; + + return ri; + + merr: + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); + err: + if (ri) + M_ASN1_free_of(ri, CMS_RecipientInfo); + return NULL; + + } + +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg) + { + CMS_KeyTransRecipientInfo *ktri; + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + + ktri = ri->d.ktri; + + if (pk) + *pk = ktri->pkey; + if (recip) + *recip = ktri->recip; + if (palg) + *palg = ktri->keyEncryptionAlgorithm; + return 1; + } + +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + CMS_KeyTransRecipientInfo *ktri; + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ktri = ri->d.ktri; + + return cms_SignerIdentifier_get0_signer_id(ktri->rid, + keyid, issuer, sno); + } + +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) + { + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, + CMS_R_NOT_KEY_TRANSPORT); + return -2; + } + return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); + } + +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) + { + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ri->d.ktri->pkey = pkey; + return 1; + } + +/* Encrypt content key in key transport recipient info */ + +static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_KeyTransRecipientInfo *ktri; + CMS_EncryptedContentInfo *ec; + unsigned char *ek = NULL; + int eklen; + + int ret = 0; + + if (ri->type != CMS_RECIPINFO_TRANS) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, + CMS_R_NOT_KEY_TRANSPORT); + return 0; + } + ktri = ri->d.ktri; + ec = cms->d.envelopedData->encryptedContentInfo; + + eklen = EVP_PKEY_size(ktri->pkey); + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); + + if (eklen <= 0) + goto err; + + ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); + ek = NULL; + + ret = 1; + + err: + if (ek) + OPENSSL_free(ek); + return ret; + + } + +/* Decrypt content key from KTRI */ + +static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + unsigned char *ek = NULL; + int eklen; + int ret = 0; + + if (ktri->pkey == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, + CMS_R_NO_PRIVATE_KEY); + return 0; + } + + eklen = EVP_PKEY_size(ktri->pkey); + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + eklen = EVP_PKEY_decrypt(ek, + ktri->encryptedKey->data, + ktri->encryptedKey->length, ktri->pkey); + if (eklen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); + goto err; + } + + ret = 1; + + cms->d.envelopedData->encryptedContentInfo->key = ek; + cms->d.envelopedData->encryptedContentInfo->keylen = eklen; + + err: + if (!ret && ek) + OPENSSL_free(ek); + + return ret; + } + +/* Key Encrypted Key (KEK) RecipientInfo routines */ + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen) + { + ASN1_OCTET_STRING tmp_os; + CMS_KEKRecipientInfo *kekri; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); + return -2; + } + kekri = ri->d.kekri; + tmp_os.type = V_ASN1_OCTET_STRING; + tmp_os.flags = 0; + tmp_os.data = (unsigned char *)id; + tmp_os.length = (int)idlen; + return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); + } + +/* For now hard code AES key wrap info */ + +static size_t aes_wrap_keylen(int nid) + { + switch (nid) + { + case NID_id_aes128_wrap: + return 16; + + case NID_id_aes192_wrap: + return 24; + + case NID_id_aes256_wrap: + return 32; + + default: + return 0; + } + } + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType) + { + CMS_RecipientInfo *ri = NULL; + CMS_EnvelopedData *env; + CMS_KEKRecipientInfo *kekri; + env = cms_get0_enveloped(cms); + if (!env) + goto err; + + if (nid == NID_undef) + { + switch (keylen) + { + case 16: + nid = NID_id_aes128_wrap; + break; + + case 24: + nid = NID_id_aes192_wrap; + break; + + case 32: + nid = NID_id_aes256_wrap; + break; + + default: + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + + } + else + { + + size_t exp_keylen = aes_wrap_keylen(nid); + + if (!exp_keylen) + { + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_UNSUPPORTED_KEK_ALGORITHM); + goto err; + } + + if (keylen != exp_keylen) + { + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, + CMS_R_INVALID_KEY_LENGTH); + goto err; + } + + } + + /* Initialize recipient info */ + ri = M_ASN1_new_of(CMS_RecipientInfo); + if (!ri) + goto merr; + + ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); + if (!ri->d.kekri) + goto merr; + ri->type = CMS_RECIPINFO_KEK; + + kekri = ri->d.kekri; + + if (otherTypeId) + { + kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); + if (kekri->kekid->other == NULL) + goto merr; + } + + if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + goto merr; + + + /* After this point no calls can fail */ + + kekri->version = 4; + + kekri->key = key; + kekri->keylen = keylen; + + ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); + + kekri->kekid->date = date; + + if (kekri->kekid->other) + { + kekri->kekid->other->keyAttrId = otherTypeId; + kekri->kekid->other->keyAttr = otherType; + } + + X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, + OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + + return ri; + + merr: + CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); + err: + if (ri) + M_ASN1_free_of(ri, CMS_RecipientInfo); + return NULL; + + } + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype) + { + CMS_KEKIdentifier *rkid; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); + return 0; + } + rkid = ri->d.kekri->kekid; + if (palg) + *palg = ri->d.kekri->keyEncryptionAlgorithm; + if (pid) + *pid = rkid->keyIdentifier; + if (pdate) + *pdate = rkid->date; + if (potherid) + { + if (rkid->other) + *potherid = rkid->other->keyAttrId; + else + *potherid = NULL; + } + if (pothertype) + { + if (rkid->other) + *pothertype = rkid->other->keyAttr; + else + *pothertype = NULL; + } + return 1; + } + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen) + { + CMS_KEKRecipientInfo *kekri; + if (ri->type != CMS_RECIPINFO_KEK) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); + return 0; + } + + kekri = ri->d.kekri; + kekri->key = key; + kekri->keylen = keylen; + return 1; + } + + +/* Encrypt content key in KEK recipient info */ + +static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_EncryptedContentInfo *ec; + CMS_KEKRecipientInfo *kekri; + AES_KEY actx; + unsigned char *wkey = NULL; + int wkeylen; + int r = 0; + + ec = cms->d.envelopedData->encryptedContentInfo; + + kekri = ri->d.kekri; + + if (!kekri->key) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); + return 0; + } + + if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, + CMS_R_ERROR_SETTING_KEY); + goto err; + } + + wkey = OPENSSL_malloc(ec->keylen + 8); + + if (!wkey) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); + + if (wkeylen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); + goto err; + } + + ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); + + r = 1; + + err: + + if (!r && wkey) + OPENSSL_free(wkey); + OPENSSL_cleanse(&actx, sizeof(actx)); + + return r; + + } + +/* Decrypt content key in KEK recipient info */ + +static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) + { + CMS_EncryptedContentInfo *ec; + CMS_KEKRecipientInfo *kekri; + AES_KEY actx; + unsigned char *ukey = NULL; + int ukeylen; + int r = 0, wrap_nid; + + ec = cms->d.envelopedData->encryptedContentInfo; + + kekri = ri->d.kekri; + + if (!kekri->key) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); + return 0; + } + + wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); + if (aes_wrap_keylen(wrap_nid) != kekri->keylen) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_INVALID_KEY_LENGTH); + return 0; + } + + /* If encrypted key length is invalid don't bother */ + + if (kekri->encryptedKey->length < 16) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); + goto err; + } + + if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_ERROR_SETTING_KEY); + goto err; + } + + ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); + + if (!ukey) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + ERR_R_MALLOC_FAILURE); + goto err; + } + + ukeylen = AES_unwrap_key(&actx, NULL, ukey, + kekri->encryptedKey->data, + kekri->encryptedKey->length); + + if (ukeylen <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, + CMS_R_UNWRAP_ERROR); + goto err; + } + + ec->key = ukey; + ec->keylen = ukeylen; + + r = 1; + + err: + + if (!r && ukey) + OPENSSL_free(ukey); + OPENSSL_cleanse(&actx, sizeof(actx)); + + return r; + + } + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) + { + switch(ri->type) + { + case CMS_RECIPINFO_TRANS: + return cms_RecipientInfo_ktri_decrypt(cms, ri); + + case CMS_RECIPINFO_KEK: + return cms_RecipientInfo_kekri_decrypt(cms, ri); + + default: + CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, + CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); + return 0; + } + } + +BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) + { + CMS_EncryptedContentInfo *ec; + STACK_OF(CMS_RecipientInfo) *rinfos; + CMS_RecipientInfo *ri; + int i, r, ok = 0; + BIO *ret; + + /* Get BIO first to set up key */ + + ec = cms->d.envelopedData->encryptedContentInfo; + ret = cms_EncryptedContent_init_bio(ec); + + /* If error or no cipher end of processing */ + + if (!ret || !ec->cipher) + return ret; + + /* Now encrypt content key according to each RecipientInfo type */ + + rinfos = cms->d.envelopedData->recipientInfos; + + for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) + { + ri = sk_CMS_RecipientInfo_value(rinfos, i); + + switch (ri->type) + { + case CMS_RECIPINFO_TRANS: + r = cms_RecipientInfo_ktri_encrypt(cms, ri); + break; + + case CMS_RECIPINFO_KEK: + r = cms_RecipientInfo_kekri_encrypt(cms, ri); + break; + + default: + CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, + CMS_R_UNSUPPORTED_RECIPIENT_TYPE); + goto err; + } + + if (r <= 0) + { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, + CMS_R_ERROR_SETTING_RECIPIENTINFO); + goto err; + } + } + + ok = 1; + + err: + ec->cipher = NULL; + if (ec->key) + { + OPENSSL_cleanse(ec->key, ec->keylen); + OPENSSL_free(ec->key); + ec->key = NULL; + ec->keylen = 0; + } + if (ok) + return ret; + BIO_free(ret); + return NULL; + + } diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c new file mode 100644 index 0000000000000..52fa53954f328 --- /dev/null +++ b/crypto/cms/cms_err.c @@ -0,0 +1,236 @@ +/* crypto/cms/cms_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) + +static ERR_STRING_DATA CMS_str_functs[]= + { +{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, +{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, +{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, +{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, +{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, +{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, +{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, +{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, +{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, +{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, +{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, +{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, +{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, +{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, +{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, +{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, +{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, +{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, +{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, +{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, +{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, +{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, +{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, +{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, +{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, +{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, +{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, +{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"}, +{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, +{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, +{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, +{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, +{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, +{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, +{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, +{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, +{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, +{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, +{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, +{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, +{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, +{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, +{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, +{0,NULL} + }; + +static ERR_STRING_DATA CMS_str_reasons[]= + { +{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, +{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"}, +{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, +{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, +{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, +{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"}, +{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"}, +{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"}, +{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"}, +{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"}, +{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"}, +{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"}, +{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"}, +{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"}, +{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"}, +{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"}, +{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"}, +{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"}, +{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"}, +{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"}, +{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"}, +{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"}, +{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"}, +{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"}, +{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"}, +{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"}, +{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"}, +{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"}, +{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"}, +{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"}, +{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"}, +{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"}, +{ERR_REASON(CMS_R_NO_KEY) ,"no key"}, +{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"}, +{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"}, +{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"}, +{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"}, +{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"}, +{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"}, +{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"}, +{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"}, +{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"}, +{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"}, +{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"}, +{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"}, +{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"}, +{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"}, +{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"}, +{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"}, +{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"}, +{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"}, +{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"}, +{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"}, +{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"}, +{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"}, +{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"}, +{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, +{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"}, +{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"}, +{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"}, +{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"}, +{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"}, +{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"}, +{0,NULL} + }; + +#endif + +void ERR_load_CMS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,CMS_str_functs); + ERR_load_strings(0,CMS_str_reasons); + } +#endif + } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c new file mode 100644 index 0000000000000..ed34ff32282a6 --- /dev/null +++ b/crypto/cms/cms_ess.c @@ -0,0 +1,420 @@ +/* crypto/cms/cms_ess.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +DECLARE_ASN1_ITEM(CMS_ReceiptRequest) +DECLARE_ASN1_ITEM(CMS_Receipt) + +IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) + +/* ESS services: for now just Signed Receipt related */ + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) + { + ASN1_STRING *str; + CMS_ReceiptRequest *rr = NULL; + if (prr) + *prr = NULL; + str = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_id_smime_aa_receiptRequest), + -3, V_ASN1_SEQUENCE); + if (!str) + return 0; + + rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest)); + if (!rr) + return -1; + if (prr) + *prr = rr; + else + CMS_ReceiptRequest_free(rr); + return 1; + } + +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo) + { + CMS_ReceiptRequest *rr = NULL; + + rr = CMS_ReceiptRequest_new(); + if (!rr) + goto merr; + if (id) + ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); + else + { + if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) + goto merr; + if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) + <= 0) + goto err; + } + + sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); + rr->receiptsTo = receiptsTo; + + if (receiptList) + { + rr->receiptsFrom->type = 1; + rr->receiptsFrom->d.receiptList = receiptList; + } + else + { + rr->receiptsFrom->type = 0; + rr->receiptsFrom->d.allOrFirstTier = allorfirst; + } + + return rr; + + merr: + CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + + return NULL; + + } + +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) + { + unsigned char *rrder = NULL; + int rrderlen, r = 0; + + rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder); + if (rrderlen < 0) + goto merr; + + if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, + V_ASN1_SEQUENCE, rrder, rrderlen)) + goto merr; + + r = 1; + + merr: + if (!r) + CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); + + if (rrder) + OPENSSL_free(rrder); + + return r; + + } + +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto) + { + if (pcid) + *pcid = rr->signedContentIdentifier; + if (rr->receiptsFrom->type == 0) + { + if (pallorfirst) + *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; + if (plist) + *plist = NULL; + } + else + { + if (pallorfirst) + *pallorfirst = -1; + if (plist) + *plist = rr->receiptsFrom->d.receiptList; + } + if (prto) + *prto = rr->receiptsTo; + } + +/* Digest a SignerInfo structure for msgSigDigest attribute processing */ + +static int cms_msgSigDigest(CMS_SignerInfo *si, + unsigned char *dig, unsigned int *diglen) + { + const EVP_MD *md; + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return 0; + if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, + si->signedAttrs, dig, diglen)) + return 0; + return 1; + } + +/* Add a msgSigDigest attribute to a SignerInfo */ + +int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) + { + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int diglen; + if (!cms_msgSigDigest(src, dig, &diglen)) + { + CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); + return 0; + } + if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, + V_ASN1_OCTET_STRING, dig, diglen)) + { + CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; + } + +/* Verify signed receipt after it has already passed normal CMS verify */ + +int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) + { + int r = 0, i; + CMS_ReceiptRequest *rr = NULL; + CMS_Receipt *rct = NULL; + STACK_OF(CMS_SignerInfo) *sis, *osis; + CMS_SignerInfo *si, *osi = NULL; + ASN1_OCTET_STRING *msig, **pcont; + ASN1_OBJECT *octype; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int diglen; + + /* Get SignerInfos, also checks SignedData content type */ + osis = CMS_get0_SignerInfos(req_cms); + sis = CMS_get0_SignerInfos(cms); + if (!osis || !sis) + goto err; + + if (sk_CMS_SignerInfo_num(sis) != 1) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER); + goto err; + } + + /* Check receipt content type */ + if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT); + goto err; + } + + /* Extract and decode receipt content */ + pcont = CMS_get0_content(cms); + if (!pcont || !*pcont) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT); + goto err; + } + + rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); + + if (!rct) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR); + goto err; + } + + /* Locate original request */ + + for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) + { + osi = sk_CMS_SignerInfo_value(osis, i); + if (!ASN1_STRING_cmp(osi->signature, + rct->originatorSignatureValue)) + break; + } + + if (i == sk_CMS_SignerInfo_num(osis)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE); + goto err; + } + + si = sk_CMS_SignerInfo_value(sis, 0); + + /* Get msgSigDigest value and compare */ + + msig = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), + -3, V_ASN1_OCTET_STRING); + + if (!msig) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); + goto err; + } + + if (!cms_msgSigDigest(osi, dig, &diglen)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR); + goto err; + } + + if (diglen != (unsigned int)msig->length) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_WRONG_LENGTH); + goto err; + } + + if (memcmp(dig, msig->data, diglen)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); + goto err; + } + + /* Compare content types */ + + octype = CMS_signed_get0_data_by_OBJ(osi, + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); + if (!octype) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); + goto err; + } + + /* Compare details in receipt request */ + + if (OBJ_cmp(octype, rct->contentType)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH); + goto err; + } + + /* Get original receipt request details */ + + if (!CMS_get1_ReceiptRequest(osi, &rr)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); + goto err; + } + + if (ASN1_STRING_cmp(rr->signedContentIdentifier, + rct->signedContentIdentifier)) + { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_CONTENTIDENTIFIER_MISMATCH); + goto err; + } + + r = 1; + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + if (rct) + M_ASN1_free_of(rct, CMS_Receipt); + + return r; + + } + +/* Encode a Receipt into an OCTET STRING read for including into content of + * a SignedData ContentInfo. + */ + +ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) + { + CMS_Receipt rct; + CMS_ReceiptRequest *rr = NULL; + ASN1_OBJECT *ctype; + ASN1_OCTET_STRING *os = NULL; + + /* Get original receipt request */ + + /* Get original receipt request details */ + + if (!CMS_get1_ReceiptRequest(si, &rr)) + { + CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); + goto err; + } + + /* Get original content type */ + + ctype = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); + if (!ctype) + { + CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); + goto err; + } + + rct.version = 1; + rct.contentType = ctype; + rct.signedContentIdentifier = rr->signedContentIdentifier; + rct.originatorSignatureValue = si->signature; + + os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); + + err: + if (rr) + CMS_ReceiptRequest_free(rr); + + return os; + + } + + diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c new file mode 100644 index 0000000000000..30f5ddfe6d2dd --- /dev/null +++ b/crypto/cms/cms_io.c @@ -0,0 +1,140 @@ +/* crypto/cms/cms_io.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) + { + return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); + } + +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) + { + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); + } + +IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) + +/* Callback for int_smime_write_ASN1 */ + +static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) + { + CMS_ContentInfo *cms = (CMS_ContentInfo *)val; + BIO *tmpbio, *cmsbio; + int r = 0; + + if (!(flags & SMIME_DETACHED)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Let CMS code prepend any needed BIOs */ + + cmsbio = CMS_dataInit(cms, out); + + if (!cmsbio) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ + SMIME_crlf_copy(data, cmsbio, flags); + + /* Finalize structure */ + if (CMS_dataFinal(cms, cmsbio) <= 0) + goto err; + + r = 1; + + err: + + /* Now remove any digests prepended to the BIO */ + + while (cmsbio != out) + { + tmpbio = BIO_pop(cmsbio); + BIO_free(cmsbio); + cmsbio = tmpbio; + } + + return 1; + + } + + +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(cms->contentType); + int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = cms->d.signedData->digestAlgorithms; + else + mdalgs = NULL; + + return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, + ctype_nid, econt_nid, mdalgs, + cms_output_data, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } + +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) + { + return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h new file mode 100644 index 0000000000000..7d60fac67eb71 --- /dev/null +++ b/crypto/cms/cms_lcl.h @@ -0,0 +1,460 @@ +/* crypto/cms/cms_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMS_LCL_H +#define HEADER_CMS_LCL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Cryptographic message syntax (CMS) structures: taken + * from RFC3852 + */ + +/* Forward references */ + +typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; +typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; +typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; +typedef struct CMS_SignedData_st CMS_SignedData; +typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; +typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; +typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; +typedef struct CMS_DigestedData_st CMS_DigestedData; +typedef struct CMS_EncryptedData_st CMS_EncryptedData; +typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; +typedef struct CMS_CompressedData_st CMS_CompressedData; +typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; +typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; +typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; +typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; +typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; +typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; +typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; +typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; +typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; +typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; +typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; + +struct CMS_ContentInfo_st + { + ASN1_OBJECT *contentType; + union { + ASN1_OCTET_STRING *data; + CMS_SignedData *signedData; + CMS_EnvelopedData *envelopedData; + CMS_DigestedData *digestedData; + CMS_EncryptedData *encryptedData; + CMS_AuthenticatedData *authenticatedData; + CMS_CompressedData *compressedData; + ASN1_TYPE *other; + /* Other types ... */ + void *otherData; + } d; + }; + +struct CMS_SignedData_st + { + long version; + STACK_OF(X509_ALGOR) *digestAlgorithms; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; + STACK_OF(CMS_SignerInfo) *signerInfos; + }; + +struct CMS_EncapsulatedContentInfo_st + { + ASN1_OBJECT *eContentType; + ASN1_OCTET_STRING *eContent; + /* Set to 1 if incomplete structure only part set up */ + int partial; + }; + +struct CMS_SignerInfo_st + { + long version; + CMS_SignerIdentifier *sid; + X509_ALGOR *digestAlgorithm; + STACK_OF(X509_ATTRIBUTE) *signedAttrs; + X509_ALGOR *signatureAlgorithm; + ASN1_OCTET_STRING *signature; + STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; + /* Signing certificate and key */ + X509 *signer; + EVP_PKEY *pkey; + }; + +struct CMS_SignerIdentifier_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + } d; + }; + +struct CMS_EnvelopedData_st + { + long version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; + }; + +struct CMS_OriginatorInfo_st + { + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; + }; + +struct CMS_EncryptedContentInfo_st + { + ASN1_OBJECT *contentType; + X509_ALGOR *contentEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedContent; + /* Content encryption algorithm and key */ + const EVP_CIPHER *cipher; + unsigned char *key; + size_t keylen; + }; + +struct CMS_RecipientInfo_st + { + int type; + union { + CMS_KeyTransRecipientInfo *ktri; + CMS_KeyAgreeRecipientInfo *kari; + CMS_KEKRecipientInfo *kekri; + CMS_PasswordRecipientInfo *pwri; + CMS_OtherRecipientInfo *ori; + } d; + }; + +typedef CMS_SignerIdentifier CMS_RecipientIdentifier; + +struct CMS_KeyTransRecipientInfo_st + { + long version; + CMS_RecipientIdentifier *rid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Recipient Key and cert */ + X509 *recip; + EVP_PKEY *pkey; + }; + +struct CMS_KeyAgreeRecipientInfo_st + { + long version; + CMS_OriginatorIdentifierOrKey *originator; + ASN1_OCTET_STRING *ukm; + X509_ALGOR *keyEncryptionAlgorithm; + STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; + }; + +struct CMS_OriginatorIdentifierOrKey_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + CMS_OriginatorPublicKey *originatorKey; + } d; + }; + +struct CMS_OriginatorPublicKey_st + { + X509_ALGOR *algorithm; + ASN1_BIT_STRING *publicKey; + }; + +struct CMS_RecipientEncryptedKey_st + { + CMS_KeyAgreeRecipientIdentifier *rid; + ASN1_OCTET_STRING *encryptedKey; + }; + +struct CMS_KeyAgreeRecipientIdentifier_st + { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + CMS_RecipientKeyIdentifier *rKeyId; + } d; + }; + +struct CMS_RecipientKeyIdentifier_st + { + ASN1_OCTET_STRING *subjectKeyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; + }; + +struct CMS_KEKRecipientInfo_st + { + long version; + CMS_KEKIdentifier *kekid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Extra info: symmetric key to use */ + unsigned char *key; + size_t keylen; + }; + +struct CMS_KEKIdentifier_st + { + ASN1_OCTET_STRING *keyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; + }; + +struct CMS_PasswordRecipientInfo_st + { + long version; + X509_ALGOR *keyDerivationAlgorithm; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + }; + +struct CMS_OtherRecipientInfo_st + { + ASN1_OBJECT *oriType; + ASN1_TYPE *oriValue; + }; + +struct CMS_DigestedData_st + { + long version; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + ASN1_OCTET_STRING *digest; + }; + +struct CMS_EncryptedData_st + { + long version; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; + }; + +struct CMS_AuthenticatedData_st + { + long version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + X509_ALGOR *macAlgorithm; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(X509_ATTRIBUTE) *authAttrs; + ASN1_OCTET_STRING *mac; + STACK_OF(X509_ATTRIBUTE) *unauthAttrs; + }; + +struct CMS_CompressedData_st + { + long version; + X509_ALGOR *compressionAlgorithm; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncapsulatedContentInfo *encapContentInfo; + }; + +struct CMS_RevocationInfoChoice_st + { + int type; + union { + X509_CRL *crl; + CMS_OtherRevocationInfoFormat *other; + } d; + }; + +#define CMS_REVCHOICE_CRL 0 +#define CMS_REVCHOICE_OTHER 1 + +struct CMS_OtherRevocationInfoFormat_st + { + ASN1_OBJECT *otherRevInfoFormat; + ASN1_TYPE *otherRevInfo; + }; + +struct CMS_CertificateChoices + { + int type; + union { + X509 *certificate; + ASN1_STRING *extendedCertificate; /* Obsolete */ + ASN1_STRING *v1AttrCert; /* Left encoded for now */ + ASN1_STRING *v2AttrCert; /* Left encoded for now */ + CMS_OtherCertificateFormat *other; + } d; + }; + +#define CMS_CERTCHOICE_CERT 0 +#define CMS_CERTCHOICE_EXCERT 1 +#define CMS_CERTCHOICE_V1ACERT 2 +#define CMS_CERTCHOICE_V2ACERT 3 +#define CMS_CERTCHOICE_OTHER 4 + +struct CMS_OtherCertificateFormat_st + { + ASN1_OBJECT *otherCertFormat; + ASN1_TYPE *otherCert; + }; + +/* This is also defined in pkcs7.h but we duplicate it + * to allow the CMS code to be independent of PKCS#7 + */ + +struct CMS_IssuerAndSerialNumber_st + { + X509_NAME *issuer; + ASN1_INTEGER *serialNumber; + }; + +struct CMS_OtherKeyAttribute_st + { + ASN1_OBJECT *keyAttrId; + ASN1_TYPE *keyAttr; + }; + +/* ESS structures */ + +#ifdef HEADER_X509V3_H + +struct CMS_ReceiptRequest_st + { + ASN1_OCTET_STRING *signedContentIdentifier; + CMS_ReceiptsFrom *receiptsFrom; + STACK_OF(GENERAL_NAMES) *receiptsTo; + }; + + +struct CMS_ReceiptsFrom_st + { + int type; + union + { + long allOrFirstTier; + STACK_OF(GENERAL_NAMES) *receiptList; + } d; + }; +#endif + +struct CMS_Receipt_st + { + long version; + ASN1_OBJECT *contentType; + ASN1_OCTET_STRING *signedContentIdentifier; + ASN1_OCTET_STRING *originatorSignatureValue; + }; + +DECLARE_ASN1_ITEM(CMS_SignerInfo) +DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) +DECLARE_ASN1_ITEM(CMS_Attributes_Sign) +DECLARE_ASN1_ITEM(CMS_Attributes_Verify) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_ISSUER_SERIAL 0 +#define CMS_RECIPINFO_KEYIDENTIFIER 1 + +BIO *cms_content_bio(CMS_ContentInfo *cms); + +CMS_ContentInfo *cms_Data_create(void); + +CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); +BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); +int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); + +BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); +int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); +int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); +int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); + +CMS_ContentInfo *cms_CompressedData_create(int comp_nid); +BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); + +void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); +BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); +int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg); + +BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); +BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen); + +int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); +int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); +ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); + +BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c new file mode 100644 index 0000000000000..8e6c1d29a52cc --- /dev/null +++ b/crypto/cms/cms_lib.c @@ -0,0 +1,623 @@ +/* crypto/cms/cms_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include "cms.h" +#include "cms_lcl.h" + +IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) + +DECLARE_ASN1_ITEM(CMS_CertificateChoices) +DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) +DECLARE_STACK_OF(CMS_CertificateChoices) +DECLARE_STACK_OF(CMS_RevocationInfoChoice) + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) + { + return cms->contentType; + } + +CMS_ContentInfo *cms_Data_create(void) + { + CMS_ContentInfo *cms; + cms = CMS_ContentInfo_new(); + if (cms) + { + cms->contentType = OBJ_nid2obj(NID_pkcs7_data); + /* Never detached */ + CMS_set_detached(cms, 0); + } + return cms; + } + +BIO *cms_content_bio(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) + return NULL; + /* If content detached data goes nowhere: create NULL BIO */ + if (!*pos) + return BIO_new(BIO_s_null()); + /* If content not detached and created return memory BIO + */ + if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) + return BIO_new(BIO_s_mem()); + /* Else content was read in: return read only BIO for it */ + return BIO_new_mem_buf((*pos)->data, (*pos)->length); + } + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) + { + BIO *cmsbio, *cont; + if (icont) + cont = icont; + else + cont = cms_content_bio(cms); + if (!cont) + { + CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); + return NULL; + } + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + return cont; + + case NID_pkcs7_signed: + cmsbio = cms_SignedData_init_bio(cms); + break; + + case NID_pkcs7_digest: + cmsbio = cms_DigestedData_init_bio(cms); + break; +#ifdef ZLIB + case NID_id_smime_ct_compressedData: + cmsbio = cms_CompressedData_init_bio(cms); + break; +#endif + + case NID_pkcs7_encrypted: + cmsbio = cms_EncryptedData_init_bio(cms); + break; + + case NID_pkcs7_enveloped: + cmsbio = cms_EnvelopedData_init_bio(cms); + break; + + default: + CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); + return NULL; + } + + if (cmsbio) + return BIO_push(cmsbio, cont); + + if (!icont) + BIO_free(cont); + return NULL; + + } + +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) + return 0; + /* If ebmedded content find memory BIO and set content */ + if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) + { + BIO *mbio; + unsigned char *cont; + long contlen; + mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); + if (!mbio) + { + CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); + return 0; + } + contlen = BIO_get_mem_data(mbio, &cont); + /* Set bio as read only so its content can't be clobbered */ + BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(mbio, 0); + ASN1_STRING_set0(*pos, cont, contlen); + (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; + } + + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + case NID_pkcs7_enveloped: + case NID_pkcs7_encrypted: + case NID_id_smime_ct_compressedData: + /* Nothing to do */ + return 1; + + case NID_pkcs7_signed: + return cms_SignedData_final(cms, cmsbio); + + case NID_pkcs7_digest: + return cms_DigestedData_do_final(cms, cmsbio, 0); + + default: + CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); + return 0; + } + } + +/* Return an OCTET STRING pointer to content. This allows it to + * be accessed or set later. + */ + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_data: + return &cms->d.data; + + case NID_pkcs7_signed: + return &cms->d.signedData->encapContentInfo->eContent; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; + + case NID_pkcs7_digest: + return &cms->d.digestedData->encapContentInfo->eContent; + + case NID_pkcs7_encrypted: + return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; + + case NID_id_smime_ct_authData: + return &cms->d.authenticatedData->encapContentInfo->eContent; + + case NID_id_smime_ct_compressedData: + return &cms->d.compressedData->encapContentInfo->eContent; + + default: + if (cms->d.other->type == V_ASN1_OCTET_STRING) + return &cms->d.other->value.octet_string; + CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +/* Return an ASN1_OBJECT pointer to content type. This allows it to + * be accessed or set later. + */ + +static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->encapContentInfo->eContentType; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->encryptedContentInfo->contentType; + + case NID_pkcs7_digest: + return &cms->d.digestedData->encapContentInfo->eContentType; + + case NID_pkcs7_encrypted: + return &cms->d.encryptedData->encryptedContentInfo->contentType; + + case NID_id_smime_ct_authData: + return &cms->d.authenticatedData->encapContentInfo->eContentType; + + case NID_id_smime_ct_compressedData: + return &cms->d.compressedData->encapContentInfo->eContentType; + + default: + CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) + { + ASN1_OBJECT **petype; + petype = cms_get0_econtent_type(cms); + if (petype) + return *petype; + return NULL; + } + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) + { + ASN1_OBJECT **petype, *etype; + petype = cms_get0_econtent_type(cms); + if (!petype) + return 0; + if (!oid) + return 1; + etype = OBJ_dup(oid); + if (!etype) + return 0; + ASN1_OBJECT_free(*petype); + *petype = etype; + return 1; + } + +int CMS_is_detached(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return -1; + if (*pos) + return 0; + return 1; + } + +int CMS_set_detached(CMS_ContentInfo *cms, int detached) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return 0; + if (detached) + { + if (*pos) + { + ASN1_OCTET_STRING_free(*pos); + *pos = NULL; + } + return 1; + } + if (!*pos) + *pos = ASN1_OCTET_STRING_new(); + if (*pos) + { + /* NB: special flag to show content is created and not + * read in. + */ + (*pos)->flags |= ASN1_STRING_FLAG_CONT; + return 1; + } + CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); + return 0; + } + +/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ + +void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) + { + int param_type; + + switch (EVP_MD_type(md)) + { + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + param_type = V_ASN1_UNDEF; + break; + + default: + param_type = V_ASN1_NULL; + break; + } + + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); + + } + +/* Create a digest BIO from an X509_ALGOR structure */ + +BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) + { + BIO *mdbio = NULL; + ASN1_OBJECT *digestoid; + const EVP_MD *digest; + X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); + digest = EVP_get_digestbyobj(digestoid); + if (!digest) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, + CMS_R_UNKNOWN_DIGEST_ALGORIHM); + goto err; + } + mdbio = BIO_new(BIO_f_md()); + if (!mdbio || !BIO_set_md(mdbio, digest)) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, + CMS_R_MD_BIO_INIT_ERROR); + goto err; + } + return mdbio; + err: + if (mdbio) + BIO_free(mdbio); + return NULL; + } + +/* Locate a message digest content from a BIO chain based on SignerInfo */ + +int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg) + { + int nid; + ASN1_OBJECT *mdoid; + X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); + nid = OBJ_obj2nid(mdoid); + /* Look for digest type to match signature */ + for (;;) + { + EVP_MD_CTX *mtmp; + chain = BIO_find_type(chain, BIO_TYPE_MD); + if (chain == NULL) + { + CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, + CMS_R_NO_MATCHING_DIGEST); + return 0; + } + BIO_get_md_ctx(chain, &mtmp); + if (EVP_MD_CTX_type(mtmp) == nid) + { + EVP_MD_CTX_copy_ex(mctx, mtmp); + return 1; + } + chain = BIO_next(chain); + } + } + +static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->certificates; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->originatorInfo->certificates; + + default: + CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) + { + STACK_OF(CMS_CertificateChoices) **pcerts; + CMS_CertificateChoices *cch; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return NULL; + if (!*pcerts) + *pcerts = sk_CMS_CertificateChoices_new_null(); + if (!*pcerts) + return NULL; + cch = M_ASN1_new_of(CMS_CertificateChoices); + if (!cch) + return NULL; + if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) + { + M_ASN1_free_of(cch, CMS_CertificateChoices); + return NULL; + } + return cch; + } + +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) + { + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) **pcerts; + int i; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return 0; + if (!pcerts) + return 0; + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) + { + cch = sk_CMS_CertificateChoices_value(*pcerts, i); + if (cch->type == CMS_CERTCHOICE_CERT) + { + if (!X509_cmp(cch->d.certificate, cert)) + { + CMSerr(CMS_F_CMS_ADD0_CERT, + CMS_R_CERTIFICATE_ALREADY_PRESENT); + return 0; + } + } + } + cch = CMS_add0_CertificateChoices(cms); + if (!cch) + return 0; + cch->type = CMS_CERTCHOICE_CERT; + cch->d.certificate = cert; + return 1; + } + +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) + { + int r; + r = CMS_add0_cert(cms, cert); + if (r > 0) + CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + return r; + } + +static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) + { + switch (OBJ_obj2nid(cms->contentType)) + { + + case NID_pkcs7_signed: + return &cms->d.signedData->crls; + + case NID_pkcs7_enveloped: + return &cms->d.envelopedData->originatorInfo->crls; + + default: + CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, + CMS_R_UNSUPPORTED_CONTENT_TYPE); + return NULL; + + } + } + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) + { + STACK_OF(CMS_RevocationInfoChoice) **pcrls; + CMS_RevocationInfoChoice *rch; + pcrls = cms_get0_revocation_choices(cms); + if (!pcrls) + return NULL; + if (!*pcrls) + *pcrls = sk_CMS_RevocationInfoChoice_new_null(); + if (!*pcrls) + return NULL; + rch = M_ASN1_new_of(CMS_RevocationInfoChoice); + if (!rch) + return NULL; + if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) + { + M_ASN1_free_of(rch, CMS_RevocationInfoChoice); + return NULL; + } + return rch; + } + +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) + { + CMS_RevocationInfoChoice *rch; + rch = CMS_add0_RevocationInfoChoice(cms); + if (!rch) + return 0; + rch->type = CMS_REVCHOICE_CRL; + rch->d.crl = crl; + return 1; + } + +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) + { + STACK_OF(X509) *certs = NULL; + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) **pcerts; + int i; + pcerts = cms_get0_certificate_choices(cms); + if (!pcerts) + return NULL; + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) + { + cch = sk_CMS_CertificateChoices_value(*pcerts, i); + if (cch->type == 0) + { + if (!certs) + { + certs = sk_X509_new_null(); + if (!certs) + return NULL; + } + if (!sk_X509_push(certs, cch->d.certificate)) + { + sk_X509_pop_free(certs, X509_free); + return NULL; + } + CRYPTO_add(&cch->d.certificate->references, + 1, CRYPTO_LOCK_X509); + } + } + return certs; + + } + +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) + { + STACK_OF(X509_CRL) *crls = NULL; + STACK_OF(CMS_RevocationInfoChoice) **pcrls; + CMS_RevocationInfoChoice *rch; + int i; + pcrls = cms_get0_revocation_choices(cms); + if (!pcrls) + return NULL; + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) + { + rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); + if (rch->type == 0) + { + if (!crls) + { + crls = sk_X509_CRL_new_null(); + if (!crls) + return NULL; + } + if (!sk_X509_CRL_push(crls, rch->d.crl)) + { + sk_X509_CRL_pop_free(crls, X509_CRL_free); + return NULL; + } + CRYPTO_add(&rch->d.crl->references, + 1, CRYPTO_LOCK_X509_CRL); + } + } + return crls; + } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c new file mode 100644 index 0000000000000..591bfbec33b22 --- /dev/null +++ b/crypto/cms/cms_sd.c @@ -0,0 +1,1014 @@ +/* crypto/cms/cms_sd.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +/* CMS SignedData Utilities */ + +DECLARE_ASN1_ITEM(CMS_SignedData) + +static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) + { + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) + { + CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); + return NULL; + } + return cms->d.signedData; + } + +static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) + { + if (cms->d.other == NULL) + { + cms->d.signedData = M_ASN1_new_of(CMS_SignedData); + if (!cms->d.signedData) + { + CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + cms->d.signedData->version = 1; + cms->d.signedData->encapContentInfo->eContentType = + OBJ_nid2obj(NID_pkcs7_data); + cms->d.signedData->encapContentInfo->partial = 1; + ASN1_OBJECT_free(cms->contentType); + cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); + return cms->d.signedData; + } + return cms_get0_signed(cms); + } + +/* Just initialize SignedData e.g. for certs only structure */ + +int CMS_SignedData_init(CMS_ContentInfo *cms) + { + if (cms_signed_data_init(cms)) + return 1; + else + return 0; + } + +/* Check structures and fixup version numbers (if necessary) */ + +static void cms_sd_set_version(CMS_SignedData *sd) + { + int i; + CMS_CertificateChoices *cch; + CMS_RevocationInfoChoice *rch; + CMS_SignerInfo *si; + + for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) + { + cch = sk_CMS_CertificateChoices_value(sd->certificates, i); + if (cch->type == CMS_CERTCHOICE_OTHER) + { + if (sd->version < 5) + sd->version = 5; + } + else if (cch->type == CMS_CERTCHOICE_V2ACERT) + { + if (sd->version < 4) + sd->version = 4; + } + else if (cch->type == CMS_CERTCHOICE_V1ACERT) + { + if (sd->version < 3) + sd->version = 3; + } + } + + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) + { + rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); + if (rch->type == CMS_REVCHOICE_OTHER) + { + if (sd->version < 5) + sd->version = 5; + } + } + + if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) + && (sd->version < 3)) + sd->version = 3; + + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) + { + si = sk_CMS_SignerInfo_value(sd->signerInfos, i); + if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + if (si->version < 3) + si->version = 3; + if (sd->version < 3) + sd->version = 3; + } + else + sd->version = 1; + } + + if (sd->version < 1) + sd->version = 1; + + } + +/* Copy an existing messageDigest value */ + +static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) + { + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *sitmp; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + ASN1_OCTET_STRING *messageDigest; + sitmp = sk_CMS_SignerInfo_value(sinfos, i); + if (sitmp == si) + continue; + if (CMS_signed_get_attr_count(sitmp) < 0) + continue; + if (OBJ_cmp(si->digestAlgorithm->algorithm, + sitmp->digestAlgorithm->algorithm)) + continue; + messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!messageDigest) + { + CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + return 0; + } + + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, + messageDigest, -1)) + return 1; + else + return 0; + } + CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); + return 0; + } + +int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) + { + switch(type) + { + case CMS_SIGNERINFO_ISSUER_SERIAL: + sid->d.issuerAndSerialNumber = + M_ASN1_new_of(CMS_IssuerAndSerialNumber); + if (!sid->d.issuerAndSerialNumber) + goto merr; + if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, + X509_get_issuer_name(cert))) + goto merr; + ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); + sid->d.issuerAndSerialNumber->serialNumber = + ASN1_STRING_dup(X509_get_serialNumber(cert)); + if(!sid->d.issuerAndSerialNumber->serialNumber) + goto merr; + break; + + case CMS_SIGNERINFO_KEYIDENTIFIER: + if (!cert->skid) + { + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, + CMS_R_CERTIFICATE_HAS_NO_KEYID); + return 0; + } + sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); + if (!sid->d.subjectKeyIdentifier) + goto merr; + break; + + default: + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); + return 0; + } + + sid->type = type; + + return 1; + + merr: + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); + return 0; + + } + +int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) + { + if (issuer) + *issuer = sid->d.issuerAndSerialNumber->issuer; + if (sno) + *sno = sid->d.issuerAndSerialNumber->serialNumber; + } + else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + if (keyid) + *keyid = sid->d.subjectKeyIdentifier; + } + else + return 0; + return 1; + } + +int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) + { + int ret; + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) + { + ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, + X509_get_issuer_name(cert)); + if (ret) + return ret; + return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, + X509_get_serialNumber(cert)); + } + else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) + { + X509_check_purpose(cert, -1, -1); + if (!cert->skid) + return -1; + return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, + cert->skid); + } + else + return -1; + } + +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags) + { + CMS_SignedData *sd; + CMS_SignerInfo *si = NULL; + X509_ALGOR *alg; + int i, type; + if(!X509_check_private_key(signer, pk)) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + sd = cms_signed_data_init(cms); + if (!sd) + goto err; + si = M_ASN1_new_of(CMS_SignerInfo); + if (!si) + goto merr; + X509_check_purpose(signer, -1, -1); + + CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + + si->pkey = pk; + si->signer = signer; + + if (flags & CMS_USE_KEYID) + { + si->version = 3; + if (sd->version < 3) + sd->version = 3; + type = CMS_SIGNERINFO_KEYIDENTIFIER; + } + else + { + type = CMS_SIGNERINFO_ISSUER_SERIAL; + si->version = 1; + } + + if (!cms_set1_SignerIdentifier(si->sid, signer, type)) + goto err; + + /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ + if (md == NULL) + md = EVP_sha1(); + + /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ + + if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + cms_DigestAlgorithm_set(si->digestAlgorithm, md); + + /* See if digest is present in digestAlgorithms */ + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) + { + ASN1_OBJECT *aoid; + alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); + X509_ALGOR_get0(&aoid, NULL, NULL, alg); + if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) + break; + } + + if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) + { + alg = X509_ALGOR_new(); + if (!alg) + goto merr; + cms_DigestAlgorithm_set(alg, md); + if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) + { + X509_ALGOR_free(alg); + goto merr; + } + } + + /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, + * hard code algorithm parameters. + */ + + switch (pk->type) + { + + case EVP_PKEY_RSA: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + break; + + case EVP_PKEY_DSA: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_dsaWithSHA1), + V_ASN1_UNDEF, 0); + break; + + + case EVP_PKEY_EC: + X509_ALGOR_set0(si->signatureAlgorithm, + OBJ_nid2obj(NID_ecdsa_with_SHA1), + V_ASN1_UNDEF, 0); + break; + + default: + CMSerr(CMS_F_CMS_ADD1_SIGNER, + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + + } + + if (!(flags & CMS_NOATTR)) + { + /* Initialialize signed attributes strutucture so other + * attributes such as signing time etc are added later + * even if we add none here. + */ + if (!si->signedAttrs) + { + si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); + if (!si->signedAttrs) + goto merr; + } + + if (!(flags & CMS_NOSMIMECAP)) + { + STACK_OF(X509_ALGOR) *smcap = NULL; + i = CMS_add_standard_smimecap(&smcap); + if (i) + i = CMS_add_smimecap(si, smcap); + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + if (!i) + goto merr; + } + if (flags & CMS_REUSE_DIGEST) + { + if (!cms_copy_messageDigest(cms, si)) + goto err; + if (!(flags & CMS_PARTIAL) && + !CMS_SignerInfo_sign(si)) + goto err; + } + } + + if (!(flags & CMS_NOCERTS)) + { + /* NB ignore -1 return for duplicate cert */ + if (!CMS_add1_cert(cms, signer)) + goto merr; + } + + if (!sd->signerInfos) + sd->signerInfos = sk_CMS_SignerInfo_new_null(); + if (!sd->signerInfos || + !sk_CMS_SignerInfo_push(sd->signerInfos, si)) + goto merr; + + return si; + + merr: + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + err: + if (si) + M_ASN1_free_of(si, CMS_SignerInfo); + return NULL; + + } + +static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) + { + ASN1_TIME *tt; + int r = 0; + if (t) + tt = t; + else + tt = X509_gmtime_adj(NULL, 0); + + if (!tt) + goto merr; + + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, + tt->type, tt, -1) <= 0) + goto merr; + + r = 1; + + merr: + + if (!t) + ASN1_TIME_free(tt); + + if (!r) + CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); + + return r; + + } + +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) + { + CMS_SignedData *sd; + sd = cms_get0_signed(cms); + if (!sd) + return NULL; + return sd->signerInfos; + } + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) + { + STACK_OF(X509) *signers = NULL; + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *si; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (si->signer) + { + if (!signers) + { + signers = sk_X509_new_null(); + if (!signers) + return NULL; + } + if (!sk_X509_push(signers, si->signer)) + { + sk_X509_free(signers); + return NULL; + } + } + } + return signers; + } + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) + { + if (signer) + { + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + if (si->pkey) + EVP_PKEY_free(si->pkey); + si->pkey = X509_get_pubkey(signer); + } + if (si->signer) + X509_free(si->signer); + si->signer = signer; + } + +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) + { + return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); + } + +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) + { + return cms_SignerIdentifier_cert_cmp(si->sid, cert); + } + +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, + unsigned int flags) + { + CMS_SignedData *sd; + CMS_SignerInfo *si; + CMS_CertificateChoices *cch; + STACK_OF(CMS_CertificateChoices) *certs; + X509 *x; + int i, j; + int ret = 0; + sd = cms_get0_signed(cms); + if (!sd) + return -1; + certs = sd->certificates; + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) + { + si = sk_CMS_SignerInfo_value(sd->signerInfos, i); + if (si->signer) + continue; + + for (j = 0; j < sk_X509_num(scerts); j++) + { + x = sk_X509_value(scerts, j); + if (CMS_SignerInfo_cert_cmp(si, x) == 0) + { + CMS_SignerInfo_set1_signer_cert(si, x); + ret++; + break; + } + } + + if (si->signer || (flags & CMS_NOINTERN)) + continue; + + for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) + { + cch = sk_CMS_CertificateChoices_value(certs, j); + if (cch->type != 0) + continue; + x = cch->d.certificate; + if (CMS_SignerInfo_cert_cmp(si, x) == 0) + { + CMS_SignerInfo_set1_signer_cert(si, x); + ret++; + break; + } + } + } + return ret; + } + +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig) + { + if (pk) + *pk = si->pkey; + if (signer) + *signer = si->signer; + if (pdig) + *pdig = si->digestAlgorithm; + if (psig) + *psig = si->signatureAlgorithm; + } + +/* In OpenSSL 0.9.8 we have the link between digest types and public + * key types so we need to fixup the digest type if the public key + * type is not appropriate. + */ + +static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) + { + if (EVP_MD_CTX_type(mctx) != NID_sha1) + return; +#ifndef OPENSSL_NO_DSA + if (pkey->type == EVP_PKEY_DSA) + mctx->digest = EVP_dss1(); +#endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + mctx->digest = EVP_ecdsa(); +#endif + } + +static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, + CMS_SignerInfo *si, BIO *chain) + { + EVP_MD_CTX mctx; + int r = 0; + EVP_MD_CTX_init(&mctx); + + + if (!si->pkey) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); + return 0; + } + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + goto err; + + /* If any signed attributes calculate and add messageDigest attribute */ + + if (CMS_signed_get_attr_count(si) >= 0) + { + ASN1_OBJECT *ctype = + cms->d.signedData->encapContentInfo->eContentType; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + EVP_DigestFinal_ex(&mctx, md, &mdlen); + if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, + md, mdlen)) + goto err; + /* Copy content type across */ + if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, ctype, -1) <= 0) + goto err; + if (!CMS_SignerInfo_sign(si)) + goto err; + } + else + { + unsigned char *sig; + unsigned int siglen; + sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); + if (!sig) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, + ERR_R_MALLOC_FAILURE); + goto err; + } + cms_fixup_mctx(&mctx, si->pkey); + if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, + CMS_R_SIGNFINAL_ERROR); + OPENSSL_free(sig); + goto err; + } + ASN1_STRING_set0(si->signature, sig, siglen); + } + + r = 1; + + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + + } + +int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) + { + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *si; + int i; + sinfos = CMS_get0_SignerInfos(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!cms_SignerInfo_content_sign(cms, si, chain)) + return 0; + } + cms->d.signedData->encapContentInfo->partial = 0; + return 1; + } + +int CMS_SignerInfo_sign(CMS_SignerInfo *si) + { + EVP_MD_CTX mctx; + unsigned char *abuf = NULL; + int alen; + unsigned int siglen; + const EVP_MD *md = NULL; + + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return 0; + + EVP_MD_CTX_init(&mctx); + + if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) + { + if (!cms_add1_signingTime(si, NULL)) + goto err; + } + + if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) + goto err; + +#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); + goto err; + } +#endif + + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, + ASN1_ITEM_rptr(CMS_Attributes_Sign)); + if(!abuf) + goto err; + if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) + goto err; + siglen = EVP_PKEY_size(si->pkey); + OPENSSL_free(abuf); + abuf = OPENSSL_malloc(siglen); + if(!abuf) + goto err; + cms_fixup_mctx(&mctx, si->pkey); + if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) + goto err; +#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); + goto err; + } +#endif + EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->signature, abuf, siglen); + + return 1; + + err: + if (abuf) + OPENSSL_free(abuf); + EVP_MD_CTX_cleanup(&mctx); + return 0; + + } + +int CMS_SignerInfo_verify(CMS_SignerInfo *si) + { + EVP_MD_CTX mctx; + unsigned char *abuf = NULL; + int alen, r = -1; + const EVP_MD *md = NULL; + + if (!si->pkey) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); + return -1; + } + + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) + return -1; + EVP_MD_CTX_init(&mctx); + if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) + goto err; + + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, + ASN1_ITEM_rptr(CMS_Attributes_Verify)); + if(!abuf) + goto err; + r = EVP_VerifyUpdate(&mctx, abuf, alen); + OPENSSL_free(abuf); + if (r <= 0) + { + r = -1; + goto err; + } + cms_fixup_mctx(&mctx, si->pkey); + r = EVP_VerifyFinal(&mctx, + si->signature->data, si->signature->length, si->pkey); + if (!r) + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + } + +/* Create a chain of digest BIOs from a CMS ContentInfo */ + +BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) + { + int i; + CMS_SignedData *sd; + BIO *chain = NULL; + sd = cms_get0_signed(cms); + if (!sd) + return NULL; + if (cms->d.signedData->encapContentInfo->partial) + cms_sd_set_version(sd); + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) + { + X509_ALGOR *digestAlgorithm; + BIO *mdbio; + digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); + mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); + if (!mdbio) + goto err; + if (chain) + BIO_push(chain, mdbio); + else + chain = mdbio; + } + return chain; + err: + if (chain) + BIO_free_all(chain); + return NULL; + } + +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) + { + ASN1_OCTET_STRING *os = NULL; + EVP_MD_CTX mctx; + int r = -1; + EVP_MD_CTX_init(&mctx); + /* If we have any signed attributes look for messageDigest value */ + if (CMS_signed_get_attr_count(si) >= 0) + { + os = CMS_signed_get0_data_by_OBJ(si, + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!os) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + goto err; + } + } + + if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + goto err; + + /* If messageDigest found compare it */ + + if (os) + { + unsigned char mval[EVP_MAX_MD_SIZE]; + unsigned int mlen; + if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_UNABLE_TO_FINALIZE_CONTEXT); + goto err; + } + if (mlen != (unsigned int)os->length) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); + goto err; + } + + if (memcmp(mval, os->data, mlen)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_VERIFICATION_FAILURE); + r = 0; + } + else + r = 1; + } + else + { + cms_fixup_mctx(&mctx, si->pkey); + r = EVP_VerifyFinal(&mctx, si->signature->data, + si->signature->length, si->pkey); + if (r <= 0) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, + CMS_R_VERIFICATION_FAILURE); + r = 0; + } + } + + err: + EVP_MD_CTX_cleanup(&mctx); + return r; + + } + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) + { + unsigned char *smder = NULL; + int smderlen, r; + smderlen = i2d_X509_ALGORS(algs, &smder); + if (smderlen <= 0) + return 0; + r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, smder, smderlen); + OPENSSL_free(smder); + return r; + } + +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize) + { + X509_ALGOR *alg; + ASN1_INTEGER *key = NULL; + if (keysize > 0) + { + key = ASN1_INTEGER_new(); + if (!key || !ASN1_INTEGER_set(key, keysize)) + return 0; + } + alg = X509_ALGOR_new(); + if (!alg) + { + if (key) + ASN1_INTEGER_free(key); + return 0; + } + + X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); + if (!*algs) + *algs = sk_X509_ALGOR_new_null(); + if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) + { + X509_ALGOR_free(alg); + return 0; + } + return 1; + } + +/* Check to see if a cipher exists and if so add S/MIME capabilities */ + +static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) + { + if (EVP_get_cipherbynid(nid)) + return CMS_add_simple_smimecap(sk, nid, arg); + return 1; + } +#if 0 +static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) + { + if (EVP_get_digestbynid(nid)) + return CMS_add_simple_smimecap(sk, nid, arg); + return 1; + } +#endif +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) + { + if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) + || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) + || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) + return 0; + return 1; + } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c new file mode 100644 index 0000000000000..b35d28d411a3f --- /dev/null +++ b/crypto/cms/cms_smime.c @@ -0,0 +1,808 @@ +/* crypto/cms/cms_smime.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "cms_lcl.h" + +static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) + { + unsigned char buf[4096]; + int r = 0, i; + BIO *tmpout = NULL; + + if (out == NULL) + tmpout = BIO_new(BIO_s_null()); + else if (flags & CMS_TEXT) + tmpout = BIO_new(BIO_s_mem()); + else + tmpout = out; + + if(!tmpout) + { + CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Read all content through chain to process digest, decrypt etc */ + for (;;) + { + i=BIO_read(in,buf,sizeof(buf)); + if (i <= 0) + { + if (BIO_method_type(in) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(in)) + goto err; + } + if (i < 0) + goto err; + break; + } + + if (tmpout && (BIO_write(tmpout, buf, i) != i)) + goto err; + } + + if(flags & CMS_TEXT) + { + if(!SMIME_text(tmpout, out)) + { + CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR); + goto err; + } + } + + r = 1; + + err: + if (tmpout && (tmpout != out)) + BIO_free(tmpout); + return r; + + } + +static int check_content(CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos || !*pos) + { + CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); + return 0; + } + return 1; + } + +static void do_free_upto(BIO *f, BIO *upto) + { + if (upto) + { + BIO *tbio; + do + { + tbio = BIO_pop(f); + BIO_free(f); + f = tbio; + } + while (f != upto); + } + else + BIO_free_all(f); + } + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) + { + CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); + return 0; + } + cont = CMS_dataInit(cms, NULL); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + BIO_free_all(cont); + return r; + } + +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) + { + CMS_ContentInfo *cms; + cms = cms_Data_create(); + if (!cms) + return NULL; + + if (CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + + return NULL; + } + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) + { + CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + if (r) + r = cms_DigestedData_do_final(cms, cont, 1); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags) + { + CMS_ContentInfo *cms; + if (!md) + md = EVP_sha1(); + cms = cms_DigestedData_create(md); + if (!cms) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, + CMS_R_TYPE_NOT_ENCRYPTED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0) + return 0; + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags) + { + CMS_ContentInfo *cms; + if (!cipher) + { + CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); + return NULL; + } + cms = CMS_ContentInfo_new(); + if (!cms) + return NULL; + if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, + X509_STORE *store, + STACK_OF(X509) *certs, + STACK_OF(X509_CRL) *crls, + unsigned int flags) + { + X509_STORE_CTX ctx; + X509 *signer; + int i, j, r = 0; + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); + if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) + { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, + CMS_R_STORE_INIT_ERROR); + goto err; + } + X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); + if (crls) + X509_STORE_CTX_set0_crls(&ctx, crls); + + i = X509_verify_cert(&ctx); + if (i <= 0) + { + j = X509_STORE_CTX_get_error(&ctx); + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, + CMS_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + goto err; + } + r = 1; + err: + X509_STORE_CTX_cleanup(&ctx); + return r; + + } + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) + { + CMS_SignerInfo *si; + STACK_OF(CMS_SignerInfo) *sinfos; + STACK_OF(X509) *cms_certs = NULL; + STACK_OF(X509_CRL) *crls = NULL; + X509 *signer; + int i, scount = 0, ret = 0; + BIO *cmsbio = NULL, *tmpin = NULL; + + if (!dcont && !check_content(cms)) + return 0; + + /* Attempt to find all signer certificates */ + + sinfos = CMS_get0_SignerInfos(cms); + + if (sk_CMS_SignerInfo_num(sinfos) <= 0) + { + CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); + goto err; + } + + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); + if (signer) + scount++; + } + + if (scount != sk_CMS_SignerInfo_num(sinfos)) + scount += CMS_set1_signers_certs(cms, certs, flags); + + if (scount != sk_CMS_SignerInfo_num(sinfos)) + { + CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); + goto err; + } + + /* Attempt to verify all signers certs */ + + if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) + { + cms_certs = CMS_get1_certs(cms); + if (!(flags & CMS_NOCRL)) + crls = CMS_get1_crls(cms); + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!cms_signerinfo_verify_cert(si, store, + cms_certs, crls, flags)) + goto err; + } + } + + /* Attempt to verify all SignerInfo signed attribute signatures */ + + if (!(flags & CMS_NO_ATTR_VERIFY)) + { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (CMS_signed_get_attr_count(si) < 0) + continue; + if (CMS_SignerInfo_verify(si) <= 0) + goto err; + } + } + + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(dcont, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = dcont; + + + cmsbio=CMS_dataInit(cms, tmpin); + if (!cmsbio) + goto err; + + if (!cms_copy_content(out, cmsbio, flags)) + goto err; + + if (!(flags & CMS_NO_CONTENT_VERIFY)) + { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) + { + si = sk_CMS_SignerInfo_value(sinfos, i); + if (!CMS_SignerInfo_verify_content(si, cmsbio)) + { + CMSerr(CMS_F_CMS_VERIFY, + CMS_R_CONTENT_VERIFY_ERROR); + goto err; + } + } + } + + ret = 1; + + err: + + if (dcont && (tmpin == dcont)) + do_free_upto(cmsbio, dcont); + else + BIO_free_all(cmsbio); + + if (cms_certs) + sk_X509_pop_free(cms_certs, X509_free); + if (crls) + sk_X509_CRL_pop_free(crls, X509_CRL_free); + + return ret; + } + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags) + { + int r; + r = CMS_verify(rcms, certs, store, NULL, NULL, flags); + if (r <= 0) + return r; + return cms_Receipt_verify(rcms, ocms); + } + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags) + { + CMS_ContentInfo *cms; + int i; + + cms = CMS_ContentInfo_new(); + if (!cms || !CMS_SignedData_init(cms)) + goto merr; + + if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) + { + CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); + goto err; + } + + for (i = 0; i < sk_X509_num(certs); i++) + { + X509 *x = sk_X509_value(certs, i); + if (!CMS_add1_cert(cms, x)) + goto merr; + } + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, data, NULL, flags)) + return cms; + else + goto err; + + merr: + CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); + + err: + if (cms) + CMS_ContentInfo_free(cms); + return NULL; + } + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, + unsigned int flags) + { + CMS_SignerInfo *rct_si; + CMS_ContentInfo *cms = NULL; + ASN1_OCTET_STRING **pos, *os; + BIO *rct_cont = NULL; + int r = 0; + + flags &= ~CMS_STREAM; + /* Not really detached but avoids content being allocated */ + flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; + if (!pkey || !signcert) + { + CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); + return NULL; + } + + /* Initialize signed data */ + + cms = CMS_sign(NULL, NULL, certs, NULL, flags); + if (!cms) + goto err; + + /* Set inner content type to signed receipt */ + if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt))) + goto err; + + rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); + if (!rct_si) + { + CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); + goto err; + } + + os = cms_encode_Receipt(si); + + if (!os) + goto err; + + /* Set content to digest */ + rct_cont = BIO_new_mem_buf(os->data, os->length); + if (!rct_cont) + goto err; + + /* Add msgSigDigest attribute */ + + if (!cms_msgSigDigest_add1(rct_si, si)) + goto err; + + /* Finalize structure */ + if (!CMS_final(cms, rct_cont, NULL, flags)) + goto err; + + /* Set embedded content */ + pos = CMS_get0_content(cms); + *pos = os; + + r = 1; + + err: + if (rct_cont) + BIO_free(rct_cont); + if (r) + return cms; + CMS_ContentInfo_free(cms); + return NULL; + + } + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, + const EVP_CIPHER *cipher, unsigned int flags) + { + CMS_ContentInfo *cms; + int i; + X509 *recip; + cms = CMS_EnvelopedData_create(cipher); + if (!cms) + goto merr; + for (i = 0; i < sk_X509_num(certs); i++) + { + recip = sk_X509_value(certs, i); + if (!CMS_add1_recipient_cert(cms, recip, flags)) + { + CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); + goto err; + } + } + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) + || CMS_final(cms, data, NULL, flags)) + return cms; + else + goto err; + + merr: + CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); + err: + if (cms) + CMS_ContentInfo_free(cms); + return NULL; + } + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) + { + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; + ris = CMS_get0_RecipientInfos(cms); + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); + if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) + continue; + /* If we have a cert try matching RecipientInfo + * otherwise try them all. + */ + if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) + { + CMS_RecipientInfo_set0_pkey(ri, pk); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_pkey(ri, NULL); + if (r > 0) + return 1; + if (cert) + { + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, + CMS_R_DECRYPT_ERROR); + return 0; + } + ERR_clear_error(); + } + } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; + + } + +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen) + { + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; + ris = CMS_get0_RecipientInfos(cms); + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); + if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) + continue; + + /* If we have an id try matching RecipientInfo + * otherwise try them all. + */ + if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) + { + CMS_RecipientInfo_set0_key(ri, key, keylen); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_key(ri, NULL, 0); + if (r > 0) + return 1; + if (id) + { + CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, + CMS_R_DECRYPT_ERROR); + return 0; + } + ERR_clear_error(); + } + } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; + + } + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, + BIO *dcont, BIO *out, + unsigned int flags) + { + int r; + BIO *cont; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) + { + CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); + return 0; + } + if (!dcont && !check_content(cms)) + return 0; + if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) + { + BIO *cmsbio; + int ret = 0; + if (!(cmsbio = CMS_dataInit(cms, dcont))) + { + CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); + return 0; + } + + SMIME_crlf_copy(data, cmsbio, flags); + + (void)BIO_flush(cmsbio); + + + if (!CMS_dataFinal(cms, cmsbio)) + { + CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR); + goto err; + } + + ret = 1; + + err: + do_free_upto(cmsbio, dcont); + + return ret; + + } + +#ifdef ZLIB + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + BIO *cont; + int r; + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) + { + CMSerr(CMS_F_CMS_UNCOMPRESS, + CMS_R_TYPE_NOT_COMPRESSED_DATA); + return 0; + } + + if (!dcont && !check_content(cms)) + return 0; + + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; + r = cms_copy_content(out, cont, flags); + do_free_upto(cont, dcont); + return r; + } + +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) + { + CMS_ContentInfo *cms; + if (comp_nid <= 0) + comp_nid = NID_zlib_compression; + cms = cms_CompressedData_create(comp_nid); + if (!cms) + return NULL; + + if(!(flags & CMS_DETACHED)) + { + flags &= ~CMS_STREAM; + CMS_set_detached(cms, 0); + } + + if (CMS_final(cms, in, NULL, flags)) + return cms; + + CMS_ContentInfo_free(cms); + return NULL; + } + +#else + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) + { + CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return 0; + } + +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) + { + CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + return NULL; + } + +#endif diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 43402e75dbf52..0f34597e70427 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -105,6 +105,7 @@ typedef int (*deflateEnd_ft)(z_streamp strm); typedef int (*deflate_ft)(z_streamp strm, int flush); typedef int (*deflateInit__ft)(z_streamp strm, int level, const char * version, int stream_size); +typedef const char * (*zError__ft)(int err); static compress_ft p_compress=NULL; static inflateEnd_ft p_inflateEnd=NULL; static inflate_ft p_inflate=NULL; @@ -112,6 +113,7 @@ static inflateInit__ft p_inflateInit_=NULL; static deflateEnd_ft p_deflateEnd=NULL; static deflate_ft p_deflate=NULL; static deflateInit__ft p_deflateInit_=NULL; +static zError__ft p_zError=NULL; static int zlib_loaded = 0; /* only attempt to init func pts once */ static DSO *zlib_dso = NULL; @@ -123,6 +125,7 @@ static DSO *zlib_dso = NULL; #define deflateEnd p_deflateEnd #define deflate p_deflate #define deflateInit_ p_deflateInit_ +#define zError p_zError #endif /* ZLIB_SHARED */ struct zlib_state @@ -373,10 +376,13 @@ COMP_METHOD *COMP_zlib(void) p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); + p_zError + = (zError__ft) DSO_bind_func(zlib_dso, + "zError"); if (p_compress && p_inflateEnd && p_inflate && p_inflateInit_ && p_deflateEnd - && p_deflate && p_deflateInit_) + && p_deflate && p_deflateInit_ && p_zError) zlib_loaded++; } } @@ -410,3 +416,386 @@ err: return(meth); } +void COMP_zlib_cleanup(void) + { +#ifdef ZLIB_SHARED + if (zlib_dso) + DSO_free(zlib_dso); +#endif + } + +#ifdef ZLIB + +/* Zlib based compression/decompression filter BIO */ + +typedef struct + { + unsigned char *ibuf; /* Input buffer */ + int ibufsize; /* Buffer size */ + z_stream zin; /* Input decompress context */ + unsigned char *obuf; /* Output buffer */ + int obufsize; /* Output buffer size */ + unsigned char *optr; /* Position in output buffer */ + int ocount; /* Amount of data in output buffer */ + int odone; /* deflate EOF */ + int comp_level; /* Compression level to use */ + z_stream zout; /* Output compression context */ + } BIO_ZLIB_CTX; + +#define ZLIB_DEFAULT_BUFSIZE 1024 + +static int bio_zlib_new(BIO *bi); +static int bio_zlib_free(BIO *bi); +static int bio_zlib_read(BIO *b, char *out, int outl); +static int bio_zlib_write(BIO *b, const char *in, int inl); +static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); + +static BIO_METHOD bio_meth_zlib = + { + BIO_TYPE_COMP, + "zlib", + bio_zlib_write, + bio_zlib_read, + NULL, + NULL, + bio_zlib_ctrl, + bio_zlib_new, + bio_zlib_free, + bio_zlib_callback_ctrl + }; + +BIO_METHOD *BIO_f_zlib(void) + { + return &bio_meth_zlib; + } + + +static int bio_zlib_new(BIO *bi) + { + BIO_ZLIB_CTX *ctx; +#ifdef ZLIB_SHARED + (void)COMP_zlib(); + if (!zlib_loaded) + { + COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); + return 0; + } +#endif + ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); + if(!ctx) + { + COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->ibuf = NULL; + ctx->obuf = NULL; + ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->zin.zalloc = Z_NULL; + ctx->zin.zfree = Z_NULL; + ctx->zin.next_in = NULL; + ctx->zin.avail_in = 0; + ctx->zin.next_out = NULL; + ctx->zin.avail_out = 0; + ctx->zout.zalloc = Z_NULL; + ctx->zout.zfree = Z_NULL; + ctx->zout.next_in = NULL; + ctx->zout.avail_in = 0; + ctx->zout.next_out = NULL; + ctx->zout.avail_out = 0; + ctx->odone = 0; + ctx->comp_level = Z_DEFAULT_COMPRESSION; + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return 1; + } + +static int bio_zlib_free(BIO *bi) + { + BIO_ZLIB_CTX *ctx; + if(!bi) return 0; + ctx = (BIO_ZLIB_CTX *)bi->ptr; + if(ctx->ibuf) + { + /* Destroy decompress context */ + inflateEnd(&ctx->zin); + OPENSSL_free(ctx->ibuf); + } + if(ctx->obuf) + { + /* Destroy compress context */ + deflateEnd(&ctx->zout); + OPENSSL_free(ctx->obuf); + } + OPENSSL_free(ctx); + bi->ptr = NULL; + bi->init = 0; + bi->flags = 0; + return 1; + } + +static int bio_zlib_read(BIO *b, char *out, int outl) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zin; + if(!out || !outl) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + zin = &ctx->zin; + BIO_clear_retry_flags(b); + if(!ctx->ibuf) + { + ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); + if(!ctx->ibuf) + { + COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); + return 0; + } + inflateInit(zin); + zin->next_in = ctx->ibuf; + zin->avail_in = 0; + } + + /* Copy output data directly to supplied buffer */ + zin->next_out = (unsigned char *)out; + zin->avail_out = (unsigned int)outl; + for(;;) + { + /* Decompress while data available */ + while(zin->avail_in) + { + ret = inflate(zin, 0); + if((ret != Z_OK) && (ret != Z_STREAM_END)) + { + COMPerr(COMP_F_BIO_ZLIB_READ, + COMP_R_ZLIB_INFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", + zError(ret)); + return 0; + } + /* If EOF or we've read everything then return */ + if((ret == Z_STREAM_END) || !zin->avail_out) + return outl - zin->avail_out; + } + + /* No data in input buffer try to read some in, + * if an error then return the total data read. + */ + ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); + if(ret <= 0) + { + /* Total data read */ + int tot = outl - zin->avail_out; + BIO_copy_next_retry(b); + if(ret < 0) return (tot > 0) ? tot : ret; + return tot; + } + zin->avail_in = ret; + zin->next_in = ctx->ibuf; + } + } + +static int bio_zlib_write(BIO *b, const char *in, int inl) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + if(!in || !inl) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + if(ctx->odone) return 0; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + if(!ctx->obuf) + { + ctx->obuf = OPENSSL_malloc(ctx->obufsize); + /* Need error here */ + if(!ctx->obuf) + { + COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->optr = ctx->obuf; + ctx->ocount = 0; + deflateInit(zout, ctx->comp_level); + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + } + /* Obtain input data directly from supplied buffer */ + zout->next_in = (void *)in; + zout->avail_in = inl; + for(;;) + { + /* If data in output buffer write it first */ + while(ctx->ocount) { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if(ret <= 0) + { + /* Total data written */ + int tot = inl - zout->avail_in; + BIO_copy_next_retry(b); + if(ret < 0) return (tot > 0) ? tot : ret; + return tot; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + + /* Have we consumed all supplied data? */ + if(!zout->avail_in) + return inl; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, 0); + if(ret != Z_OK) + { + COMPerr(COMP_F_BIO_ZLIB_WRITE, + COMP_R_ZLIB_DEFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } + } + +static int bio_zlib_flush(BIO *b) + { + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + ctx = (BIO_ZLIB_CTX *)b->ptr; + /* If no data written or already flush show success */ + if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + /* No more input data */ + zout->next_in = NULL; + zout->avail_in = 0; + for(;;) + { + /* If data in output buffer write it first */ + while(ctx->ocount) + { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if(ret <= 0) + { + BIO_copy_next_retry(b); + return ret; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + if(ctx->odone) return 1; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, Z_FINISH); + if(ret == Z_STREAM_END) ctx->odone = 1; + else if(ret != Z_OK) + { + COMPerr(COMP_F_BIO_ZLIB_FLUSH, + COMP_R_ZLIB_DEFLATE_ERROR); + ERR_add_error_data(2, "zlib error:", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } + } + +static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + { + BIO_ZLIB_CTX *ctx; + int ret, *ip; + int ibs, obs; + if(!b->next_bio) return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + switch (cmd) + { + + case BIO_CTRL_RESET: + ctx->ocount = 0; + ctx->odone = 0; + break; + + case BIO_CTRL_FLUSH: + ret = bio_zlib_flush(b); + if (ret > 0) + ret = BIO_flush(b->next_bio); + break; + + case BIO_C_SET_BUFF_SIZE: + ibs = -1; + obs = -1; + if (ptr != NULL) + { + ip = ptr; + if (*ip == 0) + ibs = (int) num; + else + obs = (int) num; + } + else + { + ibs = (int)num; + obs = ibs; + } + + if (ibs != -1) + { + if (ctx->ibuf) + { + OPENSSL_free(ctx->ibuf); + ctx->ibuf = NULL; + } + ctx->ibufsize = ibs; + } + + if (obs != -1) + { + if (ctx->obuf) + { + OPENSSL_free(ctx->obuf); + ctx->obuf = NULL; + } + ctx->obufsize = obs; + } + + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + default: + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + + } + + return ret; + } + + +static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + if(!b->next_bio) + return 0; + return + BIO_callback_ctrl(b->next_bio, cmd, fp); + } + +#endif diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h index 5d59354a5715f..4b405c7d49ef1 100644 --- a/crypto/comp/comp.h +++ b/crypto/comp/comp.h @@ -47,6 +47,13 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); COMP_METHOD *COMP_rle(void ); COMP_METHOD *COMP_zlib(void ); +void COMP_zlib_cleanup(void); + +#ifdef HEADER_BIO_H +#ifdef ZLIB +BIO_METHOD *BIO_f_zlib(void); +#endif +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -57,8 +64,15 @@ void ERR_load_COMP_strings(void); /* Error codes for the COMP functions. */ /* Function codes. */ +#define COMP_F_BIO_ZLIB_FLUSH 99 +#define COMP_F_BIO_ZLIB_NEW 100 +#define COMP_F_BIO_ZLIB_READ 101 +#define COMP_F_BIO_ZLIB_WRITE 102 /* Reason codes. */ +#define COMP_R_ZLIB_DEFLATE_ERROR 99 +#define COMP_R_ZLIB_INFLATE_ERROR 100 +#define COMP_R_ZLIB_NOT_SUPPORTED 101 #ifdef __cplusplus } diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 07372226c9d08..187d68b725ca0 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* crypto/comp/comp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,11 +70,18 @@ static ERR_STRING_DATA COMP_str_functs[]= { +{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, +{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, {0,NULL} }; static ERR_STRING_DATA COMP_str_reasons[]= { +{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"}, +{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"}, +{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"}, {0,NULL} }; diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 4c073dd83171f..8aa06bc5ecbdf 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -114,6 +114,7 @@ typedef void conf_finish_func(CONF_IMODULE *md); #define CONF_MFLAGS_SILENT 0x4 #define CONF_MFLAGS_NO_DSO 0x8 #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf,LHASH *hash); diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 0032baa7119b2..909d72b4b89af 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -121,7 +121,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) v = (CONF_VALUE *)lh_insert(conf->data, value); if (v != NULL) { - sk_CONF_VALUE_delete_ptr(ts,v); + (void)sk_CONF_VALUE_delete_ptr(ts,v); OPENSSL_free(v->name); OPENSSL_free(v->value); OPENSSL_free(v); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 587211a59c19b..628e8333a6d60 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -126,17 +126,18 @@ int CONF_modules_load(const CONF *cnf, const char *appname, { STACK_OF(CONF_VALUE) *values; CONF_VALUE *vl; - char *vsection; + char *vsection = NULL; int ret, i; if (!cnf) return 1; - if (appname == NULL) - appname = "openssl_conf"; + if (appname) + vsection = NCONF_get_string(cnf, NULL, appname); - vsection = NCONF_get_string(cnf, NULL, appname); + if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) + vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); if (!vsection) { @@ -431,7 +432,7 @@ void CONF_modules_unload(int all) if (((md->links > 0) || !md->dso) && !all) continue; /* Since we're working in reverse this is OK */ - sk_CONF_MODULE_delete(supported_modules, i); + (void)sk_CONF_MODULE_delete(supported_modules, i); module_free(md); } if (sk_CONF_MODULE_num(supported_modules) == 0) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index e15c2e55463a4..9c53bac1a8c12 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -88,8 +88,8 @@ void OPENSSL_config(const char *config_name) ERR_clear_error(); - if (CONF_modules_load_file(NULL, NULL, - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) + if (CONF_modules_load_file(NULL, config_name, + CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { BIO *bio_err; ERR_load_crypto_strings(); diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 86af760d38138..8c686238286c7 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -277,7 +277,7 @@ int CRYPTO_get_new_dynlockid(void) else /* If we found a place with a NULL pointer, put our pointer in it. */ - sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); + (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); if (i == -1) @@ -319,7 +319,7 @@ void CRYPTO_destroy_dynlockid(int i) #endif if (pointer->references <= 0) { - sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); + (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); } else pointer = NULL; diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index 5ceaa964b5324..fc249c57f3793 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -103,7 +103,6 @@ extern unsigned long OPENSSL_ia32cap_P; void OPENSSL_showfatal(const char *,...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; -int OPENSSL_isservice(void); #ifdef __cplusplus } diff --git a/crypto/crypto.h b/crypto/crypto.h index d2b5ffe3325bc..fe2c1d6403422 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -521,6 +521,7 @@ void OpenSSLDie(const char *file,int line,const char *assertion); unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +int OPENSSL_isservice(void); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/des/des.h b/crypto/des/des.h index 3cbc2b568e915..92b6663599844 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -195,9 +195,10 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, DES_cblock *ivec,int *num); - +#if 0 void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, DES_cblock *out_white); +#endif int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, DES_cblock *iv); diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 7e4cd7180d181..7c33ed7a93341 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -169,11 +169,13 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, (DES_key_schedule *)ks3, ivec, num); } +#if 0 /* broken code, preserved just in case anyone specifically looks for this */ void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), _ossl_old_des_cblock (*out_white)) { DES_xwhite_in2out(des_key, in_white, out_white); } +#endif int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, _ossl_old_des_cblock *iv) diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 1b0620c3a2e18..2b2c37235497c 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -364,9 +364,10 @@ void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); - +#if 0 void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), _ossl_old_des_cblock (*out_white)); +#endif int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, _ossl_old_des_cblock *iv); diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 55efe03f4233c..a43ef3c881880 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -115,7 +115,7 @@ int DES_check_key_parity(const_DES_cblock *key) * (and actual cblock values). */ #define NUM_WEAK_KEY 16 -static DES_cblock weak_keys[NUM_WEAK_KEY]={ +static const DES_cblock weak_keys[NUM_WEAK_KEY]={ /* weak keys */ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c index 47246eb466497..dc0c761b71f70 100644 --- a/crypto/des/xcbc_enc.c +++ b/crypto/des/xcbc_enc.c @@ -60,6 +60,7 @@ /* RSA's DESX */ +#if 0 /* broken code, preserved just in case anyone specifically looks for this */ static unsigned char desx_white_in2out[256]={ 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, @@ -98,7 +99,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, } out0=out[0]; - out1=out[i]; + out1=out[i]; /* BUG: out-of-bounds read */ for (i=0; i<8; i++) { out[i]=in[i]^desx_white_in2out[out0^out1]; @@ -106,6 +107,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, out1=(int)out[i&0x07]; } } +#endif void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index d368e33b4ced2..950cad9c5bac1 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -123,11 +123,17 @@ dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c -dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dh_lib.o: ../cryptlib.h dh_lib.c diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 058aec75bcd92..b8469130045fa 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -62,7 +62,7 @@ #include /* Check that p is a safe prime and - * if g is 2, 3 or 5, check that is is a suitable generator + * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 * for 3, p mod 12 == 5 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 37a2c1bca23f4..e7db440342fad 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -150,7 +150,7 @@ static int generate_key(DH *dh) { BN_init(&local_prk); prk = &local_prk; - BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); } else prk = priv_key; @@ -203,7 +203,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { /* XXX */ - BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); } if (!mont) goto err; diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 676baf7d49cee..5493f19e85c14 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -126,11 +126,16 @@ dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 6a6be3b57537d..ca0b86a6cfc0f 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -117,13 +117,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, if (bits < 512) bits=512; bits=(bits+63)/64*64; - if (seed_len < 20) + /* NB: seed_len == 0 is special case: copy generated seed to + * seed_in if it is not NULL. + */ + if (seed_len && (seed_len < 20)) seed_in = NULL; /* seed buffer too small -- ignore */ if (seed_len > 20) seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, * but our internal buffers are restricted to 160 bits*/ if ((seed_in != NULL) && (seed_len == 20)) + { memcpy(seed,seed_in,seed_len); + /* set seed_in to NULL to avoid it being copied back */ + seed_in = NULL; + } if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -300,7 +307,7 @@ err: ok=0; goto err; } - if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); + if (seed_in != NULL) memcpy(seed_in,seed,20); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 0423f2e00cd25..c4aa86bc6dce4 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -107,7 +107,7 @@ static int dsa_builtin_keygen(DSA *dsa) { BN_init(&local_prk); prk = &local_prk; - BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); } else prk = priv_key; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index e6aad85825de8..75ff7cc4afaf4 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -229,7 +229,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) while (BN_is_zero(&k)); if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { - BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); + BN_set_flags(&k, BN_FLG_CONSTTIME); } if (dsa->flags & DSA_FLAG_CACHE_MONT_P) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 3c96fbd0d86d6..8bc2a235b1a75 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -471,6 +471,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 #define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_PRE_COMP_NEW 196 #define EC_F_EC_WNAF_MUL 187 #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 #define EC_F_I2D_ECPARAMETERS 190 diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 7be315bac9267..d04c8955604e0 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -170,6 +170,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, +{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index a045139a00150..2ba173ef36422 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -104,7 +104,10 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); if (!ret) + { + ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; + } ret->group = group; ret->blocksize = 8; /* default */ ret->numblocks = 0; @@ -194,6 +197,19 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) int bit, next_bit, mask; size_t len = 0, j; + if (BN_is_zero(scalar)) + { + r = OPENSSL_malloc(1); + if (!r) + { + ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); + goto err; + } + r[0] = 0; + *ret_len = 1; + return r; + } + if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ { ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); @@ -212,7 +228,11 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation * (*ret_len will be set to the actual length, i.e. at most * BN_num_bits(scalar) + 1) */ - if (r == NULL) goto err; + if (r == NULL) + { + ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); + goto err; + } if (scalar->d == NULL || scalar->top == 0) { @@ -425,7 +445,10 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); if (!wsize || !wNAF_len || !wNAF || !val_sub) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; + } wNAF[0] = NULL; /* preliminary pivot */ @@ -538,6 +561,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, wNAF[i] = OPENSSL_malloc(wNAF_len[i]); if (wNAF[i] == NULL) { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); OPENSSL_free(tmp_wNAF); goto err; } @@ -564,7 +588,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * 'val_sub[i]' is a pointer to the subarray for the i-th point, * or to a subarray of 'pre_comp->points' if we already have precomputation. */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); - if (val == NULL) goto err; + if (val == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); + goto err; + } val[num_val] = NULL; /* pivot element */ /* allocate points for precomputation */ diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 9d469f1cfab47..6148d553f9d59 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -659,13 +659,15 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ { - const EC_POINT *points[3]; - const BIGNUM *scalars[3]; + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; + BIGNUM scalar3; if (EC_POINT_is_at_infinity(group, Q)) ABORT; points[0] = Q; points[1] = Q; points[2] = Q; + points[3] = Q; if (!BN_add(y, z, BN_value_one())) ABORT; if (BN_is_odd(y)) ABORT; @@ -704,10 +706,16 @@ void prime_field_tests() scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ - if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; + BN_init(&scalar3); + BN_zero(&scalar3); + scalars[3] = &scalar3; + + if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, P)) ABORT; fprintf(stdout, " ok\n\n"); + + BN_free(&scalar3); } diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index 95aa69fea58f9..65d8904ee8a61 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -84,20 +84,30 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_lib.o: ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 01baa5f4942f4..1575006b5161d 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -148,7 +148,7 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) #ifdef NOISY BIO_puts(out,"\n"); #else - BIO_flush(out); + (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(a)) goto err; @@ -173,7 +173,7 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) BIO_puts(out,"\n"); #else BIO_printf(out," ."); - BIO_flush(out); + (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(b)) goto err; @@ -199,7 +199,7 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) BIO_puts(out,"\n"); #else BIO_printf(out,"."); - BIO_flush(out); + (void)BIO_flush(out); #endif alen=KDF1_SHA1_len; @@ -216,7 +216,7 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) BIO_puts(out,"\n"); #else BIO_printf(out,"."); - BIO_flush(out); + (void)BIO_flush(out); #endif blen=KDF1_SHA1_len; @@ -233,7 +233,7 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) BIO_puts(out,"\n"); #else BIO_printf(out,"."); - BIO_flush(out); + (void)BIO_flush(out); #endif if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 16a93cd3ae836..9b48d5641f099 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -92,14 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecs_lib.o: ecs_lib.c ecs_locl.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -110,16 +114,26 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 59be39bb41c08..b07e31252b9b3 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -203,13 +203,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* create the signature */ signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* compare the created signature with the expected signature */ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) goto x962_int_err; @@ -219,12 +219,12 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify the signature */ if (ECDSA_do_verify(digest, 20, signature, key) != 1) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); BIO_printf(out, " ok\n"); ret = 1; @@ -369,7 +369,7 @@ int test_builtin(BIO *out) } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { @@ -377,7 +377,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); if ((signature = OPENSSL_malloc(sig_len)) == NULL) @@ -388,7 +388,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { @@ -396,7 +396,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) @@ -405,7 +405,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) @@ -414,7 +414,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* modify a single byte of the signature */ offset = signature[10] % sig_len; dirt = signature[11]; @@ -425,7 +425,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 32d66a97741d4..3ead1af94e735 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -251,8 +251,16 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (dgst_len > BN_num_bytes(order)) + if (8 * dgst_len > BN_num_bits(order)) { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; @@ -376,6 +384,21 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } + if (8 * dgst_len > BN_num_bits(order)) + { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, + ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ret = 0; + goto err; + } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 13f211a0aef83..47cc619b8ab87 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -82,88 +82,142 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -eng_all.o: ../../e_os.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../cryptlib.h eng_all.c eng_int.h -eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h -eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_all.o: ../../e_os.h ../../include/openssl/asn1.h +eng_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h +eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h -eng_cryptodev.o: ../../include/openssl/ossl_typ.h -eng_cryptodev.o: ../../include/openssl/safestack.h +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_cryptodev.o: eng_cryptodev.c -eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h -eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h -eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h -eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h +eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h +eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h -eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_err.o: eng_err.c -eng_fat.o: ../../e_os.h ../../include/openssl/bio.h -eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h +eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h -eng_init.o: ../../e_os.h ../../include/openssl/bio.h -eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_init.o: ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_init.o: ../../e_os.h ../../include/openssl/asn1.h +eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h -eng_lib.o: ../../e_os.h ../../include/openssl/bio.h -eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c -eng_list.o: ../../e_os.h ../../include/openssl/bio.h -eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_list.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h +eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h +eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c +eng_list.o: ../../e_os.h ../../include/openssl/asn1.h +eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -183,106 +237,166 @@ eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_padlock.o: ../../include/openssl/opensslconf.h eng_padlock.o: ../../include/openssl/opensslv.h -eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c -eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h -eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_pkey.o: ../../include/openssl/opensslconf.h +eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c +eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c eng_table.o: ../../e_os.h ../../include/openssl/asn1.h eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_table.o: eng_table.c -tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h +tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_cipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_cipher.o: tb_cipher.c -tb_dh.o: ../../e_os.h ../../include/openssl/bio.h +tb_dh.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c -tb_digest.o: ../../e_os.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h +tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_digest.o: tb_digest.c -tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_dsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c -tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h -tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c -tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h -tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h +tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h +tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c -tb_rand.o: ../../e_os.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c -tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h +tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c +tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c -tb_store.o: ../../e_os.h ../../include/openssl/bio.h -tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_store.o: ../../include/openssl/opensslconf.h +tb_store.o: ../../e_os.h ../../include/openssl/asn1.h +tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c +tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_store.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_store.c diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 8599046717a5d..d29cd57dc2f1a 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -107,6 +107,9 @@ void ENGINE_load_builtin_engines(void) #if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) + ENGINE_load_capi(); +#endif #endif } diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index a97e01e619ff0..8417ddaaef8b0 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -98,6 +98,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; + int soft = 0; + name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "Configuring engine %s\n", name); @@ -125,6 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; + else if (!strcmp(ctrlname, "soft_load")) + soft = 1; /* Load a dynamic ENGINE */ else if (!strcmp(ctrlname, "dynamic_path")) { @@ -147,6 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) if (!e) { e = ENGINE_by_id(name); + if (!e && soft) + { + ERR_clear_error(); + return 1; + } if (!e) return 0; } diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index 369f2e22d3bc4..574ffbb5c012e 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, +{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"}, {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index a5b1edebf4b9b..a66f107a44d08 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -170,6 +170,8 @@ struct engine_st ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_pubkey; + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; + const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c index e1d66eac58adc..1ba9d85db4575 100644 --- a/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c @@ -126,6 +126,9 @@ void ENGINE_load_padlock (void) #ifdef _MSC_VER # include # define alloca _alloca +#elif defined(NETWARE_CLIB) && defined(__GNUC__) + void *alloca(size_t); +# define alloca(s) __builtin_alloca(s) #else # include #endif @@ -436,7 +439,7 @@ static inline void *name(size_t cnt, \ rep_xcrypt "\n" \ " popl %%ebx" \ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ - : "0"(cdata), "1"(cnt), "2"(out), "3"(inp), "m"(*cdata) \ + : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ : "edx", "cc", "memory"); \ return iv; \ } diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index bc8b21abec5a6..1dfa2e366451e 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) return 1; } +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f) + { + e->load_ssl_client_cert = loadssl_f; + return 1; + } + ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) { return e->load_privkey; @@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) return e->load_pubkey; } +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e) + { + return e->load_ssl_client_cert; + } + /* API functions to load public/private keys */ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, @@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, } return pkey; } + +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) + { + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_ssl_client_cert) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, + ui_method, callback_data); + } diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index a83c3899ee111..8879a267d1432 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -135,7 +135,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, { fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); if(!fnd) goto end; - fnd->uptodate = 0; + fnd->uptodate = 1; fnd->nid = *nids; fnd->sk = sk_ENGINE_new_null(); if(!fnd->sk) @@ -147,12 +147,12 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, lh_insert(&(*table)->piles, fnd); } /* A registration shouldn't add duplciate entries */ - sk_ENGINE_delete_ptr(fnd->sk, e); + (void)sk_ENGINE_delete_ptr(fnd->sk, e); /* if 'setdefault', this ENGINE goes to the head of the list */ if(!sk_ENGINE_push(fnd->sk, e)) goto end; /* "touch" this ENGINE_PILE */ - fnd->uptodate = 1; + fnd->uptodate = 0; if(setdefault) { if(!engine_unlocked_init(e)) @@ -164,6 +164,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if(fnd->funct) engine_unlocked_finish(fnd->funct, 0); fnd->funct = e; + fnd->uptodate = 1; } nids++; } @@ -178,9 +179,8 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) /* Iterate the 'c->sk' stack removing any occurance of 'e' */ while((n = sk_ENGINE_find(pile->sk, e)) >= 0) { - sk_ENGINE_delete(pile->sk, n); - /* "touch" this ENGINE_CIPHER */ - pile->uptodate = 1; + (void)sk_ENGINE_delete(pile->sk, n); + pile->uptodate = 0; } if(pile->funct == e) { diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 3ec59338ffd1b..f503595eceb72 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -93,6 +93,8 @@ #include #endif +#include + #include #include @@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void) /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, UI_METHOD *ui_method, void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); /* These callback types are for an ENGINE's handler for cipher and digest logic. * These handlers have these prototypes; * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -334,6 +339,9 @@ void ENGINE_load_ubsec(void); void ENGINE_load_cryptodev(void); void ENGINE_load_padlock(void); void ENGINE_load_builtin_engines(void); +#ifndef OPENSSL_NO_CAPIENG +void ENGINE_load_capi(void); +#endif /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -459,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); @@ -494,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); @@ -529,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); /* This returns a pointer for the current ENGINE structure that * is (by default) performing any RSA operations. The value returned @@ -723,6 +738,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 diff --git a/crypto/err/err.c b/crypto/err/err.c index 96bd255e50e89..7952e70ab0eda 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -149,6 +149,8 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, +{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, +{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, {0,NULL}, }; diff --git a/crypto/err/err.h b/crypto/err/err.h index b723cd977a44f..8d9f0da172e51 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -140,6 +140,8 @@ typedef struct err_state_st #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 #define ERR_LIB_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 #define ERR_LIB_USER 128 @@ -171,6 +173,8 @@ typedef struct err_state_st #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index c33d24bb68c61..5813060ce2407 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -94,6 +94,9 @@ #include #include #include +#ifndef OPENSSL_NO_CMS +#include +#endif void ERR_load_crypto_strings(void) { @@ -138,5 +141,8 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifndef OPENSSL_NO_CMS + ERR_load_CMS_strings(); +#endif #endif } diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 64200fcebaa35..1938f081ac549 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -31,10 +31,12 @@ L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c L STORE crypto/store/store.h crypto/store/str_err.c +L CMS crypto/cms/cms.h crypto/cms/cms_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE +L NONE crypto/cms/cms_lcl.h NONE F RSAREF_F_RSA_BN2BIN diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index a4f9ae216740d..9de56dc03d77d 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -20,7 +20,7 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ - e_rc4.c e_aes.c names.c \ + e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ @@ -32,7 +32,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ - e_rc4.o e_aes.o names.o \ + e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ @@ -135,13 +135,17 @@ bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h +c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -170,13 +174,17 @@ c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h c_alld.o: ../cryptlib.h c_alld.c digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c +digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h +digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +digest.o: ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -271,6 +279,14 @@ e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c +e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h +e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_seed.o: ../../include/openssl/symhacks.h e_seed.c e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h @@ -304,13 +320,17 @@ evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h -evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 9ba4d0c6e0a4d..7054d8125dca5 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -107,6 +107,15 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_idea_cbc,"idea"); #endif +#ifndef OPENSSL_NO_SEED + EVP_add_cipher(EVP_seed_ecb()); + EVP_add_cipher(EVP_seed_cfb()); + EVP_add_cipher(EVP_seed_ofb()); + EVP_add_cipher(EVP_seed_cbc()); + EVP_add_cipher_alias(SN_seed_cbc,"SEED"); + EVP_add_cipher_alias(SN_seed_cbc,"seed"); +#endif + #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_ecb()); EVP_add_cipher(EVP_rc2_cfb()); diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c new file mode 100644 index 0000000000000..8c1ec0d43a60d --- /dev/null +++ b/crypto/evp/e_seed.c @@ -0,0 +1,83 @@ +/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_SEED +#include +#include "evp_locl.h" + +static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); + +typedef struct + { + SEED_KEY_SCHEDULE ks; + } EVP_SEED_KEY; + +IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, + 16, 16, 16, 128, + 0, seed_init_key, 0, 0, 0, 0) + +static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + SEED_set_key(key, ctx->cipher_data); + return 1; + } + +#endif diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 636f426c69967..09e621bebeb83 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -303,6 +303,8 @@ struct env_md_ctx_st * cleaned */ #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ struct evp_cipher_st { @@ -766,6 +768,14 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void); const EVP_CIPHER *EVP_camellia_256_ofb(void); #endif +#ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +#endif + void OPENSSL_add_all_algorithms_noconf(void); void OPENSSL_add_all_algorithms_conf(void); @@ -963,6 +973,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_UNSUPPORTED_SALT_TYPE 126 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 +#define EVP_R_SEED_KEY_SETUP_FAILED 162 #ifdef __cplusplus } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index a1904993bf768..6e582c458de55 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -279,7 +279,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; - OPENSSL_assert(inl > 0); + if (inl <= 0) + { + *outl = 0; + return inl == 0; + } + if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -381,10 +386,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int fix_len; unsigned int b; - if (inl == 0) + if (inl <= 0) { - *outl=0; - return 1; + *outl = 0; + return inl == 0; } if (ctx->flags & EVP_CIPH_NO_PADDING) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 20139d20e41a0..073b0adcffea4 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 6ecbecce7594c..bb6f02c2e9f9a 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -423,6 +423,13 @@ int main(int argc,char **argv) fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); continue; } +#endif +#ifdef OPENSSL_NO_SEED + if (strstr(cipher, "SEED") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } #endif fprintf(stderr,"Can't find %s\n",cipher); EXIT(3); diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 193009f781d83..beb12144b6aea 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -310,3 +310,12 @@ CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 +# SEED test vectors from RFC4269 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 8914218fe8f9c..3b11e7a55613c 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -354,7 +354,7 @@ static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, } } toret = item->meth_num++; - sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); + (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); err: CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index c45e001492759..1d140f7adb489 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -171,3 +171,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, return(md); } +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } + diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 719fc408ace4a..fc38ffb52b3bd 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -100,6 +100,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); #ifdef __cplusplus } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 0e625a8e55c01..61bcd9786f867 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -1,6 +1,6 @@ /* crypto/md32_common.h */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,10 +47,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ /* @@ -76,40 +72,27 @@ * typedef struct { * ... * HASH_LONG Nl,Nh; + * either { * HASH_LONG data[HASH_LBLOCK]; + * unsigned char data[HASH_CBLOCK]; + * }; * unsigned int num; * ... * } HASH_CTX; + * data[] vector is expected to be zeroed upon first call to + * HASH_UPDATE. * HASH_UPDATE * name of "Update" function, implemented here. * HASH_TRANSFORM * name of "Transform" function, implemented here. * HASH_FINAL * name of "Final" function, implemented here. - * HASH_BLOCK_HOST_ORDER - * name of "block" function treating *aligned* input message - * in host byte order, implemented externally. * HASH_BLOCK_DATA_ORDER - * name of "block" function treating *unaligned* input message - * in original (data) byte order, implemented externally (it - * actually is optional if data and host are of the same - * "endianess"). + * name of "block" function capable of treating *unaligned* input + * message in original (data) byte order, implemented externally. * HASH_MAKE_STRING * macro convering context variables to an ASCII hash string. * - * Optional macros: - * - * B_ENDIAN or L_ENDIAN - * defines host byte-order. - * HASH_LONG_LOG2 - * defaults to 2 if not states otherwise. - * HASH_LBLOCK - * assumed to be HASH_CBLOCK/4 if not stated otherwise. - * HASH_BLOCK_DATA_ORDER_ALIGNED - * alternative "block" function capable of treating - * aligned input message in original (data) order, - * implemented externally. - * * MD5 example: * * #define DATA_ORDER_IS_LITTLE_ENDIAN @@ -118,11 +101,9 @@ * #define HASH_LONG_LOG2 MD5_LONG_LOG2 * #define HASH_CTX MD5_CTX * #define HASH_CBLOCK MD5_CBLOCK - * #define HASH_LBLOCK MD5_LBLOCK * #define HASH_UPDATE MD5_Update * #define HASH_TRANSFORM MD5_Transform * #define HASH_FINAL MD5_Final - * #define HASH_BLOCK_HOST_ORDER md5_block_host_order * #define HASH_BLOCK_DATA_ORDER md5_block_data_order * * @@ -152,27 +133,9 @@ #error "HASH_FINAL must be defined!" #endif -#ifndef HASH_BLOCK_HOST_ORDER -#error "HASH_BLOCK_HOST_ORDER must be defined!" -#endif - -#if 0 -/* - * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED - * isn't defined. - */ #ifndef HASH_BLOCK_DATA_ORDER #error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -#endif - -#ifndef HASH_LBLOCK -#define HASH_LBLOCK (HASH_CBLOCK/4) -#endif - -#ifndef HASH_LONG_LOG2 -#define HASH_LONG_LOG2 2 -#endif /* * Engage compiler specific rotate intrinsic function if available. @@ -206,7 +169,8 @@ : "cc"); \ ret; \ }) -# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ( \ "rlwinm %0,%1,%2,0,31" \ @@ -214,80 +178,28 @@ : "r"(a), "I"(n)); \ ret; \ }) +# elif defined(__s390x__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ("rll %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a), "I"(n)); \ + ret; \ + }) # endif # endif #endif /* PEDANTIC */ -#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ -/* A nice byte order reversal from Wei Dai */ -#ifdef ROTATE -/* 5 instructions with rotate instruction, else 9 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ - ) -#else -/* 6 instructions with rotate instruction, else 8 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ - ROTATE(l,16) \ - ) -/* - * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... - * It's rewritten as above for two reasons: - * - RISCs aren't good at long constants and have to explicitely - * compose 'em with several (well, usually 2) instructions in a - * register before performing the actual operation and (as you - * already realized:-) having same constant should inspire the - * compiler to permanently allocate the only register for it; - * - most modern CPUs have two ALUs, but usually only one has - * circuitry for shifts:-( this minor tweak inspires compiler - * to schedule shift instructions in a better way... - * - * - */ -#endif -#endif - #ifndef ROTATE #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #endif -/* - * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED - * and HASH_BLOCK_HOST_ORDER ought to be the same if input data - * and host are of the same "endianess". It's possible to mask - * this with blank #define HASH_BLOCK_DATA_ORDER though... - * - * - */ -#if defined(B_ENDIAN) -# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# endif -#elif defined(L_ENDIAN) -# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# endif -#endif - -#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) -#ifndef HASH_BLOCK_DATA_ORDER -#error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif -#endif - #if defined(DATA_ORDER_IS_BIG_ENDIAN) #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ (defined(__x86_64) || defined(__x86_64__)) +# if !defined(B_ENDIAN) /* * This gives ~30-40% performance improvement in SHA-256 compiled * with gcc [on P4]. Well, first macro to be frank. We can pull @@ -300,9 +212,14 @@ # define HOST_l2c(l,c) ({ unsigned int r=(l); \ asm ("bswapl %0":"=r"(r):"0"(r)); \ *((unsigned int *)(c))=r; (c)+=4; r; }) +# endif # endif # endif #endif +#if defined(__s390__) || defined(__s390x__) +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +#endif #ifndef HOST_c2l #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ @@ -311,29 +228,6 @@ l|=(((unsigned long)(*((c)++))) ), \ l) #endif -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - case 3: l|=((unsigned long)(*((c)++))); \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<< 8; \ - case 2: l|=((unsigned long)(*(--(c))))<<16; \ - case 1: l|=((unsigned long)(*(--(c))))<<24; \ - } } #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ @@ -344,6 +238,18 @@ #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__s390x__) +# define HOST_c2l(c,l) ({ asm ("lrv %0,0(%1)" \ + :"=r"(l) : "r"(c)); \ + (c)+=4; (l); }) +# define HOST_l2c(l,c) ({ asm ("strv %0,0(%1)" \ + : : "r"(l),"r"(c) : "memory"); \ + (c)+=4; (l); }) +# endif +# endif +#endif #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # ifndef B_ENDIAN /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ @@ -359,29 +265,6 @@ l|=(((unsigned long)(*((c)++)))<<24), \ l) #endif -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++))); \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - case 3: l|=((unsigned long)(*((c)++)))<<24; \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++))); \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<<16; \ - case 2: l|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l|=((unsigned long)(*(--(c)))); \ - } } #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ @@ -399,9 +282,9 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) { const unsigned char *data=data_; - register HASH_LONG * p; - register HASH_LONG l; - size_t sw,sc,ew,ec; + unsigned char *p; + HASH_LONG l; + size_t n; if (len==0) return 1; @@ -413,101 +296,43 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ c->Nl=l; - if (c->num != 0) + n = c->num; + if (n != 0) { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; + p=(unsigned char *)c->data; - if ((c->num+len) >= HASH_CBLOCK) + if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK) { - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; swnum); - c->num=0; - /* drop through and do the rest */ + memcpy (p+n,data,HASH_CBLOCK-n); + HASH_BLOCK_DATA_ORDER (c,p,1); + n = HASH_CBLOCK-n; + data += n; + len -= n; + c->num = 0; + memset (p,0,HASH_CBLOCK); /* keep it zeroed */ } else { - c->num+=(unsigned int)len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - if (sc) - l=p[sw]; - HOST_p_c2l(data,l,sc); - p[sw++]=l; - for (; sw < ew; sw++) - { - HOST_c2l(data,l); p[sw]=l; - } - if (ec) - { - HOST_c2l_p(data,l,ec); p[sw]=l; - } - } + memcpy (p+n,data,len); + c->num += (unsigned int)len; return 1; } } - sw=len/HASH_CBLOCK; - if (sw > 0) + n = len/HASH_CBLOCK; + if (n > 0) { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - /* - * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined - * only if sizeof(HASH_LONG)==4. - */ - if ((((size_t)data)%4) == 0) - { - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } - else -#if !defined(HASH_BLOCK_DATA_ORDER) - while (sw--) - { - memcpy (p=c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); - data+=HASH_CBLOCK; - len-=HASH_CBLOCK; - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - { - HASH_BLOCK_DATA_ORDER(c,data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } -#endif + HASH_BLOCK_DATA_ORDER (c,data,n); + n *= HASH_CBLOCK; + data += n; + len -= n; } - if (len!=0) + if (len != 0) { - p = c->data; + p = (unsigned char *)c->data; c->num = len; - ew=len>>2; /* words to copy */ - ec=len&0x03; - for (; ew; ew--,p++) - { - HOST_c2l(data,l); *p=l; - } - HOST_c2l_p(data,l,ec); - *p=l; + memcpy (p,data,len); } return 1; } @@ -515,73 +340,38 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - if ((((size_t)data)%4) == 0) - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); - else -#if !defined(HASH_BLOCK_DATA_ORDER) - { - memcpy (c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) HASH_BLOCK_DATA_ORDER (c,data,1); -#endif } int HASH_FINAL (unsigned char *md, HASH_CTX *c) { - register HASH_LONG *p; - register unsigned long l; - register int i,j; - static const unsigned char end[4]={0x80,0x00,0x00,0x00}; - const unsigned char *cp=end; - - /* c->num should definitly have room for at least one more byte. */ - p=c->data; - i=c->num>>2; - j=c->num&0x03; - -#if 0 - /* purify often complains about the following line as an - * Uninitialized Memory Read. While this can be true, the - * following p_c2l macro will reset l when that case is true. - * This is because j&0x03 contains the number of 'valid' bytes - * already in p[i]. If and only if j&0x03 == 0, the UMR will - * occur but this is also the only time p_c2l will do - * l= *(cp++) instead of l|= *(cp++) - * Many thanks to Alex Tang for pickup this - * 'potential bug' */ -#ifdef PURIFY - if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ -#endif - l=p[i]; -#else - l = (j==0) ? 0 : p[i]; -#endif - HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ + unsigned char *p = (unsigned char *)c->data; + size_t n = c->num; - if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ + p[n] = 0x80; /* there is always room for one */ + n++; + + if (n > (HASH_CBLOCK-8)) { - if (iNh; - p[HASH_LBLOCK-1]=c->Nl; + (void)HOST_l2c(c->Nh,p); + (void)HOST_l2c(c->Nl,p); #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - p[HASH_LBLOCK-2]=c->Nl; - p[HASH_LBLOCK-1]=c->Nh; + (void)HOST_l2c(c->Nl,p); + (void)HOST_l2c(c->Nh,p); #endif - HASH_BLOCK_HOST_ORDER (c,p,1); + p -= HASH_CBLOCK; + HASH_BLOCK_DATA_ORDER (c,p,1); + c->num=0; + memset (p,0,HASH_CBLOCK); #ifndef HASH_MAKE_STRING #error "HASH_MAKE_STRING must be defined!" @@ -589,11 +379,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) HASH_MAKE_STRING(c,md); #endif - c->num=0; - /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack - * but I'm not worried :-) - OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); - */ return 1; } diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index 86b79b8e4d452..cfef94af39a0b 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -82,79 +82,6 @@ int MD4_Init(MD4_CTX *c) return 1; } -#ifndef md4_block_host_order -void md4_block_host_order (MD4_CTX *c, const void *data, size_t num) - { - const MD4_LONG *X=data; - register unsigned MD32_REG_T A,B,C,D; - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 3,0); - R0(D,A,B,C,X[ 1], 7,0); - R0(C,D,A,B,X[ 2],11,0); - R0(B,C,D,A,X[ 3],19,0); - R0(A,B,C,D,X[ 4], 3,0); - R0(D,A,B,C,X[ 5], 7,0); - R0(C,D,A,B,X[ 6],11,0); - R0(B,C,D,A,X[ 7],19,0); - R0(A,B,C,D,X[ 8], 3,0); - R0(D,A,B,C,X[ 9], 7,0); - R0(C,D,A,B,X[10],11,0); - R0(B,C,D,A,X[11],19,0); - R0(A,B,C,D,X[12], 3,0); - R0(D,A,B,C,X[13], 7,0); - R0(C,D,A,B,X[14],11,0); - R0(B,C,D,A,X[15],19,0); - /* Round 1 */ - R1(A,B,C,D,X[ 0], 3,0x5A827999L); - R1(D,A,B,C,X[ 4], 5,0x5A827999L); - R1(C,D,A,B,X[ 8], 9,0x5A827999L); - R1(B,C,D,A,X[12],13,0x5A827999L); - R1(A,B,C,D,X[ 1], 3,0x5A827999L); - R1(D,A,B,C,X[ 5], 5,0x5A827999L); - R1(C,D,A,B,X[ 9], 9,0x5A827999L); - R1(B,C,D,A,X[13],13,0x5A827999L); - R1(A,B,C,D,X[ 2], 3,0x5A827999L); - R1(D,A,B,C,X[ 6], 5,0x5A827999L); - R1(C,D,A,B,X[10], 9,0x5A827999L); - R1(B,C,D,A,X[14],13,0x5A827999L); - R1(A,B,C,D,X[ 3], 3,0x5A827999L); - R1(D,A,B,C,X[ 7], 5,0x5A827999L); - R1(C,D,A,B,X[11], 9,0x5A827999L); - R1(B,C,D,A,X[15],13,0x5A827999L); - /* Round 2 */ - R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 4],11,0x6ED9EBA1); - R2(B,C,D,A,X[12],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1); - R2(D,A,B,C,X[10], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 6],11,0x6ED9EBA1); - R2(B,C,D,A,X[14],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 5],11,0x6ED9EBA1); - R2(B,C,D,A,X[13],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1); - R2(D,A,B,C,X[11], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 7],11,0x6ED9EBA1); - R2(B,C,D,A,X[15],15,0x6ED9EBA1); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md4_block_data_order #ifdef X #undef X @@ -240,19 +167,3 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h index abc7b9bb84bd6..c8085b0eadf9a 100644 --- a/crypto/md4/md4_locl.h +++ b/crypto/md4/md4_locl.h @@ -65,43 +65,13 @@ #define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif -void md4_block_host_order (MD4_CTX *c, const void *p,size_t num); void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -# define md4_block_data_order md4_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD4_LONG -#define HASH_LONG_LOG2 MD4_LONG_LOG2 #define HASH_CTX MD4_CTX #define HASH_CBLOCK MD4_CBLOCK -#define HASH_LBLOCK MD4_LBLOCK #define HASH_UPDATE MD4_Update #define HASH_TRANSFORM MD4_Transform #define HASH_FINAL MD4_Final @@ -112,21 +82,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md4_block_host_order -#if !defined(L_ENDIAN) || defined(md4_block_data_order) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md4_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 5da53382c9f89..56591728a1c88 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -97,12 +97,12 @@ static char *pt(unsigned char *md); int main(int argc, char *argv[]) { int i,err=0; - unsigned char **P,**R; + char **P,**R; char *p; unsigned char md[MD4_DIGEST_LENGTH]; - P=(unsigned char **)test; - R=(unsigned char **)ret; + P=test; + R=ret; i=1; while (*P != NULL) { diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index 849a0a5bacd5f..ceb00e8956ad7 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -52,24 +52,6 @@ mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) -md5-sparcv8plus.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o md5-sparcv8plus.o asm/md5-sparcv9.S - -# Old GNU assembler doesn't understand V9 instructions, so we -# hire /usr/ccs/bin/as to do the job. Note that option is called -# *-gcc27, but even gcc 2>=8 users may experience similar problem -# if they didn't bother to upgrade GNU assembler. Such users should -# not choose this option, but be adviced to *remove* GNU assembler -# or upgrade it. -md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \ - /usr/ccs/bin/as -xarch=v8plus - -o md5-sparcv8plus-gcc27.o - -md5-sparcv9.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o md5-sparcv9.o asm/md5-sparcv9.S - md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ files: diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index fa3fa3bed59c1..76ac235f7d035 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -29,7 +29,7 @@ $X="esi"; 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 ); -&md5_block("md5_block_asm_host_order"); +&md5_block("md5_block_asm_data_order"); &asm_finish(); sub Np diff --git a/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S deleted file mode 100644 index db45aa4c97740..0000000000000 --- a/crypto/md5/asm/md5-sparcv9.S +++ /dev/null @@ -1,1031 +0,0 @@ -.ident "md5-sparcv9.S, Version 1.0" -.ident "SPARC V9 ISA artwork by Andy Polyakov " -.file "md5-sparcv9.S" - -/* - * ==================================================================== - * Copyright (c) 1999 Andy Polyakov . - * - * Rights for redistribution and usage in source and binary forms are - * granted as long as above copyright notices are retained. Warranty - * of any kind is (of course:-) disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contribution to OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is an - * assembler implementation of MD5 block hash function. I've hand-coded - * this for the sole reason to reach UltraSPARC-specific "load in - * little-endian byte order" instruction. This gives up to 15% - * performance improvement for cases when input message is aligned at - * 32 bits boundary. The module was tested under both 32 *and* 64 bit - * kernels. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * To compile with SC4.x/SC5.x: - * - * cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \ - * -c md5-sparcv9.S - * - * and with gcc: - * - * gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \ - * -c md5-sparcv9.S - * - * or if above fails (it does if you have gas): - * - * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ - * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o - */ - -#include - -#define A %o0 -#define B %o1 -#define C %o2 -#define D %o3 -#define T1 %o4 -#define T2 %o5 - -#define R0 %l0 -#define R1 %l1 -#define R2 %l2 -#define R3 %l3 -#define R4 %l4 -#define R5 %l5 -#define R6 %l6 -#define R7 %l7 -#define R8 %i3 -#define R9 %i4 -#define R10 %i5 -#define R11 %g1 -#define R12 %g2 -#define R13 %g3 -#define RX %g4 - -#define Aptr %i0+0 -#define Bptr %i0+4 -#define Cptr %i0+8 -#define Dptr %i0+12 - -#define Aval R5 /* those not used at the end of the last round */ -#define Bval R6 -#define Cval R7 -#define Dval R8 - -#if defined(MD5_BLOCK_DATA_ORDER) -# if defined(OPENSSL_SYSNAME_ULTRASPARC) -# define LOAD lda -# define X(i) [%i1+i*4]%asi -# define md5_block md5_block_asm_data_order_aligned -# define ASI_PRIMARY_LITTLE 0x88 -# else -# error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!" -# endif -#else -# define LOAD ld -# define X(i) [%i1+i*4] -# define md5_block md5_block_asm_host_order -#endif - -.section ".text",#alloc,#execinstr - -#if defined(__SUNPRO_C) && defined(__sparcv9) - /* They've said -xarch=v9 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -#elif defined(__GNUC__) && defined(__arch64__) - /* They've said -m64 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -#else -# define FRAME -96 -#endif - -.align 32 - -.global md5_block -md5_block: - save %sp,FRAME,%sp - - ld [Dptr],D - ld [Cptr],C - ld [Bptr],B - ld [Aptr],A -#ifdef ASI_PRIMARY_LITTLE - rd %asi,%o7 ! How dare I? Well, I just do:-) - wr %g0,ASI_PRIMARY_LITTLE,%asi -#endif - LOAD X(0),R0 - -.Lmd5_block_loop: - -!!!!!!!!Round 0 - - xor C,D,T1 - sethi %hi(0xd76aa478),T2 - and T1,B,T1 - or T2,%lo(0xd76aa478),T2 != - xor T1,D,T1 - add T1,R0,T1 - LOAD X(1),R1 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0xe8c7b756),T2 - and T1,A,T1 != - or T2,%lo(0xe8c7b756),T2 - xor T1,C,T1 - LOAD X(2),R2 - add T1,R1,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0x242070db),T2 != - and T1,D,T1 - or T2,%lo(0x242070db),T2 - xor T1,B,T1 - add T1,R2,T1 != - LOAD X(3),R3 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0xc1bdceee),T2 - and T1,C,T1 - or T2,%lo(0xc1bdceee),T2 - xor T1,A,T1 != - add T1,R3,T1 - LOAD X(4),R4 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0xf57c0faf),T2 - and T1,B,T1 - or T2,%lo(0xf57c0faf),T2 != - xor T1,D,T1 - add T1,R4,T1 - LOAD X(5),R5 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0x4787c62a),T2 - and T1,A,T1 != - or T2,%lo(0x4787c62a),T2 - xor T1,C,T1 - LOAD X(6),R6 - add T1,R5,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xa8304613),T2 != - and T1,D,T1 - or T2,%lo(0xa8304613),T2 - xor T1,B,T1 - add T1,R6,T1 != - LOAD X(7),R7 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0xfd469501),T2 - and T1,C,T1 - or T2,%lo(0xfd469501),T2 - xor T1,A,T1 != - add T1,R7,T1 - LOAD X(8),R8 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0x698098d8),T2 - and T1,B,T1 - or T2,%lo(0x698098d8),T2 != - xor T1,D,T1 - add T1,R8,T1 - LOAD X(9),R9 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0x8b44f7af),T2 - and T1,A,T1 != - or T2,%lo(0x8b44f7af),T2 - xor T1,C,T1 - LOAD X(10),R10 - add T1,R9,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xffff5bb1),T2 != - and T1,D,T1 - or T2,%lo(0xffff5bb1),T2 - xor T1,B,T1 - add T1,R10,T1 != - LOAD X(11),R11 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0x895cd7be),T2 - and T1,C,T1 - or T2,%lo(0x895cd7be),T2 - xor T1,A,T1 != - add T1,R11,T1 - LOAD X(12),R12 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0x6b901122),T2 - and T1,B,T1 - or T2,%lo(0x6b901122),T2 != - xor T1,D,T1 - add T1,R12,T1 - LOAD X(13),R13 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0xfd987193),T2 - and T1,A,T1 != - or T2,%lo(0xfd987193),T2 - xor T1,C,T1 - LOAD X(14),RX - add T1,R13,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xa679438e),T2 != - and T1,D,T1 - or T2,%lo(0xa679438e),T2 - xor T1,B,T1 - add T1,RX,T1 != - LOAD X(15),RX - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0x49b40821),T2 - and T1,C,T1 - or T2,%lo(0x49b40821),T2 - xor T1,A,T1 != - add T1,RX,T1 - !pre-LOADed X(1),R1 - add T1,T2,T1 - add B,T1,B - sll B,22,T2 != - srl B,32-22,B - or B,T2,B - add B,C,B - -!!!!!!!!Round 1 - - xor B,C,T1 != - sethi %hi(0xf61e2562),T2 - and T1,D,T1 - or T2,%lo(0xf61e2562),T2 - xor T1,C,T1 != - add T1,R1,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add A,T1,A - sll A,5,T2 != - srl A,32-5,A - or A,T2,A - add A,B,A - - xor A,B,T1 != - sethi %hi(0xc040b340),T2 - and T1,C,T1 - or T2,%lo(0xc040b340),T2 - xor T1,B,T1 != - add T1,R6,T1 - !pre-LOADed X(11),R11 - add T1,T2,T1 - add D,T1,D - sll D,9,T2 != - srl D,32-9,D - or D,T2,D - add D,A,D - - xor D,A,T1 != - sethi %hi(0x265e5a51),T2 - and T1,B,T1 - or T2,%lo(0x265e5a51),T2 - xor T1,A,T1 != - add T1,R11,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 - add C,T1,C - sll C,14,T2 != - srl C,32-14,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xe9b6c7aa),T2 - and T1,A,T1 - or T2,%lo(0xe9b6c7aa),T2 - xor T1,D,T1 != - add T1,R0,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 - add B,T1,B - sll B,20,T2 != - srl B,32-20,B - or B,T2,B - add B,C,B - - xor B,C,T1 != - sethi %hi(0xd62f105d),T2 - and T1,D,T1 - or T2,%lo(0xd62f105d),T2 - xor T1,C,T1 != - add T1,R5,T1 - !pre-LOADed X(10),R10 - add T1,T2,T1 - add A,T1,A - sll A,5,T2 != - srl A,32-5,A - or A,T2,A - add A,B,A - - xor A,B,T1 != - sethi %hi(0x02441453),T2 - and T1,C,T1 - or T2,%lo(0x02441453),T2 - xor T1,B,T1 != - add T1,R10,T1 - LOAD X(15),RX - add T1,T2,T1 - add D,T1,D != - sll D,9,T2 - srl D,32-9,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xd8a1e681),T2 - and T1,B,T1 - or T2,%lo(0xd8a1e681),T2 != - xor T1,A,T1 - add T1,RX,T1 - !pre-LOADed X(4),R4 - add T1,T2,T1 - add C,T1,C != - sll C,14,T2 - srl C,32-14,C - or C,T2,C - add C,D,C != - - xor C,D,T1 - sethi %hi(0xe7d3fbc8),T2 - and T1,A,T1 - or T2,%lo(0xe7d3fbc8),T2 != - xor T1,D,T1 - add T1,R4,T1 - !pre-LOADed X(9),R9 - add T1,T2,T1 - add B,T1,B != - sll B,20,T2 - srl B,32-20,B - or B,T2,B - add B,C,B != - - xor B,C,T1 - sethi %hi(0x21e1cde6),T2 - and T1,D,T1 - or T2,%lo(0x21e1cde6),T2 != - xor T1,C,T1 - add T1,R9,T1 - LOAD X(14),RX - add T1,T2,T1 != - add A,T1,A - sll A,5,T2 - srl A,32-5,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xc33707d6),T2 - and T1,C,T1 != - or T2,%lo(0xc33707d6),T2 - xor T1,B,T1 - add T1,RX,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 != - add D,T1,D - sll D,9,T2 - srl D,32-9,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0xf4d50d87),T2 - and T1,B,T1 != - or T2,%lo(0xf4d50d87),T2 - xor T1,A,T1 - add T1,R3,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 != - add C,T1,C - sll C,14,T2 - srl C,32-14,C - or C,T2,C != - add C,D,C - - xor C,D,T1 - sethi %hi(0x455a14ed),T2 - and T1,A,T1 != - or T2,%lo(0x455a14ed),T2 - xor T1,D,T1 - add T1,R8,T1 - !pre-LOADed X(13),R13 - add T1,T2,T1 != - add B,T1,B - sll B,20,T2 - srl B,32-20,B - or B,T2,B != - add B,C,B - - xor B,C,T1 - sethi %hi(0xa9e3e905),T2 - and T1,D,T1 != - or T2,%lo(0xa9e3e905),T2 - xor T1,C,T1 - add T1,R13,T1 - !pre-LOADed X(2),R2 - add T1,T2,T1 != - add A,T1,A - sll A,5,T2 - srl A,32-5,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xfcefa3f8),T2 - and T1,C,T1 != - or T2,%lo(0xfcefa3f8),T2 - xor T1,B,T1 - add T1,R2,T1 - !pre-LOADed X(7),R7 - add T1,T2,T1 != - add D,T1,D - sll D,9,T2 - srl D,32-9,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0x676f02d9),T2 - and T1,B,T1 != - or T2,%lo(0x676f02d9),T2 - xor T1,A,T1 - add T1,R7,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 != - add C,T1,C - sll C,14,T2 - srl C,32-14,C - or C,T2,C != - add C,D,C - - xor C,D,T1 - sethi %hi(0x8d2a4c8a),T2 - and T1,A,T1 != - or T2,%lo(0x8d2a4c8a),T2 - xor T1,D,T1 - add T1,R12,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 != - add B,T1,B - sll B,20,T2 - srl B,32-20,B - or B,T2,B != - add B,C,B - -!!!!!!!!Round 2 - - xor B,C,T1 - sethi %hi(0xfffa3942),T2 - xor T1,D,T1 != - or T2,%lo(0xfffa3942),T2 - add T1,R5,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 - add A,T1,A != - sll A,4,T2 - srl A,32-4,A - or A,T2,A - add A,B,A != - - xor A,B,T1 - sethi %hi(0x8771f681),T2 - xor T1,C,T1 - or T2,%lo(0x8771f681),T2 != - add T1,R8,T1 - !pre-LOADed X(11),R11 - add T1,T2,T1 - add D,T1,D - sll D,11,T2 != - srl D,32-11,D - or D,T2,D - add D,A,D - - xor D,A,T1 != - sethi %hi(0x6d9d6122),T2 - xor T1,B,T1 - or T2,%lo(0x6d9d6122),T2 - add T1,R11,T1 != - LOAD X(14),RX - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xfde5380c),T2 - xor T1,A,T1 - or T2,%lo(0xfde5380c),T2 - add T1,RX,T1 != - !pre-LOADed X(1),R1 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0xa4beea44),T2 != - xor T1,D,T1 - or T2,%lo(0xa4beea44),T2 - add T1,R1,T1 - !pre-LOADed X(4),R4 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0x4bdecfa9),T2 - xor T1,C,T1 != - or T2,%lo(0x4bdecfa9),T2 - add T1,R4,T1 - !pre-LOADed X(7),R7 - add T1,T2,T1 - add D,T1,D != - sll D,11,T2 - srl D,32-11,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xf6bb4b60),T2 - xor T1,B,T1 - or T2,%lo(0xf6bb4b60),T2 != - add T1,R7,T1 - !pre-LOADed X(10),R10 - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xbebfbc70),T2 - xor T1,A,T1 - or T2,%lo(0xbebfbc70),T2 - add T1,R10,T1 != - !pre-LOADed X(13),R13 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0x289b7ec6),T2 != - xor T1,D,T1 - or T2,%lo(0x289b7ec6),T2 - add T1,R13,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xeaa127fa),T2 - xor T1,C,T1 != - or T2,%lo(0xeaa127fa),T2 - add T1,R0,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 - add D,T1,D != - sll D,11,T2 - srl D,32-11,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xd4ef3085),T2 - xor T1,B,T1 - or T2,%lo(0xd4ef3085),T2 != - add T1,R3,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0x04881d05),T2 - xor T1,A,T1 - or T2,%lo(0x04881d05),T2 - add T1,R6,T1 != - !pre-LOADed X(9),R9 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0xd9d4d039),T2 != - xor T1,D,T1 - or T2,%lo(0xd9d4d039),T2 - add T1,R9,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xe6db99e5),T2 - xor T1,C,T1 != - or T2,%lo(0xe6db99e5),T2 - add T1,R12,T1 - LOAD X(15),RX - add T1,T2,T1 != - add D,T1,D - sll D,11,T2 - srl D,32-11,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0x1fa27cf8),T2 - xor T1,B,T1 != - or T2,%lo(0x1fa27cf8),T2 - add T1,RX,T1 - !pre-LOADed X(2),R2 - add T1,T2,T1 - add C,T1,C != - sll C,16,T2 - srl C,32-16,C - or C,T2,C - add C,D,C != - - xor C,D,T1 - sethi %hi(0xc4ac5665),T2 - xor T1,A,T1 - or T2,%lo(0xc4ac5665),T2 != - add T1,R2,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 != - srl B,32-23,B - or B,T2,B - add B,C,B - -!!!!!!!!Round 3 - - orn B,D,T1 != - sethi %hi(0xf4292244),T2 - xor T1,C,T1 - or T2,%lo(0xf4292244),T2 - add T1,R0,T1 != - !pre-LOADed X(7),R7 - add T1,T2,T1 - add A,T1,A - sll A,6,T2 - srl A,32-6,A != - or A,T2,A - add A,B,A - - orn A,C,T1 - sethi %hi(0x432aff97),T2 != - xor T1,B,T1 - or T2,%lo(0x432aff97),T2 - LOAD X(14),RX - add T1,R7,T1 != - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0xab9423a7),T2 != - xor T1,A,T1 - or T2,%lo(0xab9423a7),T2 - add T1,RX,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 != - add C,T1,C - sll C,15,T2 - srl C,32-15,C - or C,T2,C != - add C,D,C - - orn C,A,T1 - sethi %hi(0xfc93a039),T2 - xor T1,D,T1 != - or T2,%lo(0xfc93a039),T2 - add T1,R5,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 - add B,T1,B != - sll B,21,T2 - srl B,32-21,B - or B,T2,B - add B,C,B != - - orn B,D,T1 - sethi %hi(0x655b59c3),T2 - xor T1,C,T1 - or T2,%lo(0x655b59c3),T2 != - add T1,R12,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 - add A,T1,A - sll A,6,T2 != - srl A,32-6,A - or A,T2,A - add A,B,A - - orn A,C,T1 != - sethi %hi(0x8f0ccc92),T2 - xor T1,B,T1 - or T2,%lo(0x8f0ccc92),T2 - add T1,R3,T1 != - !pre-LOADed X(10),R10 - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0xffeff47d),T2 != - xor T1,A,T1 - or T2,%lo(0xffeff47d),T2 - add T1,R10,T1 - !pre-LOADed X(1),R1 - add T1,T2,T1 != - add C,T1,C - sll C,15,T2 - srl C,32-15,C - or C,T2,C != - add C,D,C - - orn C,A,T1 - sethi %hi(0x85845dd1),T2 - xor T1,D,T1 != - or T2,%lo(0x85845dd1),T2 - add T1,R1,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 - add B,T1,B != - sll B,21,T2 - srl B,32-21,B - or B,T2,B - add B,C,B != - - orn B,D,T1 - sethi %hi(0x6fa87e4f),T2 - xor T1,C,T1 - or T2,%lo(0x6fa87e4f),T2 != - add T1,R8,T1 - LOAD X(15),RX - add T1,T2,T1 - add A,T1,A != - sll A,6,T2 - srl A,32-6,A - or A,T2,A - add A,B,A != - - orn A,C,T1 - sethi %hi(0xfe2ce6e0),T2 - xor T1,B,T1 - or T2,%lo(0xfe2ce6e0),T2 != - add T1,RX,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add D,T1,D - sll D,10,T2 != - srl D,32-10,D - or D,T2,D - add D,A,D - - orn D,B,T1 != - sethi %hi(0xa3014314),T2 - xor T1,A,T1 - or T2,%lo(0xa3014314),T2 - add T1,R6,T1 != - !pre-LOADed X(13),R13 - add T1,T2,T1 - add C,T1,C - sll C,15,T2 - srl C,32-15,C != - or C,T2,C - add C,D,C - - orn C,A,T1 - sethi %hi(0x4e0811a1),T2 != - xor T1,D,T1 - or T2,%lo(0x4e0811a1),T2 - !pre-LOADed X(4),R4 - ld [Aptr],Aval - add T1,R13,T1 != - add T1,T2,T1 - add B,T1,B - sll B,21,T2 - srl B,32-21,B != - or B,T2,B - add B,C,B - - orn B,D,T1 - sethi %hi(0xf7537e82),T2 != - xor T1,C,T1 - or T2,%lo(0xf7537e82),T2 - !pre-LOADed X(11),R11 - ld [Dptr],Dval - add T1,R4,T1 != - add T1,T2,T1 - add A,T1,A - sll A,6,T2 - srl A,32-6,A != - or A,T2,A - add A,B,A - - orn A,C,T1 - sethi %hi(0xbd3af235),T2 != - xor T1,B,T1 - or T2,%lo(0xbd3af235),T2 - !pre-LOADed X(2),R2 - ld [Cptr],Cval - add T1,R11,T1 != - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0x2ad7d2bb),T2 != - xor T1,A,T1 - or T2,%lo(0x2ad7d2bb),T2 - !pre-LOADed X(9),R9 - ld [Bptr],Bval - add T1,R2,T1 != - add Aval,A,Aval - add T1,T2,T1 - st Aval,[Aptr] - add C,T1,C != - sll C,15,T2 - add Dval,D,Dval - srl C,32-15,C - or C,T2,C != - st Dval,[Dptr] - add C,D,C - - orn C,A,T1 - sethi %hi(0xeb86d391),T2 != - xor T1,D,T1 - or T2,%lo(0xeb86d391),T2 - add T1,R9,T1 - !pre-LOADed X(0),R0 - mov Aval,A != - add T1,T2,T1 - mov Dval,D - add B,T1,B - sll B,21,T2 != - add Cval,C,Cval - srl B,32-21,B - st Cval,[Cptr] - or B,T2,B != - add B,C,B - - deccc %i2 - mov Cval,C - add B,Bval,B != - inc 64,%i1 - nop - st B,[Bptr] - nop != - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bg,a,pt %icc,.Lmd5_block_loop -#else - bg,a .Lmd5_block_loop -#endif - LOAD X(0),R0 - -#ifdef ASI_PRIMARY_LITTLE - wr %g0,%o7,%asi -#endif - ret - restore %g0,0,%o0 - -.type md5_block,#function -.size md5_block,(.-md5_block) diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl index c36a7febf7f68..9a6fa67224ee2 100755 --- a/crypto/md5/asm/md5-x86_64.pl +++ b/crypto/md5/asm/md5-x86_64.pl @@ -111,9 +111,9 @@ $code .= <A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 7,0xd76aa478L); - R0(D,A,B,C,X[ 1],12,0xe8c7b756L); - R0(C,D,A,B,X[ 2],17,0x242070dbL); - R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); - R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); - R0(D,A,B,C,X[ 5],12,0x4787c62aL); - R0(C,D,A,B,X[ 6],17,0xa8304613L); - R0(B,C,D,A,X[ 7],22,0xfd469501L); - R0(A,B,C,D,X[ 8], 7,0x698098d8L); - R0(D,A,B,C,X[ 9],12,0x8b44f7afL); - R0(C,D,A,B,X[10],17,0xffff5bb1L); - R0(B,C,D,A,X[11],22,0x895cd7beL); - R0(A,B,C,D,X[12], 7,0x6b901122L); - R0(D,A,B,C,X[13],12,0xfd987193L); - R0(C,D,A,B,X[14],17,0xa679438eL); - R0(B,C,D,A,X[15],22,0x49b40821L); - /* Round 1 */ - R1(A,B,C,D,X[ 1], 5,0xf61e2562L); - R1(D,A,B,C,X[ 6], 9,0xc040b340L); - R1(C,D,A,B,X[11],14,0x265e5a51L); - R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); - R1(A,B,C,D,X[ 5], 5,0xd62f105dL); - R1(D,A,B,C,X[10], 9,0x02441453L); - R1(C,D,A,B,X[15],14,0xd8a1e681L); - R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); - R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); - R1(D,A,B,C,X[14], 9,0xc33707d6L); - R1(C,D,A,B,X[ 3],14,0xf4d50d87L); - R1(B,C,D,A,X[ 8],20,0x455a14edL); - R1(A,B,C,D,X[13], 5,0xa9e3e905L); - R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); - R1(C,D,A,B,X[ 7],14,0x676f02d9L); - R1(B,C,D,A,X[12],20,0x8d2a4c8aL); - /* Round 2 */ - R2(A,B,C,D,X[ 5], 4,0xfffa3942L); - R2(D,A,B,C,X[ 8],11,0x8771f681L); - R2(C,D,A,B,X[11],16,0x6d9d6122L); - R2(B,C,D,A,X[14],23,0xfde5380cL); - R2(A,B,C,D,X[ 1], 4,0xa4beea44L); - R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); - R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); - R2(B,C,D,A,X[10],23,0xbebfbc70L); - R2(A,B,C,D,X[13], 4,0x289b7ec6L); - R2(D,A,B,C,X[ 0],11,0xeaa127faL); - R2(C,D,A,B,X[ 3],16,0xd4ef3085L); - R2(B,C,D,A,X[ 6],23,0x04881d05L); - R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); - R2(D,A,B,C,X[12],11,0xe6db99e5L); - R2(C,D,A,B,X[15],16,0x1fa27cf8L); - R2(B,C,D,A,X[ 2],23,0xc4ac5665L); - /* Round 3 */ - R3(A,B,C,D,X[ 0], 6,0xf4292244L); - R3(D,A,B,C,X[ 7],10,0x432aff97L); - R3(C,D,A,B,X[14],15,0xab9423a7L); - R3(B,C,D,A,X[ 5],21,0xfc93a039L); - R3(A,B,C,D,X[12], 6,0x655b59c3L); - R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); - R3(C,D,A,B,X[10],15,0xffeff47dL); - R3(B,C,D,A,X[ 1],21,0x85845dd1L); - R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); - R3(D,A,B,C,X[15],10,0xfe2ce6e0L); - R3(C,D,A,B,X[ 6],15,0xa3014314L); - R3(B,C,D,A,X[13],21,0x4e0811a1L); - R3(A,B,C,D,X[ 4], 6,0xf7537e82L); - R3(D,A,B,C,X[11],10,0xbd3af235L); - R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); - R3(B,C,D,A,X[ 9],21,0xeb86d391L); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md5_block_data_order #ifdef X #undef X @@ -274,19 +184,3 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h index 94f395f27a249..84e81b960de48 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_locl.h @@ -66,53 +66,19 @@ #endif #ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) -# if !defined(B_ENDIAN) -# define md5_block_host_order md5_block_asm_host_order -# endif -# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) - void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,size_t num); -# define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +# define md5_block_data_order md5_block_asm_data_order # endif #endif -void md5_block_host_order (MD5_CTX *c, const void *p,size_t num); void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) -# if !defined(B_ENDIAN) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -# define md5_block_data_order md5_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD5_LONG -#define HASH_LONG_LOG2 MD5_LONG_LOG2 #define HASH_CTX MD5_CTX #define HASH_CBLOCK MD5_CBLOCK -#define HASH_LBLOCK MD5_LBLOCK #define HASH_UPDATE MD5_Update #define HASH_TRANSFORM MD5_Transform #define HASH_FINAL MD5_Final @@ -123,21 +89,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md5_block_host_order -#if !defined(L_ENDIAN) || defined(md5_block_data_order) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md5_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index 0628053fa7ce2..2b37190e32b1c 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -97,12 +97,12 @@ static char *pt(unsigned char *md); int main(int argc, char *argv[]) { int i,err=0; - unsigned char **P,**R; + char **P,**R; char *p; unsigned char md[MD5_DIGEST_LENGTH]; - P=(unsigned char **)test; - R=(unsigned char **)ret; + P=test; + R=ret; i=1; while (*P != NULL) { diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c index 75cbfb374e3bd..add1f780207b7 100644 --- a/crypto/mem_clr.c +++ b/crypto/mem_clr.c @@ -64,12 +64,14 @@ unsigned char cleanse_ctr = 0; void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; - size_t loop = len; + size_t loop = len, ctr = cleanse_ctr; while(loop--) { - *(p++) = cleanse_ctr; - cleanse_ctr += (17 + (unsigned char)((unsigned long)p & 0xF)); + *(p++) = (unsigned char)ctr; + ctr += (17 + ((size_t)p & 0xF)); } - if(memchr(ptr, cleanse_ctr, len)) - cleanse_ctr += 63; + p=memchr(ptr, (unsigned char)ctr, len); + if(p) + ctr += (63 + (size_t)p); + cleanse_ctr = (unsigned char)ctr; } diff --git a/crypto/o_str.c b/crypto/o_str.c index 2db099333a7fd..59cc25094b5a7 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -60,6 +60,10 @@ #include #include "o_str.h" +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32) +# include +#endif + int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) { #if defined(OPENSSL_IMPLEMENTS_strncasecmp) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index 08af092914d91..9c5615099c301 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -92,14 +92,14 @@ o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h o_names.o: o_names.c obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h -obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -obj_dat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -obj_dat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -obj_dat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -obj_dat.o: ../cryptlib.h obj_dat.c obj_dat.h +obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 7a95c7795a936..7fd74332417b9 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -63,6 +63,7 @@ #include #include #include +#include /* obj_dat.h is generated from objects.h by obj_dat.pl */ #ifndef OPENSSL_NO_OBJECT diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index a116bb7f28ab4..0ccc7c62be7af 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 772 -#define NUM_SN 768 -#define NUM_LN 768 -#define NUM_OBJ 724 +#define NUM_NID 857 +#define NUM_SN 850 +#define NUM_LN 850 +#define NUM_OBJ 804 -static unsigned char lvalues[5116]={ +static unsigned char lvalues[5711]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -166,632 +166,712 @@ static unsigned char lvalues[5116]={ 0x2B,0x24,0x03,0x03,0x01,0x02, /* [603] OBJ_ripemd160WithRSA */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [609] OBJ_rc5_cbc */ 0x29,0x01,0x01,0x85,0x1A,0x01, /* [617] OBJ_rle_compression */ -0x29,0x01,0x01,0x85,0x1A,0x02, /* [623] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [629] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [632] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [638] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [645] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [653] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [661] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [669] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [677] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [744] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [747] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [750] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [753] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [950] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [958] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [966] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */ -0x55,0x04,0x29, /* [1029] OBJ_name */ -0x55,0x04,0x2E, /* [1032] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1035] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1042] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1049] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1057] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1065] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1073] OBJ_OCSP_sign */ -0x28, /* [1081] OBJ_iso */ -0x2A, /* [1082] OBJ_member_body */ -0x2A,0x86,0x48, /* [1083] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1086] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1091] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1097] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1105] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1863] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1871] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1878] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1885] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1892] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1899] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1906] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1913] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1920] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1927] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1934] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1941] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1948] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1956] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1964] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1972] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1980] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1988] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1996] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2004] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2012] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2020] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2028] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2036] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2044] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2052] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2060] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2068] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2076] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2084] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2164] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2172] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2180] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2188] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2196] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2204] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2212] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2220] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2228] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2236] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2244] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2252] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2260] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2268] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2276] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2284] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2292] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2300] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2308] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2388] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2396] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2412] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2420] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2428] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2436] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2444] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2452] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2460] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2468] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2476] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2484] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2492] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2500] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2508] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2516] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2524] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2532] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2540] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2548] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2556] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2564] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2572] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2580] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2588] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2596] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2604] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2612] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2620] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2628] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2636] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2644] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2652] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2660] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2676] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2684] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2692] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2700] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2708] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2815] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2819] OBJ_rsaSignature */ -0x55,0x08, /* [2824] OBJ_X500algorithms */ -0x2B, /* [2826] OBJ_org */ -0x2B,0x06, /* [2827] OBJ_dod */ -0x2B,0x06,0x01, /* [2829] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2832] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2836] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2840] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2844] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2848] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2852] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2856] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2860] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x00, /* [2894] OBJ_joint_iso_ccitt */ -0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2911] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2919] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2927] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2935] OBJ_role */ -0x55,0x1D,0x24, /* [2938] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2941] OBJ_target_information */ -0x55,0x1D,0x38, /* [2944] OBJ_no_rev_avail */ -0x00, /* [2947] OBJ_ccitt */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2948] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2953] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2960] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2967] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2974] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2982] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2990] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2998] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3006] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3014] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3022] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3030] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3154] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3157] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3164] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3171] OBJ_hold_instruction_reject */ -0x09, /* [3178] OBJ_data */ -0x09,0x92,0x26, /* [3179] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3182] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3189] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3843] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3846] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3851] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3857] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3863] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3870] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3877] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3880] OBJ_pseudonym */ -0x67,0x2A, /* [3883] OBJ_id_set */ -0x67,0x2A,0x00, /* [3885] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3888] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3891] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3894] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3897] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3900] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3903] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3907] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3911] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3915] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3919] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3923] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3927] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3931] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3935] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3939] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3943] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3947] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3951] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3955] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3959] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3963] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3967] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3971] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3975] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3979] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3983] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3987] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [3991] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [3995] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [3999] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [4003] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4007] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4011] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4015] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4019] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4023] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4027] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4031] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4035] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4039] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4043] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4047] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4051] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4055] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4059] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4063] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4067] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4071] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4075] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4079] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4083] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4087] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4091] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4095] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4099] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4103] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4107] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4111] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4115] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4119] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4123] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4127] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4131] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4135] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4139] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4143] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4147] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4151] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4155] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4159] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4163] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4167] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4171] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4175] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4179] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4183] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4187] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4191] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4195] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4199] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4203] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4207] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4211] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4215] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4219] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4223] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4227] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4231] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4235] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4239] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4243] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4247] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4251] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4255] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4259] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4263] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4267] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4271] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4275] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4279] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4283] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4287] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4291] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4295] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4299] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4303] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4307] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4311] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4315] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4319] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4323] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4328] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4333] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4338] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4343] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4348] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4353] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4358] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4364] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4370] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4376] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4382] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4388] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4392] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4396] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4400] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4404] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4408] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ -0x00, /* [4434] OBJ_itu_t */ -0x50, /* [4435] OBJ_joint_iso_itu_t */ -0x67, /* [4436] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4457] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4460] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4463] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4470] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4478] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4486] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4494] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4497] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */ -0x2B, /* [4577] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4578] OBJ_certicom_arc */ -0x67,0x2B, /* [4581] OBJ_wap */ -0x67,0x2B,0x0D, /* [4583] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4586] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4621] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4629] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4637] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4645] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4653] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4661] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4669] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4677] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4685] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4693] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4701] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4709] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4717] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4725] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4733] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4741] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4749] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4757] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4765] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4773] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4781] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4786] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4791] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4796] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4801] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4806] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4811] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4816] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4821] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4826] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4831] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4836] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4841] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4846] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4851] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4856] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4861] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4866] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4871] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4876] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4881] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4886] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4891] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4896] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4901] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4906] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4911] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4916] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4921] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4926] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4931] OBJ_sect571r1 */ -0x67,0x2B,0x0D,0x04,0x01, /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x03, /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x0D,0x04,0x04, /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x0D,0x04,0x05, /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x07, /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x0D,0x04,0x0A, /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x0D,0x04,0x0B, /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x0D,0x04,0x0C, /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [4991] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4995] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [4998] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5034] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5042] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5050] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5058] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5066] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5074] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5082] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5090] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5098] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5106] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5109] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5112] OBJ_certificate_issuer */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [634] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [637] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [643] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [650] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [658] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [749] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [752] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [755] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [758] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [955] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [963] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [971] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */ +0x55,0x04,0x29, /* [1034] OBJ_name */ +0x55,0x04,0x2E, /* [1037] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1040] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1047] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1054] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1062] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1070] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1078] OBJ_OCSP_sign */ +0x28, /* [1086] OBJ_iso */ +0x2A, /* [1087] OBJ_member_body */ +0x2A,0x86,0x48, /* [1088] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1091] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1096] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1102] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1110] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1868] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1876] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1883] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1890] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1897] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1904] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1911] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1918] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1925] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1932] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1939] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1946] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1953] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1961] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1969] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1977] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1985] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1993] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2001] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2009] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2017] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2025] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2033] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2041] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2049] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2057] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2065] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2073] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2081] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2089] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2097] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2105] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2113] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2121] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2129] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2137] OBJ_sbgp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2145] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2153] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2161] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2169] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2177] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2185] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2193] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2201] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2209] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2217] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2225] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2233] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2241] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2249] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2257] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2265] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2273] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2281] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2289] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2297] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2305] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2313] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2393] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2401] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2417] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2425] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2433] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2441] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2449] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2457] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2465] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2473] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2481] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2489] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2497] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2505] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2513] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2521] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2529] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2537] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2545] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2553] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2561] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2569] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2577] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2585] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2593] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2601] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2609] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2617] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2625] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2633] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2641] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2649] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2657] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2665] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2681] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2689] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2697] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2705] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2713] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2820] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2824] OBJ_rsaSignature */ +0x55,0x08, /* [2829] OBJ_X500algorithms */ +0x2B, /* [2831] OBJ_org */ +0x2B,0x06, /* [2832] OBJ_dod */ +0x2B,0x06,0x01, /* [2834] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2837] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2841] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2845] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2849] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2853] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2857] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2861] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2865] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */ +0x00, /* [2899] OBJ_joint_iso_ccitt */ +0x55,0x01,0x05, /* [2900] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2903] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2916] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2924] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2932] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2940] OBJ_role */ +0x55,0x1D,0x24, /* [2943] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2946] OBJ_target_information */ +0x55,0x1D,0x38, /* [2949] OBJ_no_rev_avail */ +0x00, /* [2952] OBJ_ccitt */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */ +0x09, /* [3183] OBJ_data */ +0x09,0x92,0x26, /* [3184] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */ +0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */ +0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3885] OBJ_pseudonym */ +0x67,0x2A, /* [3888] OBJ_id_set */ +0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3896] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3899] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3905] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */ +0x00, /* [4439] OBJ_itu_t */ +0x50, /* [4440] OBJ_joint_iso_itu_t */ +0x67, /* [4441] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4462] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4465] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4468] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4475] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4483] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4491] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4499] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4502] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */ +0x2B, /* [4582] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ +0x67,0x2B, /* [4586] OBJ_wap */ +0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4626] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4634] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4642] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4650] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4658] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4666] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4674] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4682] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4690] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4698] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4706] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4714] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4722] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4730] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4738] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4746] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4754] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4762] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4770] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4778] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4786] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4791] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4796] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4801] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4806] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4811] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4816] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4821] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4826] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4831] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4836] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4841] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4846] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4851] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4856] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4861] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4866] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4871] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4876] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4881] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4886] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4891] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4896] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4901] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4906] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4911] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4916] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4921] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ +0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ +0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5039] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5047] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5055] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5063] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5071] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5079] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5087] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5095] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5103] OBJ_camellia_256_ofb128 */ +0x55,0x1D,0x09, /* [5111] OBJ_subject_directory_attributes */ +0x55,0x1D,0x1C, /* [5114] OBJ_issuing_distribution_point */ +0x55,0x1D,0x1D, /* [5117] OBJ_certificate_issuer */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5120] OBJ_kisa */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5126] OBJ_seed_ecb */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5134] OBJ_seed_cbc */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5142] OBJ_seed_ofb128 */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5150] OBJ_seed_cfb128 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5158] OBJ_hmac_md5 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5166] OBJ_hmac_sha1 */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5192] OBJ_id_it_suppLangTags */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5200] OBJ_caRepository */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5257] OBJ_ecdsa_with_Recommended */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5264] OBJ_ecdsa_with_Specified */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5271] OBJ_ecdsa_with_SHA224 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5279] OBJ_ecdsa_with_SHA256 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5287] OBJ_ecdsa_with_SHA384 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5295] OBJ_ecdsa_with_SHA512 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5303] OBJ_hmacWithMD5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5311] OBJ_hmacWithSHA224 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5319] OBJ_hmacWithSHA256 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5327] OBJ_hmacWithSHA384 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5335] OBJ_hmacWithSHA512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5343] OBJ_dsa_with_SHA224 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5352] OBJ_dsa_with_SHA256 */ +0x28,0xCF,0x06,0x03,0x00,0x37, /* [5361] OBJ_whirlpool */ +0x2A,0x85,0x03,0x02,0x02, /* [5367] OBJ_cryptopro */ +0x2A,0x85,0x03,0x02,0x09, /* [5372] OBJ_cryptocom */ +0x2A,0x85,0x03,0x02,0x02,0x03, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x04, /* [5383] OBJ_id_GostR3411_94_with_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x09, /* [5389] OBJ_id_GostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5395] OBJ_id_HMACGostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x13, /* [5401] OBJ_id_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x14, /* [5407] OBJ_id_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x15, /* [5413] OBJ_id_Gost28147_89 */ +0x2A,0x85,0x03,0x02,0x02,0x16, /* [5419] OBJ_id_Gost28147_89_MAC */ +0x2A,0x85,0x03,0x02,0x02,0x17, /* [5425] OBJ_id_GostR3411_94_prf */ +0x2A,0x85,0x03,0x02,0x02,0x62, /* [5431] OBJ_id_GostR3410_2001DH */ +0x2A,0x85,0x03,0x02,0x02,0x63, /* [5437] OBJ_id_GostR3410_94DH */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5443] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5450] OBJ_id_Gost28147_89_None_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5457] OBJ_id_GostR3411_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5464] OBJ_id_GostR3411_94_CryptoProParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5471] OBJ_id_Gost28147_89_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5478] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5485] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5492] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5499] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5506] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5513] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5520] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5527] OBJ_id_GostR3410_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5534] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5541] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5548] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5555] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5562] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5569] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5576] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5583] OBJ_id_GostR3410_2001_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5590] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5597] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5604] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5611] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5618] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5625] OBJ_id_GostR3410_94_a */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5632] OBJ_id_GostR3410_94_aBis */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5639] OBJ_id_GostR3410_94_b */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5646] OBJ_id_GostR3410_94_bBis */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5653] OBJ_id_Gost28147_89_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5661] OBJ_id_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5669] OBJ_id_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5677] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -962,880 +1042,880 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0}, +{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[629]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0}, + &(lvalues[634]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[645]),0}, + &(lvalues[650]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[653]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0}, + &(lvalues[658]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[669]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0}, + &(lvalues[674]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[685]),0}, + &(lvalues[690]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[695]),0}, + &(lvalues[700]),0}, {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[705]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0}, + &(lvalues[710]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[725]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0}, + &(lvalues[730]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[744]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0}, + &(lvalues[749]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[750]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0}, + &(lvalues[755]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[829]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0}, + 11,&(lvalues[834]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[873]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0}, + &(lvalues[878]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[902]),0}, + &(lvalues[907]),0}, {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[912]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0}, + &(lvalues[917]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[966]),0}, + &(lvalues[971]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[974]),0}, + &(lvalues[979]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[983]),0}, + &(lvalues[988]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[992]),0}, + &(lvalues[997]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1001]),0}, + &(lvalues[1006]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1010]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0}, -{"name","name",NID_name,3,&(lvalues[1029]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0}, + &(lvalues[1015]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0}, +{"name","name",NID_name,3,&(lvalues[1034]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1049]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0}, -{"ISO","iso",NID_iso,1,&(lvalues[1081]),0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0}, + 8,&(lvalues[1054]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0}, +{"ISO","iso",NID_iso,1,&(lvalues[1086]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1192]),0}, + &(lvalues[1197]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1203]),0}, + &(lvalues[1208]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1214]),0}, + &(lvalues[1219]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1225]),0}, + 11,&(lvalues[1230]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1280]),0}, + 11,&(lvalues[1285]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1291]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1296]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1313]),0}, + 11,&(lvalues[1318]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1324]),0}, + 11,&(lvalues[1329]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1445]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1450]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1731]),0}, + &(lvalues[1736]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1764]),0}, + &(lvalues[1769]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1863]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1868]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2036]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2041]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2068]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0}, + &(lvalues[2073]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2092]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0}, + &(lvalues[2097]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0}, {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2116]),0}, + &(lvalues[2121]),0}, {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0}, + NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0}, {"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0}, + NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2148]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0}, + &(lvalues[2153]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2180]),0}, + 8,&(lvalues[2185]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2220]),0}, + &(lvalues[2225]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2268]),0}, + 8,&(lvalues[2273]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2276]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2281]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2292]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2297]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2316]),0}, + 9,&(lvalues[2321]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2379]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0}, + &(lvalues[2384]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2396]),0}, + &(lvalues[2401]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2420]),0}, + &(lvalues[2425]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2428]),0}, + NID_id_cmc_identification,8,&(lvalues[2433]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2436]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2441]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2444]),0}, + &(lvalues[2449]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2452]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2457]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2460]),0}, + &(lvalues[2465]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2476]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2481]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2484]),0}, + 8,&(lvalues[2489]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2492]),0}, + 8,&(lvalues[2497]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2508]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0}, + &(lvalues[2513]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2532]),0}, + &(lvalues[2537]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2540]),0}, + 8,&(lvalues[2545]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2548]),0}, + 8,&(lvalues[2553]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2580]),0}, + &(lvalues[2585]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2588]),0}, + &(lvalues[2593]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2596]),0}, + 8,&(lvalues[2601]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2636]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2641]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2684]),0}, + &(lvalues[2689]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2692]),0}, + &(lvalues[2697]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2700]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0}, + &(lvalues[2705]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2716]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0}, + &(lvalues[2721]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2761]),0}, + 9,&(lvalues[2766]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2806]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0}, + &(lvalues[2811]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2824]),0}, -{"ORG","org",NID_org,1,&(lvalues[2826]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2827]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2829]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0}, -{"private","Private",NID_Private,4,&(lvalues[2844]),0}, -{"security","Security",NID_Security,4,&(lvalues[2848]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, + NID_X500algorithms,2,&(lvalues[2829]),0}, +{"ORG","org",NID_org,1,&(lvalues[2831]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2832]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2834]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0}, +{"private","Private",NID_Private,4,&(lvalues[2849]),0}, +{"security","Security",NID_Security,4,&(lvalues[2853]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2895]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, + NID_selected_attribute_types,3,&(lvalues[2900]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2902]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0}, + &(lvalues[2907]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2919]),0}, + &(lvalues[2924]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2927]),0}, -{"role","role",NID_role,3,&(lvalues[2935]),0}, + &(lvalues[2932]),0}, +{"role","role",NID_role,3,&(lvalues[2940]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2938]),0}, + NID_policy_constraints,3,&(lvalues[2943]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2941]),0}, + &(lvalues[2946]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2944]),0}, -{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, + &(lvalues[2949]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2967]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0}, + &(lvalues[2972]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3030]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0}, + &(lvalues[3035]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3154]),0}, + NID_hold_instruction_code,3,&(lvalues[3159]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3157]),0}, + NID_hold_instruction_none,7,&(lvalues[3162]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3171]),0}, -{"data","data",NID_data,1,&(lvalues[3178]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3179]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0}, + NID_hold_instruction_reject,7,&(lvalues[3176]),0}, +{"data","data",NID_data,1,&(lvalues[3183]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3184]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3197]),0}, + &(lvalues[3202]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3206]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3211]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3215]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0}, + &(lvalues[3220]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3233]),0}, + &(lvalues[3238]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0}, -{"account","account",NID_account,10,&(lvalues[3273]),0}, -{"document","document",NID_document,10,&(lvalues[3283]),0}, -{"room","room",NID_room,10,&(lvalues[3293]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0}, +{"account","account",NID_account,10,&(lvalues[3278]),0}, +{"document","document",NID_document,10,&(lvalues[3288]),0}, +{"room","room",NID_room,10,&(lvalues[3298]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3303]),0}, + &(lvalues[3308]),0}, {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3313]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0}, + &(lvalues[3318]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3333]),0}, + 10,&(lvalues[3338]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3343]),0}, + &(lvalues[3348]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3353]),0}, + NID_simpleSecurityObject,10,&(lvalues[3358]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3363]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0}, + &(lvalues[3368]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3383]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3393]),0}, + 10,&(lvalues[3388]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3398]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3403]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0}, -{"info","info",NID_info,10,&(lvalues[3423]),0}, + NID_textEncodedORAddress,10,&(lvalues[3408]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0}, +{"info","info",NID_info,10,&(lvalues[3428]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3433]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3453]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0}, -{"host","host",NID_host,10,&(lvalues[3473]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3483]),0}, + &(lvalues[3438]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3458]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0}, +{"host","host",NID_host,10,&(lvalues[3478]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3488]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3493]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0}, + &(lvalues[3498]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3513]),0}, + &(lvalues[3518]),0}, {"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3523]),0}, + &(lvalues[3528]),0}, {"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3533]),0}, + &(lvalues[3538]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3543]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0}, + 10,&(lvalues[3548]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3573]),0}, + &(lvalues[3578]),0}, {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3583]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0}, + &(lvalues[3588]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3603]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0}, + NID_pilotAttributeType27,10,&(lvalues[3608]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3653]),0}, + &(lvalues[3658]),0}, {"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3663]),0}, + &(lvalues[3668]),0}, {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3673]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0}, + &(lvalues[3678]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3693]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3698]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3703]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3708]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3713]),0}, + 10,&(lvalues[3718]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3723]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0}, + NID_organizationalStatus,10,&(lvalues[3728]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3743]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0}, + NID_mailPreferenceOption,10,&(lvalues[3748]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3773]),0}, + &(lvalues[3778]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3783]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3788]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3793]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3798]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3803]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3823]),0}, + &(lvalues[3808]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3828]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3833]),0}, + &(lvalues[3838]),0}, {"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3843]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0}, + NID_x500UniqueIdentifier,3,&(lvalues[3848]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0}, {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3851]),0}, + &(lvalues[3856]),0}, {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3857]),0}, + &(lvalues[3862]),0}, {"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3863]),0}, + NID_id_hex_partial_message,7,&(lvalues[3868]),0}, {"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3870]),0}, + NID_id_hex_multipart_message,7,&(lvalues[3875]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3877]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, + 3,&(lvalues[3882]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3883]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0}, + &(lvalues[3888]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0}, {"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3897]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0}, + &(lvalues[3902]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0}, {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, - &(lvalues[3907]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0}, + &(lvalues[3912]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0}, {"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0}, + NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0}, {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3931]),0}, + &(lvalues[3936]),0}, {"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3935]),0}, + NID_setct_AuthResBaggage,4,&(lvalues[3940]),0}, {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0}, + NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0}, {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0}, + NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0}, {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3947]),0}, + &(lvalues[3952]),0}, {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3951]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0}, + &(lvalues[3956]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0}, {"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3959]),0}, + &(lvalues[3964]),0}, {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3963]),0}, + &(lvalues[3968]),0}, {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3967]),0}, + &(lvalues[3972]),0}, {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3971]),0}, + &(lvalues[3976]),0}, {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3975]),0}, + &(lvalues[3980]),0}, {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3979]),0}, + &(lvalues[3984]),0}, {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3983]),0}, + &(lvalues[3988]),0}, {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0}, + NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0}, {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[3991]),0}, + 4,&(lvalues[3996]),0}, {"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[3995]),0}, + NID_setct_AuthRevResData,4,&(lvalues[4000]),0}, {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[3999]),0}, + 4,&(lvalues[4004]),0}, {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[4003]),0}, + &(lvalues[4008]),0}, {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4007]),0}, + &(lvalues[4012]),0}, {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4011]),0}, + &(lvalues[4016]),0}, {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4015]),0}, + &(lvalues[4020]),0}, {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4019]),0}, + 4,&(lvalues[4024]),0}, {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4023]),0}, + 4,&(lvalues[4028]),0}, {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4027]),0}, + &(lvalues[4032]),0}, {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4031]),0}, + &(lvalues[4036]),0}, {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4035]),0}, + &(lvalues[4040]),0}, {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4039]),0}, + 4,&(lvalues[4044]),0}, {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0}, + NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0}, {"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4047]),0}, + NID_setct_CredRevResData,4,&(lvalues[4052]),0}, {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4051]),0}, + &(lvalues[4056]),0}, {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4055]),0}, + &(lvalues[4060]),0}, {"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0}, + NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0}, {"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4063]),0}, + NID_setct_BatchAdminResData,4,&(lvalues[4068]),0}, {"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0}, + NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0}, {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0}, + NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0}, {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4075]),0}, + 4,&(lvalues[4080]),0}, {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4079]),0}, + &(lvalues[4084]),0}, {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4083]),0}, + &(lvalues[4088]),0}, {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4087]),0}, + &(lvalues[4092]),0}, {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4091]),0}, + 4,&(lvalues[4096]),0}, {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4095]),0}, + &(lvalues[4100]),0}, {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0}, + NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0}, {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4103]),0}, + 4,&(lvalues[4108]),0}, {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4107]),0}, + &(lvalues[4112]),0}, {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4111]),0}, + &(lvalues[4116]),0}, {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4115]),0}, + &(lvalues[4120]),0}, {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4119]),0}, + &(lvalues[4124]),0}, {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4123]),0}, + &(lvalues[4128]),0}, {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4127]),0}, + &(lvalues[4132]),0}, {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0}, + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0}, {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4135]),0}, + 4,&(lvalues[4140]),0}, {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4139]),0}, + 4,&(lvalues[4144]),0}, {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0}, + NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0}, {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4147]),0}, + &(lvalues[4152]),0}, {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4151]),0}, + &(lvalues[4156]),0}, {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4155]),0}, + &(lvalues[4160]),0}, {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4159]),0}, + &(lvalues[4164]),0}, {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4163]),0}, + 4,&(lvalues[4168]),0}, {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4167]),0}, + &(lvalues[4172]),0}, {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4171]),0}, + &(lvalues[4176]),0}, {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4175]),0}, + &(lvalues[4180]),0}, {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4179]),0}, + &(lvalues[4184]),0}, {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4183]),0}, + 4,&(lvalues[4188]),0}, {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0}, + NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0}, {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4191]),0}, + 4,&(lvalues[4196]),0}, {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0}, + NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0}, {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0}, + NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0}, {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4203]),0}, + 4,&(lvalues[4208]),0}, {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4207]),0}, + &(lvalues[4212]),0}, {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4211]),0}, + &(lvalues[4216]),0}, {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4215]),0}, + &(lvalues[4220]),0}, {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0}, + NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0}, {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0}, + NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0}, {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0}, + NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0}, {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4231]),0}, + &(lvalues[4236]),0}, {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4235]),0}, + &(lvalues[4240]),0}, {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4239]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0}, + &(lvalues[4244]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0}, {"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4251]),0}, + &(lvalues[4256]),0}, {"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4255]),0}, + &(lvalues[4260]),0}, {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4259]),0}, + &(lvalues[4264]),0}, {"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4263]),0}, + &(lvalues[4268]),0}, {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4267]),0}, + &(lvalues[4272]),0}, {"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4271]),0}, + NID_setCext_cCertRequired,4,&(lvalues[4276]),0}, {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4275]),0}, + &(lvalues[4280]),0}, {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4279]),0}, + &(lvalues[4284]),0}, {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4283]),0}, + &(lvalues[4288]),0}, {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0}, + NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0}, {"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0}, + NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0}, {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4295]),0}, + &(lvalues[4300]),0}, {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4299]),0}, + &(lvalues[4304]),0}, {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0}, + NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0}, {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4311]),0}, + 4,&(lvalues[4316]),0}, {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4315]),0}, + &(lvalues[4320]),0}, {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4319]),0}, + &(lvalues[4324]),0}, {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4323]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0}, + &(lvalues[4328]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0}, {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, - &(lvalues[4333]),0}, + &(lvalues[4338]),0}, {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0}, + NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0}, {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4343]),0}, -{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, &(lvalues[4348]),0}, -{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, +{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, &(lvalues[4353]),0}, +{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, + &(lvalues[4358]),0}, {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4358]),0}, + 6,&(lvalues[4363]),0}, {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4364]),0}, + &(lvalues[4369]),0}, {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4370]),0}, + &(lvalues[4375]),0}, {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4376]),0}, + &(lvalues[4381]),0}, {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4382]),0}, + 6,&(lvalues[4387]),0}, {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4388]),0}, + &(lvalues[4393]),0}, {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4392]),0}, + &(lvalues[4397]),0}, {"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0}, + NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0}, {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4404]),0}, + &(lvalues[4409]),0}, {"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4408]),0}, + NID_set_brand_MasterCard,4,&(lvalues[4413]),0}, {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4412]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, + &(lvalues[4417]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, -{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0}, + NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0}, {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, - &(lvalues[4435]),0}, + &(lvalues[4440]),0}, {"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4436]),0}, + NID_international_organizations,1,&(lvalues[4441]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4437]),0}, + 10,&(lvalues[4442]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4447]),0}, + &(lvalues[4452]),0}, {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, @@ -1846,138 +1926,138 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0}, +{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4470]),0}, + &(lvalues[4475]),0}, {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4478]),0}, + &(lvalues[4483]),0}, {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4486]),0}, + &(lvalues[4491]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4494]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0}, + &(lvalues[4499]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0}, {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4505]),0}, + &(lvalues[4510]),0}, {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4514]),0}, + &(lvalues[4519]),0}, {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4523]),0}, + &(lvalues[4528]),0}, {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4532]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0}, + &(lvalues[4537]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4577]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4581]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0}, + NID_identified_organization,1,&(lvalues[4582]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4586]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0}, {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0}, + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0}, {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0}, + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0}, {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0}, + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0}, {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0}, + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0}, {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0}, + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0}, {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0}, + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0}, {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0}, + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[4995]),0}, + &(lvalues[5000]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[4998]),0}, + NID_inhibit_any_policy,3,&(lvalues[5003]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[5001]),0}, + &(lvalues[5006]),0}, {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5012]),0}, + &(lvalues[5017]),0}, {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5023]),0}, + &(lvalues[5028]),0}, {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5034]),0}, + &(lvalues[5039]),0}, {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5042]),0}, + &(lvalues[5047]),0}, {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5050]),0}, + &(lvalues[5055]),0}, {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5058]),0}, + &(lvalues[5063]),0}, {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5066]),0}, + &(lvalues[5071]),0}, {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5074]),0}, + &(lvalues[5079]),0}, {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, @@ -1985,17 +2065,197 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5082]),0}, + &(lvalues[5087]),0}, {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5090]),0}, + &(lvalues[5095]),0}, {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5098]),0}, + &(lvalues[5103]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5106]),0}, + NID_subject_directory_attributes,3,&(lvalues[5111]),0}, {"issuingDistributionPoint","X509v3 Issuing Distrubution Point", - NID_issuing_distribution_point,3,&(lvalues[5109]),0}, + NID_issuing_distribution_point,3,&(lvalues[5114]),0}, {"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5112]),0}, + NID_certificate_issuer,3,&(lvalues[5117]),0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0}, +{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0}, +{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0}, +{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0}, +{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0}, +{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0}, +{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, + &(lvalues[5174]),0}, +{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, + &(lvalues[5183]),0}, +{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, + &(lvalues[5192]),0}, +{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0}, +{"id-smime-ct-compressedData","id-smime-ct-compressedData", + NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0}, +{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0}, +{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, + &(lvalues[5230]),0}, +{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, + &(lvalues[5239]),0}, +{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, + &(lvalues[5248]),0}, +{"ecdsa-with-Recommended","ecdsa-with-Recommended", + NID_ecdsa_with_Recommended,7,&(lvalues[5257]),0}, +{"ecdsa-with-Specified","ecdsa-with-Specified", + NID_ecdsa_with_Specified,7,&(lvalues[5264]),0}, +{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, + &(lvalues[5271]),0}, +{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, + &(lvalues[5279]),0}, +{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, + &(lvalues[5287]),0}, +{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, + &(lvalues[5295]),0}, +{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5303]),0}, +{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, + &(lvalues[5311]),0}, +{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, + &(lvalues[5319]),0}, +{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, + &(lvalues[5327]),0}, +{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, + &(lvalues[5335]),0}, +{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, + &(lvalues[5343]),0}, +{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, + &(lvalues[5352]),0}, +{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5361]),0}, +{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5367]),0}, +{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5372]),0}, +{"id-GostR3411-94-with-GostR3410-2001", + "GOST R 34.11-94 with GOST R 34.10-2001", + NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5377]),0}, +{"id-GostR3411-94-with-GostR3410-94", + "GOST R 34.11-94 with GOST R 34.10-94", + NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5383]),0}, +{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5389]),0}, +{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, + &(lvalues[5395]),0}, +{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, + &(lvalues[5401]),0}, +{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5407]),0}, +{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5413]),0}, +{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, +{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, + &(lvalues[5419]),0}, +{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, + &(lvalues[5425]),0}, +{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, + 6,&(lvalues[5431]),0}, +{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, + &(lvalues[5437]),0}, +{"id-Gost28147-89-CryptoPro-KeyMeshing", + "id-Gost28147-89-CryptoPro-KeyMeshing", + NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5443]),0}, +{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", + NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5450]),0}, +{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", + NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5457]),0}, +{"id-GostR3411-94-CryptoProParamSet", + "id-GostR3411-94-CryptoProParamSet", + NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5464]),0}, +{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", + NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5471]),0}, +{"id-Gost28147-89-CryptoPro-A-ParamSet", + "id-Gost28147-89-CryptoPro-A-ParamSet", + NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5478]),0}, +{"id-Gost28147-89-CryptoPro-B-ParamSet", + "id-Gost28147-89-CryptoPro-B-ParamSet", + NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5485]),0}, +{"id-Gost28147-89-CryptoPro-C-ParamSet", + "id-Gost28147-89-CryptoPro-C-ParamSet", + NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5492]),0}, +{"id-Gost28147-89-CryptoPro-D-ParamSet", + "id-Gost28147-89-CryptoPro-D-ParamSet", + NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5499]),0}, +{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", + NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5506]), + 0}, +{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", + NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5513]), + 0}, +{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", + "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", + NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5520]),0}, +{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", + NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5527]),0}, +{"id-GostR3410-94-CryptoPro-A-ParamSet", + "id-GostR3410-94-CryptoPro-A-ParamSet", + NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5534]),0}, +{"id-GostR3410-94-CryptoPro-B-ParamSet", + "id-GostR3410-94-CryptoPro-B-ParamSet", + NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5541]),0}, +{"id-GostR3410-94-CryptoPro-C-ParamSet", + "id-GostR3410-94-CryptoPro-C-ParamSet", + NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5548]),0}, +{"id-GostR3410-94-CryptoPro-D-ParamSet", + "id-GostR3410-94-CryptoPro-D-ParamSet", + NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5555]),0}, +{"id-GostR3410-94-CryptoPro-XchA-ParamSet", + "id-GostR3410-94-CryptoPro-XchA-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5562]),0}, +{"id-GostR3410-94-CryptoPro-XchB-ParamSet", + "id-GostR3410-94-CryptoPro-XchB-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5569]),0}, +{"id-GostR3410-94-CryptoPro-XchC-ParamSet", + "id-GostR3410-94-CryptoPro-XchC-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5576]),0}, +{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", + NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5583]),0}, +{"id-GostR3410-2001-CryptoPro-A-ParamSet", + "id-GostR3410-2001-CryptoPro-A-ParamSet", + NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5590]),0}, +{"id-GostR3410-2001-CryptoPro-B-ParamSet", + "id-GostR3410-2001-CryptoPro-B-ParamSet", + NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5597]),0}, +{"id-GostR3410-2001-CryptoPro-C-ParamSet", + "id-GostR3410-2001-CryptoPro-C-ParamSet", + NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5604]),0}, +{"id-GostR3410-2001-CryptoPro-XchA-ParamSet", + "id-GostR3410-2001-CryptoPro-XchA-ParamSet", + NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5611]),0}, + +{"id-GostR3410-2001-CryptoPro-XchB-ParamSet", + "id-GostR3410-2001-CryptoPro-XchB-ParamSet", + NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5618]),0}, + +{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, + &(lvalues[5625]),0}, +{"id-GostR3410-94-aBis","id-GostR3410-94-aBis", + NID_id_GostR3410_94_aBis,7,&(lvalues[5632]),0}, +{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, + &(lvalues[5639]),0}, +{"id-GostR3410-94-bBis","id-GostR3410-94-bBis", + NID_id_GostR3410_94_bBis,7,&(lvalues[5646]),0}, +{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", + NID_id_Gost28147_89_cc,8,&(lvalues[5653]),0}, +{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, + &(lvalues[5661]),0}, +{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, + &(lvalues[5669]),0}, +{"id-GostR3411-94-with-GostR3410-94-cc", + "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", + NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5677]),0}, +{"id-GostR3411-94-with-GostR3410-2001-cc", + "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", + NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5685]),0}, +{"id-GostR3410-2001-ParamSet-cc", + "GOST R 3410-2001 Parameter Set Cryptocom", + NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5693]),0}, +{"HMAC","hmac",NID_hmac,0,NULL,0}, +{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, + &(lvalues[5701]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2076,6 +2336,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[67]),/* "DSA-old" */ &(nid_objs[297]),/* "DVCS" */ &(nid_objs[99]),/* "GN" */ +&(nid_objs[855]),/* "HMAC" */ +&(nid_objs[780]),/* "HMAC-MD5" */ +&(nid_objs[781]),/* "HMAC-SHA1" */ &(nid_objs[381]),/* "IANA" */ &(nid_objs[34]),/* "IDEA-CBC" */ &(nid_objs[35]),/* "IDEA-CFB" */ @@ -2085,7 +2348,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[183]),/* "ISO-US" */ &(nid_objs[645]),/* "ITU-T" */ &(nid_objs[646]),/* "JOINT-ISO-ITU-T" */ +&(nid_objs[773]),/* "KISA" */ &(nid_objs[15]),/* "L" */ +&(nid_objs[856]),/* "LocalKeySet" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ &(nid_objs[ 4]),/* "MD5" */ @@ -2147,6 +2412,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[668]),/* "RSA-SHA256" */ &(nid_objs[669]),/* "RSA-SHA384" */ &(nid_objs[670]),/* "RSA-SHA512" */ +&(nid_objs[777]),/* "SEED-CBC" */ +&(nid_objs[779]),/* "SEED-CFB" */ +&(nid_objs[776]),/* "SEED-ECB" */ +&(nid_objs[778]),/* "SEED-OFB" */ &(nid_objs[41]),/* "SHA" */ &(nid_objs[64]),/* "SHA1" */ &(nid_objs[675]),/* "SHA224" */ @@ -2209,6 +2478,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[703]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[179]),/* "caIssuers" */ +&(nid_objs[785]),/* "caRepository" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[677]),/* "certicom-arc" */ @@ -2224,6 +2494,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[153]),/* "crlBag" */ &(nid_objs[103]),/* "crlDistributionPoints" */ &(nid_objs[88]),/* "crlNumber" */ +&(nid_objs[806]),/* "cryptocom" */ +&(nid_objs[805]),/* "cryptopro" */ &(nid_objs[500]),/* "dITRedirect" */ &(nid_objs[451]),/* "dNSDomain" */ &(nid_objs[495]),/* "dSAQuality" */ @@ -2244,7 +2516,15 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[470]),/* "documentVersion" */ &(nid_objs[392]),/* "domain" */ &(nid_objs[452]),/* "domainRelatedObject" */ +&(nid_objs[802]),/* "dsa_with_SHA224" */ +&(nid_objs[803]),/* "dsa_with_SHA256" */ +&(nid_objs[791]),/* "ecdsa-with-Recommended" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ +&(nid_objs[793]),/* "ecdsa-with-SHA224" */ +&(nid_objs[794]),/* "ecdsa-with-SHA256" */ +&(nid_objs[795]),/* "ecdsa-with-SHA384" */ +&(nid_objs[796]),/* "ecdsa-with-SHA512" */ +&(nid_objs[792]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[132]),/* "emailProtection" */ &(nid_objs[389]),/* "enterprises" */ @@ -2258,7 +2538,19 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[490]),/* "friendlyCountryName" */ &(nid_objs[156]),/* "friendlyName" */ &(nid_objs[509]),/* "generationQualifier" */ +&(nid_objs[815]),/* "gost-mac" */ +&(nid_objs[811]),/* "gost2001" */ +&(nid_objs[851]),/* "gost2001cc" */ +&(nid_objs[813]),/* "gost89" */ +&(nid_objs[814]),/* "gost89-cnt" */ +&(nid_objs[812]),/* "gost94" */ +&(nid_objs[850]),/* "gost94cc" */ +&(nid_objs[797]),/* "hmacWithMD5" */ &(nid_objs[163]),/* "hmacWithSHA1" */ +&(nid_objs[798]),/* "hmacWithSHA224" */ +&(nid_objs[799]),/* "hmacWithSHA256" */ +&(nid_objs[800]),/* "hmacWithSHA384" */ +&(nid_objs[801]),/* "hmacWithSHA512" */ &(nid_objs[432]),/* "holdInstructionCallIssuer" */ &(nid_objs[430]),/* "holdInstructionCode" */ &(nid_objs[431]),/* "holdInstructionNone" */ @@ -2267,6 +2559,47 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[473]),/* "homeTelephoneNumber" */ &(nid_objs[466]),/* "host" */ &(nid_objs[442]),/* "iA5StringSyntax" */ +&(nid_objs[783]),/* "id-DHBasedMac" */ +&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ +&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ +&(nid_objs[849]),/* "id-Gost28147-89-cc" */ +&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */ +&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ +&(nid_objs[817]),/* "id-GostR3410-2001DH" */ +&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ +&(nid_objs[845]),/* "id-GostR3410-94-a" */ +&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ +&(nid_objs[847]),/* "id-GostR3410-94-b" */ +&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ +&(nid_objs[818]),/* "id-GostR3410-94DH" */ +&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ +&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ +&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */ +&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */ +&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */ +&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */ +&(nid_objs[810]),/* "id-HMACGostR3411-94" */ +&(nid_objs[782]),/* "id-PasswordBasedMAC" */ &(nid_objs[266]),/* "id-aca" */ &(nid_objs[355]),/* "id-aca-accessIdentity" */ &(nid_objs[354]),/* "id-aca-authenticationInfo" */ @@ -2275,6 +2608,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ +&(nid_objs[788]),/* "id-aes128-wrap" */ +&(nid_objs[789]),/* "id-aes192-wrap" */ +&(nid_objs[790]),/* "id-aes256-wrap" */ &(nid_objs[262]),/* "id-alg" */ &(nid_objs[323]),/* "id-alg-des40" */ &(nid_objs[326]),/* "id-alg-dh-pop" */ @@ -2307,6 +2643,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[332]),/* "id-cmc-senderNonce" */ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ +&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ &(nid_objs[408]),/* "id-ecPublicKey" */ &(nid_objs[508]),/* "id-hex-multipart-message" */ &(nid_objs[507]),/* "id-hex-partial-message" */ @@ -2325,6 +2662,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[299]),/* "id-it-signKeyPairTypes" */ &(nid_objs[305]),/* "id-it-subscriptionRequest" */ &(nid_objs[306]),/* "id-it-subscriptionResponse" */ +&(nid_objs[784]),/* "id-it-suppLangTags" */ &(nid_objs[304]),/* "id-it-unsupportedOIDs" */ &(nid_objs[128]),/* "id-kp" */ &(nid_objs[280]),/* "id-mod-attribute-cert" */ @@ -2420,6 +2758,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ &(nid_objs[205]),/* "id-smime-ct-authData" */ +&(nid_objs[786]),/* "id-smime-ct-compressedData" */ &(nid_objs[209]),/* "id-smime-ct-contentInfo" */ &(nid_objs[206]),/* "id-smime-ct-publishCert" */ &(nid_objs[204]),/* "id-smime-ct-receipt" */ @@ -2463,6 +2802,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[460]),/* "mail" */ &(nid_objs[493]),/* "mailPreferenceOption" */ &(nid_objs[467]),/* "manager" */ +&(nid_objs[809]),/* "md_gost94" */ &(nid_objs[182]),/* "member-body" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[383]),/* "mgmt" */ @@ -2531,6 +2871,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[747]),/* "policyMappings" */ &(nid_objs[661]),/* "postalCode" */ &(nid_objs[683]),/* "ppBasis" */ +&(nid_objs[816]),/* "prf-gostr3411-94" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -2764,6 +3105,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ &(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ +&(nid_objs[804]),/* "whirlpool" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -2778,7 +3120,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[365]),/* "Basic OCSP Response" */ &(nid_objs[285]),/* "Biometric Info" */ &(nid_objs[179]),/* "CA Issuers" */ +&(nid_objs[785]),/* "CA Repository" */ &(nid_objs[131]),/* "Code Signing" */ +&(nid_objs[783]),/* "Diffie-Hellman based MAC" */ &(nid_objs[382]),/* "Directory" */ &(nid_objs[392]),/* "Domain" */ &(nid_objs[132]),/* "E-mail Protection" */ @@ -2786,6 +3130,23 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[384]),/* "Experimental" */ &(nid_objs[372]),/* "Extended OCSP Status" */ &(nid_objs[172]),/* "Extension Request" */ +&(nid_objs[813]),/* "GOST 28147-89" */ +&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */ +&(nid_objs[815]),/* "GOST 28147-89 MAC" */ +&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */ +&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */ +&(nid_objs[811]),/* "GOST R 34.10-2001" */ +&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */ +&(nid_objs[812]),/* "GOST R 34.10-94" */ +&(nid_objs[818]),/* "GOST R 34.10-94 DH" */ +&(nid_objs[809]),/* "GOST R 34.11-94" */ +&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */ +&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */ +&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ +&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */ +&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ +&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */ +&(nid_objs[810]),/* "HMAC GOST 34.11-94" */ &(nid_objs[432]),/* "Hold Instruction Call Issuer" */ &(nid_objs[430]),/* "Hold Instruction Code" */ &(nid_objs[431]),/* "Hold Instruction None" */ @@ -2808,6 +3169,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[138]),/* "Microsoft Encrypted File System" */ &(nid_objs[171]),/* "Microsoft Extension Request" */ &(nid_objs[134]),/* "Microsoft Individual Code Signing" */ +&(nid_objs[856]),/* "Microsoft Local Key set" */ &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ &(nid_objs[648]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ @@ -2974,6 +3336,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[53]),/* "countersignature" */ &(nid_objs[14]),/* "countryName" */ &(nid_objs[153]),/* "crlBag" */ +&(nid_objs[806]),/* "cryptocom" */ +&(nid_objs[805]),/* "cryptopro" */ &(nid_objs[500]),/* "dITRedirect" */ &(nid_objs[451]),/* "dNSDomain" */ &(nid_objs[495]),/* "dSAQuality" */ @@ -3018,8 +3382,16 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[66]),/* "dsaWithSHA" */ &(nid_objs[113]),/* "dsaWithSHA1" */ &(nid_objs[70]),/* "dsaWithSHA1-old" */ +&(nid_objs[802]),/* "dsa_with_SHA224" */ +&(nid_objs[803]),/* "dsa_with_SHA256" */ &(nid_objs[297]),/* "dvcs" */ +&(nid_objs[791]),/* "ecdsa-with-Recommended" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ +&(nid_objs[793]),/* "ecdsa-with-SHA224" */ +&(nid_objs[794]),/* "ecdsa-with-SHA256" */ +&(nid_objs[795]),/* "ecdsa-with-SHA384" */ +&(nid_objs[796]),/* "ecdsa-with-SHA512" */ +&(nid_objs[792]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[632]),/* "encrypted track 2" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ @@ -3031,12 +3403,51 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[509]),/* "generationQualifier" */ &(nid_objs[601]),/* "generic cryptogram" */ &(nid_objs[99]),/* "givenName" */ +&(nid_objs[814]),/* "gost89-cnt" */ +&(nid_objs[855]),/* "hmac" */ +&(nid_objs[780]),/* "hmac-md5" */ +&(nid_objs[781]),/* "hmac-sha1" */ +&(nid_objs[797]),/* "hmacWithMD5" */ &(nid_objs[163]),/* "hmacWithSHA1" */ +&(nid_objs[798]),/* "hmacWithSHA224" */ +&(nid_objs[799]),/* "hmacWithSHA256" */ +&(nid_objs[800]),/* "hmacWithSHA384" */ +&(nid_objs[801]),/* "hmacWithSHA512" */ &(nid_objs[486]),/* "homePostalAddress" */ &(nid_objs[473]),/* "homeTelephoneNumber" */ &(nid_objs[466]),/* "host" */ &(nid_objs[442]),/* "iA5StringSyntax" */ &(nid_objs[381]),/* "iana" */ +&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ +&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ +&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ +&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ +&(nid_objs[845]),/* "id-GostR3410-94-a" */ +&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ +&(nid_objs[847]),/* "id-GostR3410-94-b" */ +&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ +&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ +&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ &(nid_objs[266]),/* "id-aca" */ &(nid_objs[355]),/* "id-aca-accessIdentity" */ &(nid_objs[354]),/* "id-aca-authenticationInfo" */ @@ -3045,6 +3456,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ +&(nid_objs[788]),/* "id-aes128-wrap" */ +&(nid_objs[789]),/* "id-aes192-wrap" */ +&(nid_objs[790]),/* "id-aes256-wrap" */ &(nid_objs[262]),/* "id-alg" */ &(nid_objs[323]),/* "id-alg-des40" */ &(nid_objs[326]),/* "id-alg-dh-pop" */ @@ -3077,6 +3491,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[332]),/* "id-cmc-senderNonce" */ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ +&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ &(nid_objs[408]),/* "id-ecPublicKey" */ &(nid_objs[508]),/* "id-hex-multipart-message" */ &(nid_objs[507]),/* "id-hex-partial-message" */ @@ -3095,6 +3510,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[299]),/* "id-it-signKeyPairTypes" */ &(nid_objs[305]),/* "id-it-subscriptionRequest" */ &(nid_objs[306]),/* "id-it-subscriptionResponse" */ +&(nid_objs[784]),/* "id-it-suppLangTags" */ &(nid_objs[304]),/* "id-it-unsupportedOIDs" */ &(nid_objs[128]),/* "id-kp" */ &(nid_objs[280]),/* "id-mod-attribute-cert" */ @@ -3184,6 +3600,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ &(nid_objs[205]),/* "id-smime-ct-authData" */ +&(nid_objs[786]),/* "id-smime-ct-compressedData" */ &(nid_objs[209]),/* "id-smime-ct-contentInfo" */ &(nid_objs[206]),/* "id-smime-ct-publishCert" */ &(nid_objs[204]),/* "id-smime-ct-receipt" */ @@ -3221,6 +3638,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[492]),/* "janetMailbox" */ &(nid_objs[646]),/* "joint-iso-itu-t" */ &(nid_objs[150]),/* "keyBag" */ +&(nid_objs[773]),/* "kisa" */ &(nid_objs[477]),/* "lastModifiedBy" */ &(nid_objs[476]),/* "lastModifiedTime" */ &(nid_objs[157]),/* "localKeyID" */ @@ -3253,6 +3671,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[18]),/* "organizationalUnitName" */ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ +&(nid_objs[782]),/* "password based MAC" */ &(nid_objs[374]),/* "path" */ &(nid_objs[621]),/* "payment gateway capabilities" */ &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ @@ -3371,6 +3790,10 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[733]),/* "sect571k1" */ &(nid_objs[734]),/* "sect571r1" */ &(nid_objs[635]),/* "secure device signature" */ +&(nid_objs[777]),/* "seed-cbc" */ +&(nid_objs[779]),/* "seed-cfb" */ +&(nid_objs[776]),/* "seed-ecb" */ +&(nid_objs[778]),/* "seed-ofb" */ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[625]),/* "set-addPolicy" */ &(nid_objs[515]),/* "set-attr" */ @@ -3534,6 +3957,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ &(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ +&(nid_objs[804]),/* "whirlpool" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -3739,6 +4163,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ &(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ &(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ +&(nid_objs[805]),/* OBJ_cryptopro 1 2 643 2 2 */ +&(nid_objs[806]),/* OBJ_cryptocom 1 2 643 2 9 */ &(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ &(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ &(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ @@ -3809,8 +4235,20 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ &(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ &(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ +&(nid_objs[804]),/* OBJ_whirlpool 1 0 10118 3 0 55 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ +&(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ +&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ +&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ +&(nid_objs[809]),/* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ +&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ +&(nid_objs[811]),/* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ +&(nid_objs[812]),/* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ +&(nid_objs[813]),/* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ +&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ +&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ +&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ +&(nid_objs[818]),/* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ &(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ &(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ @@ -3823,6 +4261,36 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ &(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ &(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ +&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ +&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ +&(nid_objs[845]),/* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ +&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ +&(nid_objs[847]),/* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ +&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ +&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ +&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ +&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ +&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ +&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ +&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ +&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ +&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ +&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ +&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ +&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ +&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ +&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ +&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ +&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ +&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ +&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ +&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ +&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ +&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ +&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ +&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ +&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ +&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ &(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ &(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ &(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ @@ -3833,6 +4301,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ &(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ &(nid_objs[416]),/* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +&(nid_objs[792]),/* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ &(nid_objs[258]),/* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ &(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ &(nid_objs[259]),/* OBJ_id_qt 1 3 6 1 5 5 7 2 */ @@ -3861,6 +4331,16 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[768]),/* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ &(nid_objs[759]),/* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ &(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ +&(nid_objs[776]),/* OBJ_seed_ecb 1 2 410 200004 1 3 */ +&(nid_objs[777]),/* OBJ_seed_cbc 1 2 410 200004 1 4 */ +&(nid_objs[779]),/* OBJ_seed_cfb128 1 2 410 200004 1 5 */ +&(nid_objs[778]),/* OBJ_seed_ofb128 1 2 410 200004 1 6 */ +&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ +&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ +&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ +&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ +&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ +&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ &(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ &(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ &(nid_objs[187]),/* OBJ_pkcs5 1 2 840 113549 1 5 */ @@ -3869,7 +4349,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */ &(nid_objs[257]),/* OBJ_md4 1 2 840 113549 2 4 */ &(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */ +&(nid_objs[797]),/* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ &(nid_objs[163]),/* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ +&(nid_objs[798]),/* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ +&(nid_objs[799]),/* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ +&(nid_objs[800]),/* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ +&(nid_objs[801]),/* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ &(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */ &(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ @@ -3903,6 +4388,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[413]),/* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ &(nid_objs[414]),/* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ &(nid_objs[415]),/* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ &(nid_objs[269]),/* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ &(nid_objs[270]),/* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ &(nid_objs[271]),/* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ @@ -3959,6 +4448,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[310]),/* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ &(nid_objs[311]),/* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ &(nid_objs[312]),/* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +&(nid_objs[784]),/* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ &(nid_objs[313]),/* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ &(nid_objs[314]),/* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ &(nid_objs[323]),/* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ @@ -4008,6 +4498,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ &(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ &(nid_objs[364]),/* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +&(nid_objs[785]),/* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +&(nid_objs[780]),/* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +&(nid_objs[781]),/* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ &(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ &(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ &(nid_objs[438]),/* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ @@ -4016,6 +4509,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[441]),/* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ &(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +&(nid_objs[783]),/* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ &(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ &(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ @@ -4060,6 +4555,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[682]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ &(nid_objs[683]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ &(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +&(nid_objs[856]),/* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ &(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ &(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ &(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ @@ -4085,18 +4581,23 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ &(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ &(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ &(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ &(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ &(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ &(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ &(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ &(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ &(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ &(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ &(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ &(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ &(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ &(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ +&(nid_objs[802]),/* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ +&(nid_objs[803]),/* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ &(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ &(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ &(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ @@ -4213,6 +4714,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ &(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ &(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ &(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ &(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ &(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ @@ -4249,6 +4752,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ &(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ &(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ &(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ &(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ &(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index f447bbe69af8c..05fcbe7aa1f22 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -97,6 +97,16 @@ #define NID_identified_organization 676 #define OBJ_identified_organization OBJ_iso,3L +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + #define SN_certicom_arc "certicom-arc" #define NID_certicom_arc 677 #define OBJ_certicom_arc OBJ_identified_organization,132L @@ -305,6 +315,30 @@ #define NID_ecdsa_with_SHA1 416 #define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + #define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L #define SN_secp112r1 "secp112r1" @@ -498,6 +532,16 @@ #define NID_pbeWithMD5AndCast5_CBC 112 #define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + #define SN_rsadsi "rsadsi" #define LN_rsadsi "RSA Data Security, Inc." #define NID_rsadsi 1 @@ -785,6 +829,14 @@ #define NID_id_smime_ct_DVCSResponseData 211 #define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -978,6 +1030,11 @@ #define NID_ms_csp_name 417 #define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + #define OBJ_certTypes OBJ_pkcs9,22L #define LN_x509Certificate "x509Certificate" @@ -1075,10 +1132,30 @@ #define LN_md5_sha1 "md5-sha1" #define NID_md5_sha1 114 +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + #define LN_hmacWithSHA1 "hmacWithSHA1" #define NID_hmacWithSHA1 163 #define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + #define SN_rc2_cbc "RC2-CBC" #define LN_rc2_cbc "rc2-cbc" #define NID_rc2_cbc 37 @@ -1513,6 +1590,10 @@ #define NID_id_it_origPKIMessage 312 #define OBJ_id_it_origPKIMessage OBJ_id_it,15L +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L @@ -1748,6 +1829,11 @@ #define NID_ad_dvcs 364 #define OBJ_ad_dvcs OBJ_id_ad,4L +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + #define OBJ_id_pkix_OCSP OBJ_ad_OCSP #define SN_id_pkix_OCSP_basic "basicOCSPResponse" @@ -2323,7 +2409,7 @@ #define SN_zlib_compression "ZLIB" #define LN_zlib_compression "zlib compression" #define NID_zlib_compression 125 -#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L +#define OBJ_zlib_compression OBJ_id_smime_alg,8L #define OBJ_csor 2L,16L,840L,1L,101L,3L @@ -2431,6 +2517,18 @@ #define LN_des_ede3_cfb8 "des-ede3-cfb8" #define NID_des_ede3_cfb8 659 +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + #define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L #define SN_sha256 "SHA256" @@ -2453,6 +2551,16 @@ #define NID_sha224 675 #define OBJ_sha224 OBJ_nist_hashalgs,4L +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + #define SN_hold_instruction_code "holdInstructionCode" #define LN_hold_instruction_code "Hold Instruction Code" #define NID_hold_instruction_code 430 @@ -3318,6 +3426,226 @@ #define LN_ipsec4 "ipsec4" #define NID_ipsec4 750 +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + #define SN_camellia_128_cbc "CAMELLIA-128-CBC" #define LN_camellia_128_cbc "camellia-128-cbc" #define NID_camellia_128_cbc 751 @@ -3406,3 +3734,32 @@ #define LN_camellia_256_cfb8 "camellia-256-cfb8" #define NID_camellia_256_cfb8 765 +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index eaa01787613c0..53c9cb0d6ae6a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -769,3 +769,88 @@ camellia_256_ofb128 768 subject_directory_attributes 769 issuing_distribution_point 770 certificate_issuer 771 +korea 772 +kisa 773 +kftc 774 +npki_alg 775 +seed_ecb 776 +seed_cbc 777 +seed_ofb128 778 +seed_cfb128 779 +hmac_md5 780 +hmac_sha1 781 +id_PasswordBasedMAC 782 +id_DHBasedMac 783 +id_it_suppLangTags 784 +caRepository 785 +id_smime_ct_compressedData 786 +id_ct_asciiTextWithCRLF 787 +id_aes128_wrap 788 +id_aes192_wrap 789 +id_aes256_wrap 790 +ecdsa_with_Recommended 791 +ecdsa_with_Specified 792 +ecdsa_with_SHA224 793 +ecdsa_with_SHA256 794 +ecdsa_with_SHA384 795 +ecdsa_with_SHA512 796 +hmacWithMD5 797 +hmacWithSHA224 798 +hmacWithSHA256 799 +hmacWithSHA384 800 +hmacWithSHA512 801 +dsa_with_SHA224 802 +dsa_with_SHA256 803 +whirlpool 804 +cryptopro 805 +cryptocom 806 +id_GostR3411_94_with_GostR3410_2001 807 +id_GostR3411_94_with_GostR3410_94 808 +id_GostR3411_94 809 +id_HMACGostR3411_94 810 +id_GostR3410_2001 811 +id_GostR3410_94 812 +id_Gost28147_89 813 +gost89_cnt 814 +id_Gost28147_89_MAC 815 +id_GostR3411_94_prf 816 +id_GostR3410_2001DH 817 +id_GostR3410_94DH 818 +id_Gost28147_89_CryptoPro_KeyMeshing 819 +id_Gost28147_89_None_KeyMeshing 820 +id_GostR3411_94_TestParamSet 821 +id_GostR3411_94_CryptoProParamSet 822 +id_Gost28147_89_TestParamSet 823 +id_Gost28147_89_CryptoPro_A_ParamSet 824 +id_Gost28147_89_CryptoPro_B_ParamSet 825 +id_Gost28147_89_CryptoPro_C_ParamSet 826 +id_Gost28147_89_CryptoPro_D_ParamSet 827 +id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +id_GostR3410_94_TestParamSet 831 +id_GostR3410_94_CryptoPro_A_ParamSet 832 +id_GostR3410_94_CryptoPro_B_ParamSet 833 +id_GostR3410_94_CryptoPro_C_ParamSet 834 +id_GostR3410_94_CryptoPro_D_ParamSet 835 +id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +id_GostR3410_2001_TestParamSet 839 +id_GostR3410_2001_CryptoPro_A_ParamSet 840 +id_GostR3410_2001_CryptoPro_B_ParamSet 841 +id_GostR3410_2001_CryptoPro_C_ParamSet 842 +id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +id_GostR3410_94_a 845 +id_GostR3410_94_aBis 846 +id_GostR3410_94_b 847 +id_GostR3410_94_bBis 848 +id_Gost28147_89_cc 849 +id_GostR3410_94_cc 850 +id_GostR3410_2001_cc 851 +id_GostR3411_94_with_GostR3410_94_cc 852 +id_GostR3411_94_with_GostR3410_2001_cc 853 +id_GostR3410_2001_ParamSet_cc 854 +hmac 855 +LocalKeySet 856 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 1ba517a8eb3ff..e009702e553a7 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -11,6 +11,10 @@ iso 2 : member-body : ISO Member Body iso 3 : identified-organization +# HMAC OIDs +identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 +identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 + identified-organization 132 : certicom-arc joint-iso-itu-t 23 : international-organizations : International Organizations @@ -75,6 +79,12 @@ X9-62_primeCurve 7 : prime256v1 !Alias id-ecSigType ansi-X9-62 4 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 +X9-62_id-ecSigType 2 : ecdsa-with-Recommended +X9-62_id-ecSigType 3 : ecdsa-with-Specified +ecdsa-with-Specified 1 : ecdsa-with-SHA224 +ecdsa-with-Specified 2 : ecdsa-with-SHA256 +ecdsa-with-Specified 3 : ecdsa-with-SHA384 +ecdsa-with-Specified 4 : ecdsa-with-SHA512 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" # (http://www.secg.org/) @@ -141,6 +151,10 @@ ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc !Cname pbeWithMD5AndCast5-CBC ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC +# Macs for CMP and CRMF +ISO-US 113533 7 66 13 : id-PasswordBasedMAC : password based MAC +ISO-US 113533 7 66 30 : id-DHBasedMac : Diffie-Hellman based MAC + ISO-US 113549 : rsadsi : RSA Data Security, Inc. rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS @@ -237,6 +251,8 @@ id-smime-ct 5 : id-smime-ct-TDTInfo id-smime-ct 6 : id-smime-ct-contentInfo id-smime-ct 7 : id-smime-ct-DVCSRequestData id-smime-ct 8 : id-smime-ct-DVCSResponseData +id-smime-ct 9 : id-smime-ct-compressedData +id-smime-ct 27 : id-ct-asciiTextWithCRLF # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest @@ -303,6 +319,7 @@ pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name +1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate @@ -338,7 +355,15 @@ rsadsi 2 2 : MD2 : md2 rsadsi 2 4 : MD4 : md4 rsadsi 2 5 : MD5 : md5 : MD5-SHA1 : md5-sha1 +rsadsi 2 6 : : hmacWithMD5 rsadsi 2 7 : : hmacWithSHA1 + +# From RFC4231 +rsadsi 2 8 : : hmacWithSHA224 +rsadsi 2 9 : : hmacWithSHA256 +rsadsi 2 10 : : hmacWithSHA384 +rsadsi 2 11 : : hmacWithSHA512 + rsadsi 3 2 : RC2-CBC : rc2-cbc : RC2-ECB : rc2-ecb !Cname rc2-cfb64 @@ -484,6 +509,7 @@ id-it 12 : id-it-revPassphrase id-it 13 : id-it-implicitConfirm id-it 14 : id-it-confirmWaitTime id-it 15 : id-it-origPKIMessage +id-it 16 : id-it-suppLangTags # CRMF registration id-pkip 1 : id-regCtrl @@ -570,6 +596,7 @@ id-ad 2 : caIssuers : CA Issuers id-ad 3 : ad_timestamping : AD Time Stamping !Cname ad-dvcs id-ad 4 : AD_DVCS : ad dvcs +id-ad 5 : caRepository : CA Repository !Alias id-pkix-OCSP ad-OCSP @@ -768,7 +795,7 @@ mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message !Cname rle-compression 1 1 1 1 666 1 : RLE : run length compression !Cname zlib-compression -1 1 1 1 666 2 : ZLIB : zlib compression +id-smime-alg 8 : ZLIB : zlib compression # AES aka Rijndael @@ -810,6 +837,10 @@ aes 44 : AES-256-CFB : aes-256-cfb : DES-EDE3-CFB1 : des-ede3-cfb1 : DES-EDE3-CFB8 : des-ede3-cfb8 +aes 5 : id-aes128-wrap +aes 25 : id-aes192-wrap +aes 45 : id-aes256-wrap + # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. !Alias nist_hashalgs nistAlgorithms 2 nist_hashalgs 1 : SHA256 : sha256 @@ -817,6 +848,11 @@ nist_hashalgs 2 : SHA384 : sha384 nist_hashalgs 3 : SHA512 : sha512 nist_hashalgs 4 : SHA224 : sha224 +# OIDs for dsa-with-sha224 and dsa-with-sha256 +!Alias dsa_with_sha2 nistAlgorithms 3 +dsa_with_sha2 1 : dsa_with_SHA224 +dsa_with_sha2 2 : dsa_with_SHA256 + # Hold instruction CRL entry extension !Cname hold-instruction-code id-ce 23 : holdInstructionCode : Hold Instruction Code @@ -1054,13 +1090,93 @@ rsadsi 1 1 6 : rsaOAEPEncryptionSET : Oakley-EC2N-3 : ipsec3 : Oakley-EC2N-4 : ipsec4 +iso 0 10118 3 0 55 : whirlpool + +# GOST OIDs + +member-body 643 2 2 : cryptopro +member-body 643 2 9 : cryptocom + +cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001 +cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94 +!Cname id-GostR3411-94 +cryptopro 9 : md_gost94 : GOST R 34.11-94 +cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94 +!Cname id-GostR3410-2001 +cryptopro 19 : gost2001 : GOST R 34.10-2001 +!Cname id-GostR3410-94 +cryptopro 20 : gost94 : GOST R 34.10-94 +!Cname id-Gost28147-89 +cryptopro 21 : gost89 : GOST 28147-89 + : gost89-cnt +!Cname id-Gost28147-89-MAC +cryptopro 22 : gost-mac : GOST 28147-89 MAC +!Cname id-GostR3411-94-prf +cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF +cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH +cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH + +cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing +cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing + +# GOST parameter set OIDs + +cryptopro 30 0 : id-GostR3411-94-TestParamSet +cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet + +cryptopro 31 0 : id-Gost28147-89-TestParamSet +cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet +cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet +cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet +cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet +cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet +cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet +cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet + +cryptopro 32 0 : id-GostR3410-94-TestParamSet +cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet +cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet +cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet +cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet + +cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet +cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet +cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet + +cryptopro 35 0 : id-GostR3410-2001-TestParamSet +cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet +cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet +cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet + +cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet +cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet + +id-GostR3410-94 1 : id-GostR3410-94-a +id-GostR3410-94 2 : id-GostR3410-94-aBis +id-GostR3410-94 3 : id-GostR3410-94-b +id-GostR3410-94 4 : id-GostR3410-94-bBis + +# Cryptocom LTD GOST OIDs + +cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet +!Cname id-GostR3410-94-cc +cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom +!Cname id-GostR3410-2001-cc +cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom + +cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom +cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom + +cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom # Definitions for Camellia cipher - CBC MODE + 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc 1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc 1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc # Definitions for Camellia cipher - ECB, CFB, OFB MODE + !Alias ntt-ds 0 3 4401 5 !Alias camellia ntt-ds 3 1 9 @@ -1091,3 +1207,16 @@ camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb : CAMELLIA-192-CFB8 : camellia-192-cfb8 : CAMELLIA-256-CFB8 : camellia-256-cfb8 +# Definitions for SEED cipher - ECB, CBC, OFB mode + +member-body 410 200004 : KISA : kisa +kisa 1 3 : SEED-ECB : seed-ecb +kisa 1 4 : SEED-CBC : seed-cbc +!Cname seed-cfb128 +kisa 1 5 : SEED-CFB : seed-cfb +!Cname seed-ofb128 +kisa 1 6 : SEED-OFB : seed-ofb + +# There is no OID that just denotes "HMAC" oddly enough... + + : HMAC : hmac diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 53f3364af0c40..a0577a717ef49 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -186,11 +186,11 @@ typedef struct ocsp_resp_bytes_st * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ -typedef struct ocsp_response_st +struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; - } OCSP_RESPONSE; + }; /* ResponderID ::= CHOICE { * byName [1] Name, @@ -198,14 +198,18 @@ typedef struct ocsp_response_st */ #define V_OCSP_RESPID_NAME 0 #define V_OCSP_RESPID_KEY 1 -typedef struct ocsp_responder_id_st +struct ocsp_responder_id_st { int type; union { X509_NAME* byName; ASN1_OCTET_STRING *byKey; } value; - } OCSP_RESPID; + }; + +DECLARE_STACK_OF(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ @@ -397,6 +401,10 @@ typedef struct ocsp_service_locator_st (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); @@ -469,7 +477,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, STACK_OF(ASN1_OBJECT) *sk); #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ -((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk) + ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); @@ -574,6 +582,7 @@ void ERR_load_OCSP_strings(void); #define OCSP_F_OCSP_REQUEST_VERIFY 116 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 #define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_PARSE_HTTP_LINE1 117 #define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c index ad62364f298e4..d2f2e79f444c3 100644 --- a/crypto/ocsp/ocsp_err.c +++ b/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* crypto/ocsp/ocsp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]= {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, +{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, {0,NULL} }; diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 9213e58ae49c1..a8e569b74a0c1 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -1,9 +1,9 @@ /* ocsp_ht.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2000. + * project 2006. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,106 +68,404 @@ #define strtoul (unsigned long)strtol #endif /* OPENSSL_SYS_SUNOS */ -/* Quick and dirty HTTP OCSP request handler. - * Could make this a bit cleverer by adding - * support for non blocking BIOs and a few - * other refinements. - */ +/* Stateful OCSP request code, supporting non-blocking I/O */ -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) -{ - BIO *mem = NULL; - char tmpbuf[1024]; - OCSP_RESPONSE *resp = NULL; - char *p, *q, *r; - int len, retcode; - static char req_txt[] = -"POST %s HTTP/1.0\r\n\ -Content-Type: application/ocsp-request\r\n\ -Content-Length: %d\r\n\r\n"; - - len = i2d_OCSP_REQUEST(req, NULL); - if(BIO_printf(b, req_txt, path, len) < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; - } - if(i2d_OCSP_REQUEST_bio(b, req) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; +/* Opaque OCSP request status structure */ + +struct ocsp_req_ctx_st { + int state; /* Current I/O state */ + unsigned char *iobuf; /* Line buffer */ + int iobuflen; /* Line buffer length */ + BIO *io; /* BIO to perform I/O with */ + BIO *mem; /* Memory BIO response is built into */ + unsigned long asn1_len; /* ASN1 length of response */ + }; + +#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) +#define OCSP_MAX_LINE_LEN 4096; + +/* OCSP states */ + +/* If set no reading should be performed */ +#define OHS_NOREAD 0x1000 +/* Error condition */ +#define OHS_ERROR (0 | OHS_NOREAD) +/* First line being read */ +#define OHS_FIRSTLINE 1 +/* MIME headers being read */ +#define OHS_HEADERS 2 +/* OCSP initial header (tag + length) being read */ +#define OHS_ASN1_HEADER 3 +/* OCSP content octets being read */ +#define OHS_ASN1_CONTENT 4 +/* Request being sent */ +#define OHS_ASN1_WRITE (6 | OHS_NOREAD) +/* Request being flushed */ +#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) +/* Completed */ +#define OHS_DONE (8 | OHS_NOREAD) + + +static int parse_http_line1(char *line); + +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) + { + if (rctx->mem) + BIO_free(rctx->mem); + if (rctx->iobuf) + OPENSSL_free(rctx->iobuf); + OPENSSL_free(rctx); } - if(!(mem = BIO_new(BIO_s_mem()))) goto err; - /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { - if(len < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); - goto err; + +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline) + { + static char post_hdr[] = "POST %s HTTP/1.0\r\n" + "Content-Type: application/ocsp-request\r\n" + "Content-Length: %d\r\n\r\n"; + + OCSP_REQ_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); + rctx->state = OHS_FIRSTLINE; + rctx->mem = BIO_new(BIO_s_mem()); + rctx->io = io; + if (maxline > 0) + rctx->iobuflen = maxline; + else + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, post_hdr, path, + i2d_OCSP_REQUEST(req, NULL)) <= 0) + { + rctx->state = OHS_ERROR; + return 0; } - BIO_write(mem, tmpbuf, len); - } - if(BIO_gets(mem, tmpbuf, 512) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) + { + rctx->state = OHS_ERROR; + return 0; + } + rctx->state = OHS_ASN1_WRITE; + rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); + + return rctx; } - /* Parse the HTTP response. This will look like this: - * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * (optional) informational message. - */ +/* Parse the HTTP response. This will look like this: + * "HTTP/1.0 200 OK". We need to obtain the numeric code and + * (optional) informational message. + */ + +static int parse_http_line1(char *line) + { + int retcode; + char *p, *q, *r; /* Skip to first white space (passed protocol info) */ - for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + + for(p = line; *p && !isspace((unsigned char)*p); p++) + continue; + if(!*p) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Skip past white space to start of response code */ - while(*p && isspace((unsigned char)*p)) p++; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + while(*p && isspace((unsigned char)*p)) + p++; + + if(!*p) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Find end of response code: first whitespace after start of code */ - for(q = p; *q && !isspace((unsigned char)*q); q++) continue; - if(!*q) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; - } + for(q = p; *q && !isspace((unsigned char)*q); q++) + continue; + + if(!*q) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, + OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + /* Set end of response code and start of message */ *q++ = 0; + /* Attempt to parse numeric code */ retcode = strtoul(p, &r, 10); - if(*r) goto err; + + if(*r) + return 0; + /* Skip over any leading white space in message */ - while(*q && isspace((unsigned char)*q)) q++; - if(*q) { - /* Finally zap any trailing white space in message (include CRLF) */ - /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; - } - if(retcode != 200) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - if(!*q) { - ERR_add_error_data(2, "Code=", p); + while(*q && isspace((unsigned char)*q)) + q++; + + if(*q) + { + /* Finally zap any trailing white space in message (include + * CRLF) */ + + /* We know q has a non white space character so this is OK */ + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) + *r = 0; } - else { + if(retcode != 200) + { + OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); + if(!*q) + ERR_add_error_data(2, "Code=", p); + else ERR_add_error_data(4, "Code=", p, ",Reason=", q); + return 0; } - goto err; + + + return 1; + } - /* Find blank line marking beginning of content */ - while(BIO_gets(mem, tmpbuf, 512) > 0) + +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) { - for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue; - if(!*p) break; - } - if(*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT); - goto err; + int i, n; + const unsigned char *p; + next_io: + if (!(rctx->state & OHS_NOREAD)) + { + n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + return 0; + } + + /* Write data to memory BIO */ + + if (BIO_write(rctx->mem, rctx->iobuf, n) != n) + return 0; + } + + switch(rctx->state) + { + + case OHS_ASN1_WRITE: + n = BIO_get_mem_data(rctx->mem, &p); + + i = BIO_write(rctx->io, + p + (n - rctx->asn1_len), rctx->asn1_len); + + if (i <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len -= i; + + if (rctx->asn1_len > 0) + goto next_io; + + rctx->state = OHS_ASN1_FLUSH; + + (void)BIO_reset(rctx->mem); + + case OHS_ASN1_FLUSH: + + i = BIO_flush(rctx->io); + + if (i > 0) + { + rctx->state = OHS_FIRSTLINE; + goto next_io; + } + + if (BIO_should_retry(rctx->io)) + return -1; + + rctx->state = OHS_ERROR; + return 0; + + case OHS_ERROR: + return 0; + + case OHS_FIRSTLINE: + case OHS_HEADERS: + + /* Attempt to read a line in */ + + next_line: + /* Due to &%^*$" memory BIO behaviour with BIO_gets we + * have to check there's a complete line in there before + * calling BIO_gets or we'll just get a partial read. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if ((n <= 0) || !memchr(p, '\n', n)) + { + if (n >= rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + goto next_io; + } + n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->mem)) + goto next_io; + rctx->state = OHS_ERROR; + return 0; + } + + /* Don't allow excessive lines */ + if (n == rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* First line */ + if (rctx->state == OHS_FIRSTLINE) + { + if (parse_http_line1((char *)rctx->iobuf)) + { + rctx->state = OHS_HEADERS; + goto next_line; + } + else + { + rctx->state = OHS_ERROR; + return 0; + } + } + else + { + /* Look for blank line: end of headers */ + for (p = rctx->iobuf; *p; p++) + { + if ((*p != '\r') && (*p != '\n')) + break; + } + if (*p) + goto next_line; + + rctx->state = OHS_ASN1_HEADER; + + } + + /* Fall thru */ + + + case OHS_ASN1_HEADER: + /* Now reading ASN1 header: can read at least 6 bytes which + * is more than enough for any valid ASN1 SEQUENCE header + */ + n = BIO_get_mem_data(rctx->mem, &p); + if (n < 6) + goto next_io; + + /* Check it is an ASN1 SEQUENCE */ + if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* Check out length field */ + if (*p & 0x80) + { + n = *p & 0x7F; + /* Not NDEF or excessive length */ + if (!n || (n > 4)) + { + rctx->state = OHS_ERROR; + return 0; + } + p++; + rctx->asn1_len = 0; + for (i = 0; i < n; i++) + { + rctx->asn1_len <<= 8; + rctx->asn1_len |= *p++; + } + + if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) + { + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len += n + 2; + } + else + rctx->asn1_len = *p + 2; + + rctx->state = OHS_ASN1_CONTENT; + + /* Fall thru */ + + case OHS_ASN1_CONTENT: + n = BIO_get_mem_data(rctx->mem, &p); + if (n < (int)rctx->asn1_len) + goto next_io; + + + *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); + if (*presp) + { + rctx->state = OHS_DONE; + return 1; + } + + rctx->state = OHS_ERROR; + return 0; + + break; + + case OHS_DONE: + return 1; + + } + + + + return 0; + + } - if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR); - goto err; + +/* Blocking OCSP request handler: now a special case of non-blocking I/O */ + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) + { + OCSP_RESPONSE *resp = NULL; + OCSP_REQ_CTX *ctx; + int rv; + + ctx = OCSP_sendreq_new(b, path, req, -1); + + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); + } while ((rv == -1) && BIO_should_retry(b)); + + OCSP_REQ_CTX_free(ctx); + + if (rv) + return resp; + + return NULL; } - err: - BIO_free(mem); - return resp; -} diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h index 4620e0e530e4a..bc74539f90cc9 100644 --- a/crypto/opensslconf.h +++ b/crypto/opensslconf.h @@ -7,6 +7,12 @@ #ifndef OPENSSL_NO_CAMELLIA # define OPENSSL_NO_CAMELLIA #endif +#ifndef OPENSSL_NO_CAPIENG +# define OPENSSL_NO_CAPIENG +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -22,6 +28,12 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ #ifndef OPENSSL_NO_DYNAMIC_ENGINE @@ -36,6 +48,12 @@ # if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) # define NO_CAMELLIA # endif +# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) +# define NO_CAPIENG +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -51,6 +69,12 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 8a5b34e4f077e..5bdd370ac915f 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090805fL +#define OPENSSL_VERSION_NUMBER 0x0090809fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips 23 Feb 2007" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e 23 Feb 2007" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index 9c335a181909d..734200428f6de 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -97,6 +97,7 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif @@ -139,6 +140,8 @@ typedef struct X509_crl_st X509_CRL; typedef struct X509_name_st X509_NAME; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; typedef struct v3_ext_ctx X509V3_CTX; typedef struct conf_st CONF; @@ -171,4 +174,8 @@ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp); +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index c28706ddc0331..670afa670bafe 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -133,6 +133,7 @@ extern "C" { #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_CMS "CMS" /* Note that this structure is initialised by PEM_SealInit and cleaned up by PEM_SealFinal (at least for now) */ @@ -220,19 +221,28 @@ typedef struct pem_ctx_st #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ -return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \ + return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ + str, fp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u); \ } #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ -return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ + return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(type, x), \ + NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, const type *x) \ { \ -return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ + return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(const type, x), \ + NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ @@ -240,7 +250,10 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ @@ -248,7 +261,10 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(const type, x), \ + enc, kstr, klen, cb, u); \ } #endif @@ -256,33 +272,48 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ -return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \ + return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ + str, bp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ -return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(type, x), \ + NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, const type *x) \ { \ -return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(const type, x), \ + NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(const type, x), \ + enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ @@ -545,13 +576,22 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char pem_password_cb *cb, void *u); void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u); + #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ -((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u) + ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ + name, bp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u)) + int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); + #define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ - ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u) + (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ + name, bp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u)) STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 1644dfcaac731..3a273f6f70b74 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -205,7 +205,7 @@ start: if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) goto err; xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); + pp=&xi->x_pkey->dec_pkey->pkey.dsa; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index ef1a4ce656855..a4af769b4a64d 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -57,9 +57,18 @@ # lea .Label-.Lpic_point(%rcx),%rbp my $output = shift; -open STDOUT,">$output" || die "can't open $output: $!"; -my $masm=1 if ($output =~ /\.asm/); +{ my ($stddev,$stdino,@junk)=stat(STDOUT); + my ($outdev,$outino,@junk)=stat($output); + + open STDOUT,">$output" || die "can't open $output: $!" + if ($stddev!=$outdev || $stdino!=$outino); +} + +my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005 +my $masm=$masmref if ($output =~ /\.asm/); +if ($masm && `ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/) +{ $masm=$1 + $2*2**-16 + $4*2**-32; } my $current_segment; my $current_function; @@ -70,16 +79,18 @@ my $current_function; local *line = shift; undef $ret; - if ($line =~ /^([a-z]+)/i) { + if ($line =~ /^([a-z][a-z0-9]*)/i) { $self->{op} = $1; $ret = $self; $line = substr($line,@+[0]); $line =~ s/^\s+//; undef $self->{sz}; - if ($self->{op} =~ /(movz)b.*/) { # movz is pain... + if ($self->{op} =~ /^(movz)b.*/) { # movz is pain... $self->{op} = $1; $self->{sz} = "b"; - } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])/) { + } elsif ($self->{op} =~ /call/) { + $self->{sz} = "" + } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { $self->{op} = $1; $self->{sz} = $2; } @@ -95,15 +106,17 @@ my $current_function; sub out { my $self = shift; if (!$masm) { - if ($self->{op} eq "movz") { # movz in pain... + if ($self->{op} eq "movz") { # movz is pain... sprintf "%s%s%s",$self->{op},$self->{sz},shift; + } elsif ($self->{op} =~ /^set/) { + "$self->{op}"; } elsif ($self->{op} eq "ret") { ".byte 0xf3,0xc3"; } else { "$self->{op}$self->{sz}"; } } else { - $self->{op} =~ s/movz/movzx/; + $self->{op} =~ s/^movz/movzx/; if ($self->{op} eq "ret") { $self->{op} = ""; if ($current_function->{abi} eq "svr4") { @@ -133,6 +146,10 @@ my $current_function; my $self = shift; if (!$masm) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} + $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; sprintf "\$%s",$self->{value}; } else { $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig; @@ -163,14 +180,16 @@ my $current_function; my $self = shift; my $sz = shift; + # Silently convert all EAs to 64-bit. This is required for + # elder GNU assembler and results in more compact code, + # *but* most importantly AES module depends on this feature! + $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; + $self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; + if (!$masm) { - # elder GNU assembler insists on 64-bit EAs:-( - # on pros side, this results in more compact code:-) - $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; - $self->{base} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{label} - $self->{label} =~ s/(?{label} =~ s/(?{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; if (defined($self->{index})) { @@ -192,6 +211,8 @@ my $current_function; $self->{label}, $self->{index},$self->{scale}, $self->{base}; + } elsif ($self->{base} eq "rip") { + sprintf "%s PTR %s",$szmap{$sz},$self->{label}; } else { sprintf "%s PTR %s[%s]",$szmap{$sz}, $self->{label},$self->{base}; @@ -317,6 +338,10 @@ my $current_function; $line =~ s/\@function.*/\@function/; if ($line =~ /\.picmeup\s+(%r[\w]+)/i) { $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1}; + } elsif ($line =~ /\.asciz\s+"(.*)"$/) { + $self->{value} = ".byte\t".join(",",unpack("C*",$1),0); + } elsif ($line =~ /\.extern/) { + $self->{value} = ""; # swallow extern } else { $self->{value} = $line; } @@ -334,10 +359,13 @@ my $current_function; $v="$current_segment\tENDS\n" if ($current_segment); $current_segment = "_$1\$"; $current_segment =~ tr/[a-z]/[A-Z]/; - $v.="$current_segment\tSEGMENT ALIGN(64) 'CODE'"; + $v.="$current_segment\tSEGMENT "; + $v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE"; + $v.=" 'CODE'"; $self->{value} = $v; last; }; + /\.extern/ && do { $self->{value} = "EXTRN\t".$line.":BYTE"; last; }; /\.globl/ && do { $self->{value} = "PUBLIC\t".$line; last; }; /\.type/ && do { ($sym,$type,$narg) = split(',',$line); if ($type eq "\@function") { @@ -362,16 +390,33 @@ my $current_function; && do { my @arr = split(',',$line); my $sz = substr($1,0,1); my $last = pop(@arr); + my $conv = sub { my $var=shift; + if ($var=~s/0x([0-9a-f]+)/0$1h/i) { $var; } + else { sprintf"0%Xh",$var; } + }; $sz =~ tr/bvlq/BWDQ/; $self->{value} = "\tD$sz\t"; - for (@arr) { $self->{value} .= sprintf"0%Xh,",oct; } - $self->{value} .= sprintf"0%Xh",oct($last); + for (@arr) { $self->{value} .= &$conv($_).","; } + $self->{value} .= &$conv($last); last; }; /\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line}; last; }; + /\.asciz/ && do { if ($line =~ /^"(.*)"$/) { + my @str=unpack("C*",$1); + push @str,0; + while ($#str>15) { + $self->{value}.="DB\t" + .join(",",@str[0..15])."\n"; + foreach (0..15) { shift @str; } + } + $self->{value}.="DB\t" + .join(",",@str) if (@str); + } + last; + }; } $line = ""; } @@ -480,7 +525,10 @@ close STDOUT; # arguments passed to callee, *but* not less than 4! This means that # upon function entry point 5th argument resides at 40(%rsp), as well # as that 32 bytes from 8(%rsp) can always be used as temporal -# storage [without allocating a frame]. +# storage [without allocating a frame]. One can actually argue that +# one can assume a "red zone" above stack pointer under Win64 as well. +# Point is that at apparently no occasion Windows kernel would alter +# the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix # register and stack layout, but disregards the "red zone" existense, diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index 82538a9a9af8a..a0be2934c2076 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -146,6 +146,7 @@ sub main'exch { &out2("xchg",@_); } sub main'cmp { &out2("cmp",@_); } sub main'lea { &out2("lea",@_); } sub main'mul { &out1("mul",@_); } +sub main'imul { &out2("imul",@_); } sub main'div { &out1("div",@_); } sub main'dec { &out1("dec",@_); } sub main'inc { &out1("inc",@_); } @@ -204,16 +205,17 @@ sub main'pand { &out2("pand",@_); } sub out2 { local($name,$p1,$p2)=@_; - local($l,$t); + local($l,$t,$line); - push(@out,"\t$name\t"); + $line="\t$name\t"; $t=&conv($p1).","; $l=length($t); - push(@out,$t); + $line.="$t"; $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); + $line.="\t" x $l; + $line.=&conv($p2); + if ($line=~/\bxmm[0-7]\b/i) { $line=~s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i; } + push(@out,$line."\n"); } sub out0 @@ -338,11 +340,17 @@ EOF sub main'file_end { # try to detect if SSE2 or MMX extensions were used... - if (grep {/xmm[0-7]\s*,/i} @out) { - grep {s/\.[3-7]86/\.686\n\t\.XMM/} @out; - } - elsif (grep {/mm[0-7]\s*,/i} @out) { - grep {s/\.[3-7]86/\.686\n\t\.MMX/} @out; + my $xmmheader=<<___; +.686 +.XMM +IF \@Version LT 800 +XMMWORD STRUCT 16 + DQ 2 dup (?) +XMMWORD ENDS +ENDIF +___ + if (grep {/\b[x]?mm[0-7]\b/i} @out) { + grep {s/\.[3-7]86/$xmmheader/} @out; } push(@out,"_TEXT\$ ENDS\n"); push(@out,"END\n"); diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index b6dfcbdf02c66..fa38f89c09fc7 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -154,6 +154,7 @@ sub main'exch { &out2("xchg",@_); } sub main'cmp { &out2("cmp",@_); } sub main'lea { &out2("lea",@_); } sub main'mul { &out1("mul",@_); } +sub main'imul { &out2("imul",@_); } sub main'div { &out1("div",@_); } sub main'dec { &out1("dec",@_); } sub main'inc { &out1("inc",@_); } @@ -281,6 +282,7 @@ sub main'function_begin my($func,$extra)=@_; push(@labels,$func); + push(@out,".") if ($main'mwerks); my($tmp)=<<"EOF"; global $under$func $under$func: @@ -296,6 +298,7 @@ EOF sub main'function_begin_B { my($func,$extra)=@_; + push(@out,".") if ($main'mwerks); my($tmp)=<<"EOF"; global $under$func $under$func: @@ -375,6 +378,7 @@ sub main'comment sub main'public_label { $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); + push(@out,".") if ($main'mwerks); push(@out,"global\t$label{$_[0]}\n"); } diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index e71050b6bcb51..a4c947165e535 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -171,6 +171,7 @@ sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); } sub main'cmp { &out2("cmpl",@_); } sub main'lea { &out2("leal",@_); } sub main'mul { &out1("mull",@_); } +sub main'imul { &out2("imull",@_); } sub main'div { &out1("divl",@_); } sub main'jmp { &out1("jmp",@_); } sub main'jmp_ptr { &out1p("jmp",@_); } @@ -541,50 +542,13 @@ sub main'set_label sub main'file_end { # try to detect if SSE2 or MMX extensions were used on ELF platform... - if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) { + if ($main'elf && grep {/\b%[x]*mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) { local($tmp); push (@out,"\n.section\t.bss\n"); push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n"); - push (@out,".section\t.init\n"); - # One can argue that it's wasteful to craft every - # SSE/MMX module with this snippet... Well, it's 72 - # bytes long and for the moment we have two modules. - # Let's argue when we have 7 modules or so... - # - # $1<<10 sets a reserved bit to signal that variable - # was initialized already... - &main'picmeup("edx","OPENSSL_ia32cap_P"); - $tmp=<<___; - cmpl \$0,(%edx) - jne 1f - movl \$1<<10,(%edx) - pushf - popl %eax - movl %eax,%ecx - xorl \$1<<21,%eax - pushl %eax - popf - pushf - popl %eax - xorl %ecx,%eax - btl \$21,%eax - jnc 1f - pushl %edi - pushl %ebx - movl %edx,%edi - movl \$1,%eax - .byte 0x0f,0xa2 - orl \$1<<10,%edx - movl %edx,0(%edi) - popl %ebx - popl %edi - jmp 1f - .align $align - 1: -___ - push (@out,$tmp); + return; } if ($const ne "") diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index dbafda17b681c..9748256b6fe1c 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -63,6 +63,19 @@ static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); +static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) + { + int idx; + X509_ATTRIBUTE *attr; + idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); + if (idx < 0) + return 1; + attr = EVP_PKEY_get_attr(pkey, idx); + if (!X509at_add1_attr(&bag->attrib, attr)) + return 0; + return 1; + } + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype) @@ -122,20 +135,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, if (pkey) { - int cspidx; bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); if (!bag) goto err; - cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); - if (cspidx >= 0) - { - X509_ATTRIBUTE *cspattr; - cspattr = EVP_PKEY_get_attr(pkey, cspidx); - if (!X509at_add1_attr(&bag->attrib, cspattr)) - goto err; - } + if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) + goto err; + if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) + goto err; if(name && !PKCS12_add_friendlyname(bag, name, -1)) goto err; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 134746c1864f4..17b68992f7dbf 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -121,7 +121,7 @@ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) } bio = BIO_push(b64, bio); i2d_PKCS7_bio(bio, p7); - BIO_flush(bio); + (void)BIO_flush(bio); bio = BIO_pop(bio); BIO_free(b64); return 1; @@ -138,7 +138,7 @@ static PKCS7 *B64_read_PKCS7(BIO *bio) bio = BIO_push(b64, bio); if(!(p7 = d2i_PKCS7_bio(bio, NULL))) PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); - BIO_flush(bio); + (void)BIO_flush(bio); bio = BIO_pop(bio); BIO_free(b64); return p7; @@ -377,57 +377,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) } -/* Copy text from one BIO to another making the output CRLF at EOL */ -int SMIME_crlf_copy(BIO *in, BIO *out, int flags) -{ - char eol; - int len; - char linebuf[MAX_SMLEN]; - if(flags & PKCS7_BINARY) { - while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) - BIO_write(out, linebuf, len); - return 1; - } - if(flags & PKCS7_TEXT) - BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = strip_eol(linebuf, &len); - if (len) - BIO_write(out, linebuf, len); - if(eol) BIO_write(out, "\r\n", 2); - } - return 1; -} - -/* Strip off headers if they are text/plain */ -int SMIME_text(BIO *in, BIO *out) -{ - char iobuf[4096]; - int len; - STACK_OF(MIME_HEADER) *headers; - MIME_HEADER *hdr; - - if (!(headers = mime_parse_hdr(in))) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); - return 0; - } - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - if (strcmp (hdr->value, "text/plain")) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) - BIO_write(out, iobuf, len); - return 1; -} - /* Split a multipart/XXX message body into component parts: result is * canonical parts in a STACK of bios */ diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index fab85137b7895..5c6b0fe24bccb 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -426,7 +426,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, SMIME_crlf_copy(in, p7bio, flags); - BIO_flush(p7bio); + (void)BIO_flush(p7bio); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); diff --git a/crypto/pqueue/pq_compat.h b/crypto/pqueue/pq_compat.h index 28c58a0261d95..fd365788822ca 100644 --- a/crypto/pqueue/pq_compat.h +++ b/crypto/pqueue/pq_compat.h @@ -57,7 +57,7 @@ * */ -#include "opensslconf.h" +#include #include /* diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index 3c1ab5bbaef32..27694aa664989 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -97,14 +97,19 @@ rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c -rand_lib.o: ../../e_os.h ../../include/openssl/bio.h -rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rand_lib.o: ../../include/openssl/opensslconf.h +rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h +rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rand_lib.o: ../cryptlib.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c index ba57812788757..f177ffbe82b08 100644 --- a/crypto/rand/rand_nw.c +++ b/crypto/rand/rand_nw.c @@ -117,9 +117,15 @@ #if defined(NETWARE_LIBC) #include +#else +#include #endif -extern long RunningProcess; +extern int GetProcessSwitchCount(void); +#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) +extern void *RunningProcess; /* declare here same as found in newer NDKs */ +extern unsigned long GetSuperHighResolutionTimer(void); +#endif /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed */ @@ -142,7 +148,8 @@ int RAND_poll(void) l = GetProcessSwitchCount(); RAND_add(&l,sizeof(l),1); - l=RunningProcess; + /* need to cast the void* to unsigned long here */ + l = (unsigned long)RunningProcess; RAND_add(&l,sizeof(l),1); for( i=2; i 0) { diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 7857c95fbfcdf..187ed5c6684a7 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -10,7 +10,7 @@ INCLUDES= CFLAG=-g AR= ar r -RC4_ENC=rc4_enc.o +RC4_ENC=rc4_enc.o rc4_skey.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -22,7 +22,7 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=rc4_skey.c rc4_enc.c -LIBOBJ=rc4_skey.o $(RC4_ENC) +LIBOBJ=$(RC4_ENC) SRC= $(LIBSRC) diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl index 22bda4b451e99..ef7eee766cb96 100644 --- a/crypto/rc4/asm/rc4-586.pl +++ b/crypto/rc4/asm/rc4-586.pl @@ -212,11 +212,11 @@ sub RC4 &movz ($ty,&BP(0,$d,$ty)); &add (&LB($x),1); &xorb (&LB($ty),&BP(0,$in)); - &lea ($in,&BP(1,$in)); + &lea ($in,&DWP(1,$in)); &movz ($tx,&BP(0,$d,$x)); &cmp ($in,&swtmp(2)); &movb (&BP(0,$out),&LB($ty)); - &lea ($out,&BP(1,$out)); + &lea ($out,&DWP(1,$out)); &jb (&label("RC4_CHAR_loop")); &set_label("finished"); diff --git a/crypto/rc4/asm/rc4-ia64.S b/crypto/rc4/asm/rc4-ia64.S index a322d0c718e50..8210c47d049d3 100644 --- a/crypto/rc4/asm/rc4-ia64.S +++ b/crypto/rc4/asm/rc4-ia64.S @@ -75,14 +75,13 @@ yy=r31; .skip 16 RC4: .prologue - .fframe 0 .save ar.pfs,r2 - .save ar.lc,r3 - .save pr,prsave { .mii; alloc r2=ar.pfs,4,12,0,16 + .save pr,prsave mov prsave=pr ADDP key=0,in0 };; { .mib; cmp.eq p6,p0=0,in1 // len==0? + .save ar.lc,r3 mov r3=ar.lc (p6) br.ret.spnt.many b0 };; // emergency exit diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 4b990cba077e2..2d473204854c2 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -2,8 +2,9 @@ # # ==================================================================== # Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. # ==================================================================== # # 2.22x RC4 tune-up:-) It should be noted though that my hand [as in @@ -49,8 +50,22 @@ # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. +# Intel Core2 was observed to perform poorly on both code paths:-( It +# apparently suffers from some kind of partial register stall, which +# occurs in 64-bit mode only [as virtually identical 32-bit loop was +# observed to outperform 64-bit one by almost 50%]. Adding two movzb to +# cloop1 boosts its performance by 80%! This loop appears to be optimal +# fit for Core2 and therefore the code was modified to skip cloop8 on +# this CPU. + $output=shift; -open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $output"; $dat="%rdi"; # arg1 $len="%rsi"; # arg2 @@ -152,6 +167,8 @@ $code.=<<___; movzb ($dat,$XX[0]),$TX[0]#d test \$-8,$len jz .Lcloop1 + cmp \$0,260($dat) + jnz .Lcloop1 push %rbx jmp .Lcloop8 .align 16 @@ -221,6 +238,8 @@ $code.=<<___; movb $TY#b,($dat,$XX[0]) add $TX[0]#b,$TY#b add \$1,$XX[0]#b + movzb $TY#b,$TY#d + movzb $XX[0]#b,$XX[0]#d movzb ($dat,$TY),$TY#d movzb ($dat,$XX[0]),$TX[0]#d xorb ($inp),$TY#b @@ -233,6 +252,111 @@ $code.=<<___; .size RC4,.-RC4 ___ +$idx="%r8"; +$ido="%r9"; + +$code.=<<___; +.extern OPENSSL_ia32cap_P +.globl RC4_set_key +.type RC4_set_key,\@function,3 +.align 16 +RC4_set_key: + lea 8($dat),$dat + lea ($inp,$len),$inp + neg $len + mov $len,%rcx + xor %eax,%eax + xor $ido,$ido + xor %r10,%r10 + xor %r11,%r11 + + mov OPENSSL_ia32cap_P(%rip),$idx#d + bt \$20,$idx#d + jnc .Lw1stloop + bt \$30,$idx#d + setc $ido#b + mov $ido#d,260($dat) + jmp .Lc1stloop + +.align 16 +.Lw1stloop: + mov %eax,($dat,%rax,4) + add \$1,%al + jnc .Lw1stloop + + xor $ido,$ido + xor $idx,$idx +.align 16 +.Lw2ndloop: + mov ($dat,$ido,4),%r10d + add ($inp,$len,1),$idx#b + add %r10b,$idx#b + add \$1,$len + mov ($dat,$idx,4),%r11d + cmovz %rcx,$len + mov %r10d,($dat,$idx,4) + mov %r11d,($dat,$ido,4) + add \$1,$ido#b + jnc .Lw2ndloop + jmp .Lexit_key + +.align 16 +.Lc1stloop: + mov %al,($dat,%rax) + add \$1,%al + jnc .Lc1stloop + + xor $ido,$ido + xor $idx,$idx +.align 16 +.Lc2ndloop: + mov ($dat,$ido),%r10b + add ($inp,$len),$idx#b + add %r10b,$idx#b + add \$1,$len + mov ($dat,$idx),%r11b + jnz .Lcnowrap + mov %rcx,$len +.Lcnowrap: + mov %r10b,($dat,$idx) + mov %r11b,($dat,$ido) + add \$1,$ido#b + jnc .Lc2ndloop + movl \$-1,256($dat) + +.align 16 +.Lexit_key: + xor %eax,%eax + mov %eax,-8($dat) + mov %eax,-4($dat) + ret +.size RC4_set_key,.-RC4_set_key + +.globl RC4_options +.type RC4_options,\@function,0 +.align 16 +RC4_options: + .picmeup %rax + lea .Lopts-.(%rax),%rax + mov OPENSSL_ia32cap_P(%rip),%edx + bt \$20,%edx + jnc .Ldone + add \$12,%rax + bt \$30,%edx + jnc .Ldone + add \$13,%rax +.Ldone: + ret +.align 64 +.Lopts: +.asciz "rc4(8x,int)" +.asciz "rc4(8x,char)" +.asciz "rc4(1x,char)" +.asciz "RC4 for x86_64, CRYPTOGAMS by " +.align 64 +.size RC4_options,.-RC4_options +___ + $code =~ s/#([bwd])/$1/gm; print $code; diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index b22c40b0bd064..46b77ec32169e 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -119,14 +119,15 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * implementations suffer from significant performance * losses then, e.g. PIII exhibits >2x deterioration, * and so does Opteron. In order to assure optimal - * all-round performance, let us [try to] detect P4 at - * run-time by checking upon HTT bit in CPU capability + * all-round performance, we detect P4 at run-time by + * checking upon reserved bit 20 in CPU capability * vector and set up compressed key schedule, which is * recognized by correspondingly updated assembler - * module... + * module... Bit 20 is set up by OPENSSL_ia32_cpuid. + * * */ - if (OPENSSL_ia32cap_P & (1<<28)) { + if (OPENSSL_ia32cap_P & (1<<20)) { unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl index 0ab6f76bfffb4..4f3c4c967f514 100644 --- a/crypto/ripemd/asm/rmd-586.pl +++ b/crypto/ripemd/asm/rmd-586.pl @@ -1,7 +1,7 @@ #!/usr/local/bin/perl # Normal is the -# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks); +# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks); $normal=0; @@ -56,7 +56,7 @@ $KR3=0x7A6D76E9; 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, ); -&ripemd160_block("ripemd160_block_asm_host_order"); +&ripemd160_block("ripemd160_block_asm_data_order"); &asm_finish(); sub Xv diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c index 9608a8fd0e564..61626284b8fad 100644 --- a/crypto/ripemd/rmd_dgst.c +++ b/crypto/ripemd/rmd_dgst.c @@ -82,207 +82,6 @@ int RIPEMD160_Init(RIPEMD160_CTX *c) return 1; } -#ifndef ripemd160_block_host_order -#ifdef X -#undef X -#endif -#define X(i) XX[i] -void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, size_t num) - { - const RIPEMD160_LONG *XX=p; - register unsigned MD32_REG_T A,B,C,D,E; - register unsigned MD32_REG_T a,b,c,d,e; - - for (;num--;XX+=HASH_LBLOCK) - { - - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP1(A,B,C,D,E,WL00,SL00); - RIP1(E,A,B,C,D,WL01,SL01); - RIP1(D,E,A,B,C,WL02,SL02); - RIP1(C,D,E,A,B,WL03,SL03); - RIP1(B,C,D,E,A,WL04,SL04); - RIP1(A,B,C,D,E,WL05,SL05); - RIP1(E,A,B,C,D,WL06,SL06); - RIP1(D,E,A,B,C,WL07,SL07); - RIP1(C,D,E,A,B,WL08,SL08); - RIP1(B,C,D,E,A,WL09,SL09); - RIP1(A,B,C,D,E,WL10,SL10); - RIP1(E,A,B,C,D,WL11,SL11); - RIP1(D,E,A,B,C,WL12,SL12); - RIP1(C,D,E,A,B,WL13,SL13); - RIP1(B,C,D,E,A,WL14,SL14); - RIP1(A,B,C,D,E,WL15,SL15); - - RIP2(E,A,B,C,D,WL16,SL16,KL1); - RIP2(D,E,A,B,C,WL17,SL17,KL1); - RIP2(C,D,E,A,B,WL18,SL18,KL1); - RIP2(B,C,D,E,A,WL19,SL19,KL1); - RIP2(A,B,C,D,E,WL20,SL20,KL1); - RIP2(E,A,B,C,D,WL21,SL21,KL1); - RIP2(D,E,A,B,C,WL22,SL22,KL1); - RIP2(C,D,E,A,B,WL23,SL23,KL1); - RIP2(B,C,D,E,A,WL24,SL24,KL1); - RIP2(A,B,C,D,E,WL25,SL25,KL1); - RIP2(E,A,B,C,D,WL26,SL26,KL1); - RIP2(D,E,A,B,C,WL27,SL27,KL1); - RIP2(C,D,E,A,B,WL28,SL28,KL1); - RIP2(B,C,D,E,A,WL29,SL29,KL1); - RIP2(A,B,C,D,E,WL30,SL30,KL1); - RIP2(E,A,B,C,D,WL31,SL31,KL1); - - RIP3(D,E,A,B,C,WL32,SL32,KL2); - RIP3(C,D,E,A,B,WL33,SL33,KL2); - RIP3(B,C,D,E,A,WL34,SL34,KL2); - RIP3(A,B,C,D,E,WL35,SL35,KL2); - RIP3(E,A,B,C,D,WL36,SL36,KL2); - RIP3(D,E,A,B,C,WL37,SL37,KL2); - RIP3(C,D,E,A,B,WL38,SL38,KL2); - RIP3(B,C,D,E,A,WL39,SL39,KL2); - RIP3(A,B,C,D,E,WL40,SL40,KL2); - RIP3(E,A,B,C,D,WL41,SL41,KL2); - RIP3(D,E,A,B,C,WL42,SL42,KL2); - RIP3(C,D,E,A,B,WL43,SL43,KL2); - RIP3(B,C,D,E,A,WL44,SL44,KL2); - RIP3(A,B,C,D,E,WL45,SL45,KL2); - RIP3(E,A,B,C,D,WL46,SL46,KL2); - RIP3(D,E,A,B,C,WL47,SL47,KL2); - - RIP4(C,D,E,A,B,WL48,SL48,KL3); - RIP4(B,C,D,E,A,WL49,SL49,KL3); - RIP4(A,B,C,D,E,WL50,SL50,KL3); - RIP4(E,A,B,C,D,WL51,SL51,KL3); - RIP4(D,E,A,B,C,WL52,SL52,KL3); - RIP4(C,D,E,A,B,WL53,SL53,KL3); - RIP4(B,C,D,E,A,WL54,SL54,KL3); - RIP4(A,B,C,D,E,WL55,SL55,KL3); - RIP4(E,A,B,C,D,WL56,SL56,KL3); - RIP4(D,E,A,B,C,WL57,SL57,KL3); - RIP4(C,D,E,A,B,WL58,SL58,KL3); - RIP4(B,C,D,E,A,WL59,SL59,KL3); - RIP4(A,B,C,D,E,WL60,SL60,KL3); - RIP4(E,A,B,C,D,WL61,SL61,KL3); - RIP4(D,E,A,B,C,WL62,SL62,KL3); - RIP4(C,D,E,A,B,WL63,SL63,KL3); - - RIP5(B,C,D,E,A,WL64,SL64,KL4); - RIP5(A,B,C,D,E,WL65,SL65,KL4); - RIP5(E,A,B,C,D,WL66,SL66,KL4); - RIP5(D,E,A,B,C,WL67,SL67,KL4); - RIP5(C,D,E,A,B,WL68,SL68,KL4); - RIP5(B,C,D,E,A,WL69,SL69,KL4); - RIP5(A,B,C,D,E,WL70,SL70,KL4); - RIP5(E,A,B,C,D,WL71,SL71,KL4); - RIP5(D,E,A,B,C,WL72,SL72,KL4); - RIP5(C,D,E,A,B,WL73,SL73,KL4); - RIP5(B,C,D,E,A,WL74,SL74,KL4); - RIP5(A,B,C,D,E,WL75,SL75,KL4); - RIP5(E,A,B,C,D,WL76,SL76,KL4); - RIP5(D,E,A,B,C,WL77,SL77,KL4); - RIP5(C,D,E,A,B,WL78,SL78,KL4); - RIP5(B,C,D,E,A,WL79,SL79,KL4); - - a=A; b=B; c=C; d=D; e=E; - /* Do other half */ - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP5(A,B,C,D,E,WR00,SR00,KR0); - RIP5(E,A,B,C,D,WR01,SR01,KR0); - RIP5(D,E,A,B,C,WR02,SR02,KR0); - RIP5(C,D,E,A,B,WR03,SR03,KR0); - RIP5(B,C,D,E,A,WR04,SR04,KR0); - RIP5(A,B,C,D,E,WR05,SR05,KR0); - RIP5(E,A,B,C,D,WR06,SR06,KR0); - RIP5(D,E,A,B,C,WR07,SR07,KR0); - RIP5(C,D,E,A,B,WR08,SR08,KR0); - RIP5(B,C,D,E,A,WR09,SR09,KR0); - RIP5(A,B,C,D,E,WR10,SR10,KR0); - RIP5(E,A,B,C,D,WR11,SR11,KR0); - RIP5(D,E,A,B,C,WR12,SR12,KR0); - RIP5(C,D,E,A,B,WR13,SR13,KR0); - RIP5(B,C,D,E,A,WR14,SR14,KR0); - RIP5(A,B,C,D,E,WR15,SR15,KR0); - - RIP4(E,A,B,C,D,WR16,SR16,KR1); - RIP4(D,E,A,B,C,WR17,SR17,KR1); - RIP4(C,D,E,A,B,WR18,SR18,KR1); - RIP4(B,C,D,E,A,WR19,SR19,KR1); - RIP4(A,B,C,D,E,WR20,SR20,KR1); - RIP4(E,A,B,C,D,WR21,SR21,KR1); - RIP4(D,E,A,B,C,WR22,SR22,KR1); - RIP4(C,D,E,A,B,WR23,SR23,KR1); - RIP4(B,C,D,E,A,WR24,SR24,KR1); - RIP4(A,B,C,D,E,WR25,SR25,KR1); - RIP4(E,A,B,C,D,WR26,SR26,KR1); - RIP4(D,E,A,B,C,WR27,SR27,KR1); - RIP4(C,D,E,A,B,WR28,SR28,KR1); - RIP4(B,C,D,E,A,WR29,SR29,KR1); - RIP4(A,B,C,D,E,WR30,SR30,KR1); - RIP4(E,A,B,C,D,WR31,SR31,KR1); - - RIP3(D,E,A,B,C,WR32,SR32,KR2); - RIP3(C,D,E,A,B,WR33,SR33,KR2); - RIP3(B,C,D,E,A,WR34,SR34,KR2); - RIP3(A,B,C,D,E,WR35,SR35,KR2); - RIP3(E,A,B,C,D,WR36,SR36,KR2); - RIP3(D,E,A,B,C,WR37,SR37,KR2); - RIP3(C,D,E,A,B,WR38,SR38,KR2); - RIP3(B,C,D,E,A,WR39,SR39,KR2); - RIP3(A,B,C,D,E,WR40,SR40,KR2); - RIP3(E,A,B,C,D,WR41,SR41,KR2); - RIP3(D,E,A,B,C,WR42,SR42,KR2); - RIP3(C,D,E,A,B,WR43,SR43,KR2); - RIP3(B,C,D,E,A,WR44,SR44,KR2); - RIP3(A,B,C,D,E,WR45,SR45,KR2); - RIP3(E,A,B,C,D,WR46,SR46,KR2); - RIP3(D,E,A,B,C,WR47,SR47,KR2); - - RIP2(C,D,E,A,B,WR48,SR48,KR3); - RIP2(B,C,D,E,A,WR49,SR49,KR3); - RIP2(A,B,C,D,E,WR50,SR50,KR3); - RIP2(E,A,B,C,D,WR51,SR51,KR3); - RIP2(D,E,A,B,C,WR52,SR52,KR3); - RIP2(C,D,E,A,B,WR53,SR53,KR3); - RIP2(B,C,D,E,A,WR54,SR54,KR3); - RIP2(A,B,C,D,E,WR55,SR55,KR3); - RIP2(E,A,B,C,D,WR56,SR56,KR3); - RIP2(D,E,A,B,C,WR57,SR57,KR3); - RIP2(C,D,E,A,B,WR58,SR58,KR3); - RIP2(B,C,D,E,A,WR59,SR59,KR3); - RIP2(A,B,C,D,E,WR60,SR60,KR3); - RIP2(E,A,B,C,D,WR61,SR61,KR3); - RIP2(D,E,A,B,C,WR62,SR62,KR3); - RIP2(C,D,E,A,B,WR63,SR63,KR3); - - RIP1(B,C,D,E,A,WR64,SR64); - RIP1(A,B,C,D,E,WR65,SR65); - RIP1(E,A,B,C,D,WR66,SR66); - RIP1(D,E,A,B,C,WR67,SR67); - RIP1(C,D,E,A,B,WR68,SR68); - RIP1(B,C,D,E,A,WR69,SR69); - RIP1(A,B,C,D,E,WR70,SR70); - RIP1(E,A,B,C,D,WR71,SR71); - RIP1(D,E,A,B,C,WR72,SR72); - RIP1(C,D,E,A,B,WR73,SR73); - RIP1(B,C,D,E,A,WR74,SR74); - RIP1(A,B,C,D,E,WR75,SR75); - RIP1(E,A,B,C,D,WR76,SR76); - RIP1(D,E,A,B,C,WR77,SR77); - RIP1(C,D,E,A,B,WR78,SR78); - RIP1(B,C,D,E,A,WR79,SR79); - - D =ctx->B+c+D; - ctx->B=ctx->C+d+E; - ctx->C=ctx->D+e+A; - ctx->D=ctx->E+a+B; - ctx->E=ctx->A+b+C; - ctx->A=D; - - } - } -#endif - #ifndef ripemd160_block_data_order #ifdef X #undef X diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h index b52d7861654cd..f14b346e66229 100644 --- a/crypto/ripemd/rmd_locl.h +++ b/crypto/ripemd/rmd_locl.h @@ -72,32 +72,20 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define ripemd160_block_host_order ripemd160_block_asm_host_order -# endif +# define ripemd160_block_data_order ripemd160_block_asm_data_order # endif #endif -void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,size_t num); void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define ripemd160_block_data_order ripemd160_block_host_order -# endif -#endif - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG RIPEMD160_LONG -#define HASH_LONG_LOG2 RIPEMD160_LONG_LOG2 #define HASH_CTX RIPEMD160_CTX #define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_LBLOCK RIPEMD160_LBLOCK #define HASH_UPDATE RIPEMD160_Update #define HASH_TRANSFORM RIPEMD160_Transform #define HASH_FINAL RIPEMD160_Final -#define HASH_BLOCK_HOST_ORDER ripemd160_block_host_order #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->A; HOST_l2c(ll,(s)); \ @@ -106,9 +94,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); ll=(c)->D; HOST_l2c(ll,(s)); \ ll=(c)->E; HOST_l2c(ll,(s)); \ } while (0) -#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#endif #include "md32_common.h" diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index cbfdf2ae6ff23..fb34e0e836c9c 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -103,12 +103,12 @@ static char *pt(unsigned char *md); int main(int argc, char *argv[]) { int i,err=0; - unsigned char **P,**R; + char **P,**R; char *p; unsigned char md[RIPEMD160_DIGEST_LENGTH]; - P=(unsigned char **)test; - R=(unsigned char **)ret; + P=test; + R=ret; i=1; while (*P != NULL) { diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index 13900812acde8..8f1c611800c72 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -133,12 +133,17 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b19c556930f46..3699afaaaf921 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -195,13 +195,27 @@ struct rsa_st * default (ignoring RSA_FLAG_BLINDING), * but other engines might not need it */ -#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA +#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +#ifndef OPENSSL_NO_DEPRECATED +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ + /* new with 0.9.7h; the built-in RSA * implementation now uses constant time * modular exponentiation for secret exponents * by default. This flag causes the * faster variable sliding window method to * be used for all exponents. */ +#endif + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 @@ -267,6 +281,7 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset); int RSA_print(BIO *bp, const RSA *r,int offset); #endif +#ifndef OPENSSL_NO_RC4 int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); @@ -280,6 +295,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)(char *buf, int len, const char *prompt, int verify)); +#endif /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index e7b7a9c4fc381..283ddd8f1f0a7 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } -/* Usage example; - * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - */ -#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ - if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ - !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ - CRYPTO_LOCK_RSA, \ - (rsa)->m, (ctx))) \ - err_instr - static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -227,13 +217,15 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, if (BN_bin2bn(buf,num,f) == NULL) goto err; if (BN_ucmp(f, rsa->n) >= 0) - { + { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -429,16 +421,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, BIGNUM local_d; BIGNUM *d = NULL; - if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { BN_init(&local_d); d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else - d = rsa->d; + d= rsa->d; - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -551,15 +545,17 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, BIGNUM local_d; BIGNUM *d = NULL; - if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else d = rsa->d; - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -669,7 +665,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -715,8 +713,8 @@ err: static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM *r1,*m1,*vrfy; - BIGNUM local_dmp1, local_dmq1; - BIGNUM *dmp1, *dmq1; + BIGNUM local_dmp1,local_dmq1,local_c,local_r1; + BIGNUM *dmp1,*dmq1,*c,*pr1; int ret=0; BN_CTX_start(ctx); @@ -724,26 +722,82 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); - MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + { + BIGNUM local_p, local_q; + BIGNUM *p = NULL, *q = NULL; + + /* Make sure BN_mod_inverse in Montgomery intialization uses the + * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) + */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + BN_init(&local_p); + p = &local_p; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); + + BN_init(&local_q); + q = &local_q; + BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); + } + else + { + p = rsa->p; + q = rsa->q; + } + + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) + { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) + goto err; + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) + goto err; + } + } + + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; + + /* compute I mod q */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + c = &local_c; + BN_with_flags(c, I, BN_FLG_CONSTTIME); + if (!BN_mod(r1,c,rsa->q,ctx)) goto err; + } + else + { + if (!BN_mod(r1,I,rsa->q,ctx)) goto err; + } - if (!BN_mod(r1,I,rsa->q,ctx)) goto err; - if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + /* compute r1^dmq1 mod q */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmq1 = &local_dmq1; - BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME); + BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); } else dmq1 = rsa->dmq1; if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; - if (!BN_mod(r1,I,rsa->p,ctx)) goto err; - if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + /* compute I mod p */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + c = &local_c; + BN_with_flags(c, I, BN_FLG_CONSTTIME); + if (!BN_mod(r1,c,rsa->p,ctx)) goto err; + } + else + { + if (!BN_mod(r1,I,rsa->p,ctx)) goto err; + } + + /* compute r1^dmp1 mod p */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmp1 = &local_dmp1; - BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME); + BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); } else dmp1 = rsa->dmp1; @@ -757,7 +811,17 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; - if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; + + /* Turn BN_FLG_CONSTTIME flag on before division operation */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + pr1 = &local_r1; + BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); + } + else + pr1 = r1; + if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; + /* If p < q it is occasionally possible for the correction of * adding 'p' if r0 is negative above to leave the result still * negative. This can break the private key operations: the following @@ -790,10 +854,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BIGNUM local_d; BIGNUM *d = NULL; - if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else d = rsa->d; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 742f8b18e5add..767f7ab682ad8 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -85,6 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; + BIGNUM local_r0,local_d,local_p; + BIGNUM *pr0,*d,*p; int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; @@ -165,16 +167,39 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ - if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err; /* d */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + pr0 = &local_r0; + BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); + } + else + pr0 = r0; + if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ + + /* set up d for correct BN_FLG_CONSTTIME flag */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); + } + else + d = rsa->d; /* calculate d mod (p-1) */ - if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; + if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; /* calculate d mod (q-1) */ - if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; + if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; /* calculate inverse of q mod p */ - if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err; + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + p = &local_p; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); + } + else + p = rsa->p; + if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; ok=1; err: diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index cca32c098df88..104aa4c1f2da1 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -361,7 +361,8 @@ err: BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { - BIGNUM *e; + BIGNUM local_n; + BIGNUM *e,*n; BN_CTX *ctx; BN_BLINDING *ret = NULL; @@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); } - ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx, + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + /* Set BN_FLG_CONSTTIME flag */ + n = &local_n; + BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); + } + else + n = rsa->n; + + ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, rsa->_method_mod_n); if (ret == NULL) { diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 45d6f6ef8a5ea..3652677a99822 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -96,6 +96,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *maskeddb; int lzero; unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *padded_from; int bad = 0; if (--num < 2 * SHA_DIGEST_LENGTH + 1) @@ -106,8 +107,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, lzero = num - flen; if (lzero < 0) { - /* lzero == -1 */ - /* signalling this error immediately after detection might allow * for side-channel attacks (e.g. timing if 'plen' is huge * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal @@ -115,20 +114,28 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, * so we use a 'bad' flag */ bad = 1; lzero = 0; + flen = num; /* don't overflow the memcpy to padded_from */ } - maskeddb = from - lzero + SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen); + db = OPENSSL_malloc(dblen + num); if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); return -1; } + /* Always do this zero-padding copy (even when lzero == 0) + * to avoid leaking timing info about the value of lzero. */ + padded_from = db + dblen; + memset(padded_from, 0, lzero); + memcpy(padded_from + lzero, from, flen); + + maskeddb = padded_from + SHA_DIGEST_LENGTH; + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = lzero; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= from[i - lzero]; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= padded_from[i]; MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); for (i = 0; i < dblen; i++) @@ -143,13 +150,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; - if (db[i] != 0x01 || i++ >= dblen) + if (i == dblen || db[i] != 0x01) goto decoding_err; else { /* everything looks OK */ - mlen = dblen - i; + mlen = dblen - ++i; if (tlen < mlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index ea72629494cff..cfeff15bc9c12 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); return(-1); } - for (k= -8; k<0; k++) + for (k = -9; k<-1; k++) { if (p[k] != 0x03) break; } diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 0f8059ccfdfc7..4080de8bcf994 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -219,6 +219,7 @@ int main(int argc, char *argv[]) int plen; int clen = 0; int num; + int n; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); @@ -242,7 +243,7 @@ int main(int argc, char *argv[]) clen = key3(key, ctext_ex); break; } - if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME; + if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME; num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); @@ -278,7 +279,7 @@ int main(int argc, char *argv[]) err=1; goto next; } - + num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) @@ -287,10 +288,7 @@ int main(int argc, char *argv[]) err=1; } else if (memcmp(ctext, ctext_ex, num) == 0) - { printf("OAEP test vector %d passed!\n", v); - goto next; - } /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try decrypting ctext_ex */ @@ -305,6 +303,26 @@ int main(int argc, char *argv[]) } else printf("OAEP encryption/decryption ok\n"); + + /* Try decrypting corrupted ciphertexts */ + for(n = 0 ; n < clen ; ++n) + { + int b; + unsigned char saved = ctext[n]; + for(b = 0 ; b < 256 ; ++b) + { + if(b == saved) + continue; + ctext[n] = b; + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if(num > 0) + { + printf("Corrupt data decrypted!\n"); + err = 1; + } + } + } next: RSA_free(key); } diff --git a/crypto/seed/Makefile b/crypto/seed/Makefile new file mode 100644 index 0000000000000..f9de27b288994 --- /dev/null +++ b/crypto/seed/Makefile @@ -0,0 +1,87 @@ +# +# crypto/seed/Makefile +# + +DIR= seed +TOP= ../.. +CC= cc +CPP= $(CC) -E +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c +LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o + +SRC= $(LIBSRC) + +EXHEADER= seed.h +HEADER= seed_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +seed.o: ../../include/openssl/seed.h seed.c seed_locl.h +seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h +seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h +seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h +seed_ecb.o: seed_ecb.c +seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c new file mode 100644 index 0000000000000..125dd7d66f6e9 --- /dev/null +++ b/crypto/seed/seed.c @@ -0,0 +1,286 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +#ifndef OPENSSL_NO_SEED + +#include +#include +#include +#ifdef WIN32 +#include +#endif + +#include +#include "seed_locl.h" + +static seed_word SS[4][256] = { { + 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, + 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, + 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, + 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec, + 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, + 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100, + 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8, + 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, + 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c, + 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4, + 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, + 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0, + 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8, + 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, + 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064, + 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264, + 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, + 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc, + 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038, + 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, + 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188, + 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4, + 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, + 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4, + 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040, + 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, + 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254, + 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8, + 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, + 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088, + 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330, + 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 +}, { + 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0, + 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, + 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3, + 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43, + 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, + 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890, + 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3, + 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, + 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83, + 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430, + 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, + 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1, + 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1, + 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171, + 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951, + 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0, + 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, + 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41, + 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62, + 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, + 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303, + 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901, + 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, + 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343, + 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971, + 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, + 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642, + 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1, + 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, + 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393, + 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783, + 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 +}, { + 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505, + 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, + 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707, + 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece, + 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, + 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101, + 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9, + 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, + 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f, + 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5, + 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, + 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1, + 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b, + 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, + 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444, + 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646, + 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, + 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf, + 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808, + 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, + 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989, + 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4, + 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, + 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484, + 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040, + 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, + 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646, + 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca, + 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, + 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888, + 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303, + 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a +}, { + 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838, + 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, + 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427, + 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b, + 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, + 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818, + 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f, + 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, + 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b, + 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434, + 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, + 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839, + 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031, + 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031, + 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819, + 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010, + 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, + 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d, + 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e, + 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, + 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003, + 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809, + 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, + 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003, + 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839, + 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, + 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406, + 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d, + 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, + 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013, + 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407, + 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 +} }; + +/* key schedule constants - golden ratio */ +#define KC0 0x9e3779b9 +#define KC1 0x3c6ef373 +#define KC2 0x78dde6e6 +#define KC3 0xf1bbcdcc +#define KC4 0xe3779b99 +#define KC5 0xc6ef3733 +#define KC6 0x8dde6e67 +#define KC7 0x1bbcdccf +#define KC8 0x3779b99e +#define KC9 0x6ef3733c +#define KC10 0xdde6e678 +#define KC11 0xbbcdccf1 +#define KC12 0x779b99e3 +#define KC13 0xef3733c6 +#define KC14 0xde6e678d +#define KC15 0xbcdccf1b + + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) +{ + seed_word x1, x2, x3, x4; + seed_word t0, t1; + + char2word(rawkey , x1); + char2word(rawkey+4 , x2); + char2word(rawkey+8 , x3); + char2word(rawkey+12, x4); + + t0 = (x1 + x3 - KC0) & 0xffffffff; + t1 = (x2 - x4 + KC0) & 0xffffffff; KEYUPDATE_TEMP(t0, t1, &ks->data[0]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); KEYUPDATE_TEMP(t0, t1, &ks->data[2]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); KEYUPDATE_TEMP(t0, t1, &ks->data[4]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); KEYUPDATE_TEMP(t0, t1, &ks->data[6]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4); KEYUPDATE_TEMP(t0, t1, &ks->data[8]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5); KEYUPDATE_TEMP(t0, t1, &ks->data[10]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6); KEYUPDATE_TEMP(t0, t1, &ks->data[12]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7); KEYUPDATE_TEMP(t0, t1, &ks->data[14]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8); KEYUPDATE_TEMP(t0, t1, &ks->data[16]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9); KEYUPDATE_TEMP(t0, t1, &ks->data[18]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10); KEYUPDATE_TEMP(t0, t1, &ks->data[20]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11); KEYUPDATE_TEMP(t0, t1, &ks->data[22]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12); KEYUPDATE_TEMP(t0, t1, &ks->data[24]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13); KEYUPDATE_TEMP(t0, t1, &ks->data[26]); + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14); KEYUPDATE_TEMP(t0, t1, &ks->data[28]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); KEYUPDATE_TEMP(t0, t1, &ks->data[30]); +} + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks) +{ + seed_word x1, x2, x3, x4; + seed_word t0, t1; + + char2word(s, x1); + char2word(s+4, x2); + char2word(s+8, x3); + char2word(s+12, x4); + + E_SEED(t0, t1, x1, x2, x3, x4, 0); + E_SEED(t0, t1, x3, x4, x1, x2, 2); + E_SEED(t0, t1, x1, x2, x3, x4, 4); + E_SEED(t0, t1, x3, x4, x1, x2, 6); + E_SEED(t0, t1, x1, x2, x3, x4, 8); + E_SEED(t0, t1, x3, x4, x1, x2, 10); + E_SEED(t0, t1, x1, x2, x3, x4, 12); + E_SEED(t0, t1, x3, x4, x1, x2, 14); + E_SEED(t0, t1, x1, x2, x3, x4, 16); + E_SEED(t0, t1, x3, x4, x1, x2, 18); + E_SEED(t0, t1, x1, x2, x3, x4, 20); + E_SEED(t0, t1, x3, x4, x1, x2, 22); + E_SEED(t0, t1, x1, x2, x3, x4, 24); + E_SEED(t0, t1, x3, x4, x1, x2, 26); + E_SEED(t0, t1, x1, x2, x3, x4, 28); + E_SEED(t0, t1, x3, x4, x1, x2, 30); + + word2char(x3, d); + word2char(x4, d+4); + word2char(x1, d+8); + word2char(x2, d+12); +} + +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks) +{ + seed_word x1, x2, x3, x4; + seed_word t0, t1; + + char2word(s, x1); + char2word(s+4, x2); + char2word(s+8, x3); + char2word(s+12, x4); + + E_SEED(t0, t1, x1, x2, x3, x4, 30); + E_SEED(t0, t1, x3, x4, x1, x2, 28); + E_SEED(t0, t1, x1, x2, x3, x4, 26); + E_SEED(t0, t1, x3, x4, x1, x2, 24); + E_SEED(t0, t1, x1, x2, x3, x4, 22); + E_SEED(t0, t1, x3, x4, x1, x2, 20); + E_SEED(t0, t1, x1, x2, x3, x4, 18); + E_SEED(t0, t1, x3, x4, x1, x2, 16); + E_SEED(t0, t1, x1, x2, x3, x4, 14); + E_SEED(t0, t1, x3, x4, x1, x2, 12); + E_SEED(t0, t1, x1, x2, x3, x4, 10); + E_SEED(t0, t1, x3, x4, x1, x2, 8); + E_SEED(t0, t1, x1, x2, x3, x4, 6); + E_SEED(t0, t1, x3, x4, x1, x2, 4); + E_SEED(t0, t1, x1, x2, x3, x4, 2); + E_SEED(t0, t1, x3, x4, x1, x2, 0); + + word2char(x3, d); + word2char(x4, d+4); + word2char(x1, d+8); + word2char(x2, d+12); +} + +#endif /* OPENSSL_NO_SEED */ diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h new file mode 100644 index 0000000000000..427915ed9a9fa --- /dev/null +++ b/crypto/seed/seed.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#ifndef HEADER_SEED_H +#define HEADER_SEED_H + +#include + +#ifdef OPENSSL_NO_SEED +#error SEED is disabled. +#endif + +#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +#endif + +#if !defined(NO_SYS_TYPES_H) +# include +#endif + +#define SEED_BLOCK_SIZE 16 +#define SEED_KEY_LENGTH 16 + + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct seed_key_st { +#ifdef SEED_LONG + unsigned long data[32]; +#else + unsigned int data[32]; +#endif +} SEED_KEY_SCHEDULE; + + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SEED_H */ diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c new file mode 100644 index 0000000000000..4f718ccb44e63 --- /dev/null +++ b/crypto/seed/seed_cbc.c @@ -0,0 +1,129 @@ +/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "seed_locl.h" +#include + +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc) + { + size_t n; + unsigned char tmp[SEED_BLOCK_SIZE]; + const unsigned char *iv = ivec; + + if (enc) + { + while (len >= SEED_BLOCK_SIZE) + { + for (n = 0; n < SEED_BLOCK_SIZE; ++n) + out[n] = in[n] ^ iv[n]; + SEED_encrypt(out, out, ks); + iv = out; + len -= SEED_BLOCK_SIZE; + in += SEED_BLOCK_SIZE; + out += SEED_BLOCK_SIZE; + } + if (len) + { + for (n = 0; n < len; ++n) + out[n] = in[n] ^ iv[n]; + for (n = len; n < SEED_BLOCK_SIZE; ++n) + out[n] = iv[n]; + SEED_encrypt(out, out, ks); + iv = out; + } + memcpy(ivec, iv, SEED_BLOCK_SIZE); + } + else if (in != out) /* decrypt */ + { + while (len >= SEED_BLOCK_SIZE) + { + SEED_decrypt(in, out, ks); + for (n = 0; n < SEED_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + iv = in; + len -= SEED_BLOCK_SIZE; + in += SEED_BLOCK_SIZE; + out += SEED_BLOCK_SIZE; + } + if (len) + { + SEED_decrypt(in, tmp, ks); + for (n = 0; n < len; ++n) + out[n] = tmp[n] ^ iv[n]; + iv = in; + } + memcpy(ivec, iv, SEED_BLOCK_SIZE); + } + else /* decrypt, overlap */ + { + while (len >= SEED_BLOCK_SIZE) + { + memcpy(tmp, in, SEED_BLOCK_SIZE); + SEED_decrypt(in, out, ks); + for (n = 0; n < SEED_BLOCK_SIZE; ++n) + out[n] ^= ivec[n]; + memcpy(ivec, tmp, SEED_BLOCK_SIZE); + len -= SEED_BLOCK_SIZE; + in += SEED_BLOCK_SIZE; + out += SEED_BLOCK_SIZE; + } + if (len) + { + memcpy(tmp, in, SEED_BLOCK_SIZE); + SEED_decrypt(tmp, tmp, ks); + for (n = 0; n < len; ++n) + out[n] = tmp[n] ^ ivec[n]; + memcpy(ivec, tmp, SEED_BLOCK_SIZE); + } + } + } diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c new file mode 100644 index 0000000000000..07d878a788891 --- /dev/null +++ b/crypto/seed/seed_cfb.c @@ -0,0 +1,144 @@ +/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "seed_locl.h" +#include + +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc) + { + int n; + unsigned char c; + + n = *num; + + if (enc) + { + while (len--) + { + if (n == 0) + SEED_encrypt(ivec, ivec, ks); + ivec[n] = *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % SEED_BLOCK_SIZE; + } + } + else + { + while (len--) + { + if (n == 0) + SEED_encrypt(ivec, ivec, ks); + c = *(in); + *(out++) = *(in++) ^ ivec[n]; + ivec[n] = c; + n = (n+1) % SEED_BLOCK_SIZE; + } + } + + *num = n; + } diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c new file mode 100644 index 0000000000000..e63f5ae14eb94 --- /dev/null +++ b/crypto/seed/seed_ecb.c @@ -0,0 +1,60 @@ +/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc) + { + if (enc) + SEED_encrypt(in, out, ks); + else + SEED_decrypt(in, out, ks); + } diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_locl.h new file mode 100644 index 0000000000000..fd456b6422595 --- /dev/null +++ b/crypto/seed/seed_locl.h @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +#ifndef HEADER_SEED_LOCL_H +#define HEADER_SEED_LOCL_H + +#include "openssl/e_os2.h" +#include + + +#ifdef SEED_LONG /* need 32-bit type */ +typedef unsigned long seed_word; +#else +typedef unsigned int seed_word; +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + +#define G_FUNC(v) \ + SS[0][(unsigned char) (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \ + SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff] + +#define char2word(c, i) \ + (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) + +#define word2char(l, c) \ + *((c)+0) = (unsigned char)((l)>>24) & 0xff; \ + *((c)+1) = (unsigned char)((l)>>16) & 0xff; \ + *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \ + *((c)+3) = (unsigned char)((l)) & 0xff + +#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X3); \ + (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \ + (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff + +#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X1); \ + (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \ + (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff + +#define KEYUPDATE_TEMP(T0, T1, K) \ + (K)[0] = G_FUNC((T0)); \ + (K)[1] = G_FUNC((T1)) + +#define XOR_SEEDBLOCK(DST, SRC) \ + ((DST))[0] ^= ((SRC))[0]; \ + ((DST))[1] ^= ((SRC))[1]; \ + ((DST))[2] ^= ((SRC))[2]; \ + ((DST))[3] ^= ((SRC))[3] + +#define MOV_SEEDBLOCK(DST, SRC) \ + ((DST))[0] = ((SRC))[0]; \ + ((DST))[1] = ((SRC))[1]; \ + ((DST))[2] = ((SRC))[2]; \ + ((DST))[3] = ((SRC))[3] + +# define CHAR2WORD(C, I) \ + char2word((C), (I)[0]); \ + char2word((C+4), (I)[1]); \ + char2word((C+8), (I)[2]); \ + char2word((C+12), (I)[3]) + +# define WORD2CHAR(I, C) \ + word2char((I)[0], (C)); \ + word2char((I)[1], (C+4)); \ + word2char((I)[2], (C+8)); \ + word2char((I)[3], (C+12)) + +# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ + (T0) = (X3) ^ (ks->data)[(rbase)]; \ + (T1) = (X4) ^ (ks->data)[(rbase)+1]; \ + (T1) ^= (T0); \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (T0) = G_FUNC((T0)); \ + (T1) = ((T1) + (T0)) & 0xffffffff; \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (X1) ^= (T0); \ + (X2) ^= (T1) + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SEED_LOCL_H */ diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c new file mode 100644 index 0000000000000..e2f3f57a38cd7 --- /dev/null +++ b/crypto/seed/seed_ofb.c @@ -0,0 +1,128 @@ +/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "seed_locl.h" +#include + +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num) + { + int n; + + n = *num; + + while (len--) + { + if (n == 0) + SEED_encrypt(ivec, ivec, ks); + *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % SEED_BLOCK_SIZE; + } + + *num = n; + } diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index 42a8c5b443beb..ac64fb61d366b 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -65,6 +65,11 @@ sha256-ia64.s: asm/sha512-ia64.pl sha512-ia64.s: asm/sha512-ia64.pl (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +# Solaris make has to be explicitly told +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 4f8521f1e2ca8..a787dd37da42e 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -1,4 +1,16 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl + +# ==================================================================== +# [Re]written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# "[Re]written" was achieved in two major overhauls. In 2004 BODY_* +# functions were re-implemented to address P4 performance issue [see +# commentary below], and in 2006 the rest was rewritten in order to +# gain freedom to liberate licensing terms. # It was noted that Intel IA-32 C compiler generates code which # performs ~30% *faster* on P4 CPU than original *hand-coded* @@ -17,90 +29,27 @@ # improvement on P4 outweights the loss and incorporate this # re-tuned code to 0.9.7 and later. # ---------------------------------------------------------------- -# Those who for any particular reason absolutely must score on -# Pentium can replace this module with one from 0.9.6 distribution. -# This "offer" shall be revoked the moment programming interface to -# this module is changed, in which case this paragraph should be -# removed. -# ---------------------------------------------------------------- # -$normal=0; - -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); $A="eax"; -$B="ecx"; -$C="ebx"; +$B="ebx"; +$C="ecx"; $D="edx"; $E="edi"; $T="esi"; $tmp1="ebp"; -$off=9*4; - -@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); - -&sha1_block_data("sha1_block_asm_data_order"); - -&asm_finish(); - -sub Nn - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - return($n{$p}); - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A); - return($n{$p}); - } - -sub Na - { - local($n)=@_; - return( (($n )&0x0f), - (($n+ 2)&0x0f), - (($n+ 8)&0x0f), - (($n+13)&0x0f), - (($n+ 1)&0x0f)); - } - -sub X_expand - { - local($in)=@_; - - &comment("First, load the words onto the stack in network byte order"); - for ($i=0; $i<16; $i+=2) - { - &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,$in,"",0)); - &bswap($A); - &bswap($B); - &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); - } - - &comment("We now have the X array on the stack"); - &comment("starting at sp-4"); - } - -# Rules of engagement -# F is always trashable at the start, the running total. -# E becomes the next F so it can be trashed after it has been 'accumulated' -# F becomes A in the next round. We don't need to access it much. -# During the X update part, the result ends up in $X[$n0]. +@V=($A,$B,$C,$D,$E,$T); sub BODY_00_15 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; &comment("00_15 $n"); @@ -109,37 +58,37 @@ sub BODY_00_15 else { &mov($a,$tmp1); } &rotl($tmp1,5); # tmp1=ROTATE(a,5) &xor($f,$d); - &and($f,$b); - &add($tmp1,$e); # tmp1+=e; - &mov($e,&swtmp($n)); # e becomes volatile and - # is loaded with xi + &add($tmp1,$e); # tmp1+=e; + &and($f,$b); + &mov($e,&swtmp($n%16)); # e becomes volatile and is loaded + # with xi, also note that e becomes + # f in next round... &xor($f,$d); # f holds F_00_19(b,c,d) &rotr($b,2); # b=ROTATE(b,30) - &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi + &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi if ($n==15) { &add($f,$tmp1); } # f+=tmp1 - else { &add($tmp1,$f); } + else { &add($tmp1,$f); } # f becomes a in next round } sub BODY_16_19 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - local($n0,$n1,$n2,$n3,$np)=&Na($n); + local($n,$a,$b,$c,$d,$e,$f)=@_; &comment("16_19 $n"); - &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) - &xor($f,&swtmp($n0)); + &xor($f,&swtmp(($n+2)%16)); &xor($tmp1,$d); - &xor($f,&swtmp($n2)); + &xor($f,&swtmp(($n+8)%16)); &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) &rotr($b,2); # b=ROTATE(b,30) - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROATE(f,1) + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) - &mov(&swtmp($n0),$f); # xi=f - &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e + &mov(&swtmp($n%16),$f); # xi=f + &lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e &mov($e,$a); # e becomes volatile &rotl($e,5); # e=ROTATE(a,5) &add($f,$tmp1); # f+=F_00_19(b,c,d) @@ -148,48 +97,47 @@ sub BODY_16_19 sub BODY_20_39 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; + local $K=($n<40)?0x6ed9eba1:0xca62c1d6; &comment("20_39 $n"); - local($n0,$n1,$n2,$n3,$np)=&Na($n); &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) - &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) &rotr($b,2); # b=ROTATE(b,30) - &xor($f,&swtmp($n1)); + &xor($f,&swtmp(($n+2)%16)); &xor($tmp1,$c); - &xor($f,&swtmp($n2)); + &xor($f,&swtmp(($n+8)%16)); &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd &rotl($f,1); # f=ROTATE(f,1) &add($tmp1,$e); - &mov(&swtmp($n0),$f); # xi=f + &mov(&swtmp($n%16),$f); # xi=f &mov($e,$a); # e becomes volatile &rotl($e,5); # e=ROTATE(a,5) - &lea($f,&DWP($K,$f,$tmp1,1)); # f+=K_20_39+e + &lea($f,&DWP($K,$f,$tmp1)); # f+=K_20_39+e &add($f,$e); # f+=ROTATE(a,5) } sub BODY_40_59 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; &comment("40_59 $n"); - local($n0,$n1,$n2,$n3,$np)=&Na($n); - &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &mov($tmp1,&swtmp($n1)); + &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,&swtmp(($n+2)%16)); &xor($f,$tmp1); - &mov($tmp1,&swtmp($n2)); + &mov($tmp1,&swtmp(($n+8)%16)); &xor($f,$tmp1); - &mov($tmp1,&swtmp($n3)); + &mov($tmp1,&swtmp(($n+13)%16)); &xor($f,$tmp1); # f holds xa^xb^xc^xd &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) &rotl($f,1); # f=ROTATE(f,1) &or($tmp1,$c); - &mov(&swtmp($n0),$f); # xi=f + &mov(&swtmp($n%16),$f); # xi=f &and($tmp1,$d); - &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e + &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e &mov($e,$b); # e becomes volatile and is used # to calculate F_40_59(b,c,d) &rotr($b,2); # b=ROTATE(b,30) @@ -201,230 +149,71 @@ sub BODY_40_59 &add($f,$e); # f+=ROTATE(a,5) } -sub BODY_60_79 - { - &BODY_20_39(@_); - } - -sub sha1_block_host - { - local($name, $sclabel)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); +&function_begin("sha1_block_data_order"); + &mov($tmp1,&wparam(0)); # SHA_CTX *c + &mov($T,&wparam(1)); # const void *input + &mov($A,&wparam(2)); # size_t num + &stack_push(16); # allocate X[16] + &shl($A,6); + &add($A,$T); + &mov(&wparam(2),$A); # pointer beyond the end of input + &mov($E,&DWP(16,$tmp1));# pre-load E - &comment("First we need to setup the X array"); + &set_label("loop",16); - for ($i=0; $i<16; $i+=2) + # copy input chunk to X, but reversing byte order! + for ($i=0; $i<16; $i+=4) { - &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,"esi","",0)); + &mov($A,&DWP(4*($i+0),$T)); + &mov($B,&DWP(4*($i+1),$T)); + &mov($C,&DWP(4*($i+2),$T)); + &mov($D,&DWP(4*($i+3),$T)); + &bswap($A); + &bswap($B); + &bswap($C); + &bswap($D); &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); + &mov(&swtmp($i+1),$B); + &mov(&swtmp($i+2),$C); + &mov(&swtmp($i+3),$D); } - &jmp($sclabel); - &function_end_B($name); - } - - -sub sha1_block_data - { - local($name)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); - - &comment("First we need to setup the X array"); - - &set_label("start") unless $normal; - - &X_expand("esi"); - &mov(&wparam(1),"esi"); - - &set_label("shortcut", 0, 1); - &comment(""); - &comment("Start processing"); - - # odd start - &mov($A, &DWP( 0,"ebp","",0)); - &mov($B, &DWP( 4,"ebp","",0)); - $X="esp"; - &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C); - &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E); - - &comment("End processing"); - &comment(""); - # D is the tmp value - - # E -> A - # T -> B - # A -> C - # B -> D - # C -> E - # D -> T - - &mov($tmp1,&wparam(0)); - - &mov($D, &DWP(12,$tmp1,"",0)); - &add($D,$B); - &mov($B, &DWP( 4,$tmp1,"",0)); - &add($B,$T); - &mov($T, $A); - &mov($A, &DWP( 0,$tmp1,"",0)); - &mov(&DWP(12,$tmp1,"",0),$D); - - &add($A,$E); - &mov($E, &DWP(16,$tmp1,"",0)); - &add($E,$C); - &mov($C, &DWP( 8,$tmp1,"",0)); - &add($C,$T); - - &mov(&DWP( 0,$tmp1,"",0),$A); - &mov("esi",&wparam(1)); - &mov(&DWP( 8,$tmp1,"",0),$C); - &add("esi",64); - &mov("eax",&swtmp(17)); - &mov(&DWP(16,$tmp1,"",0),$E); - &cmp("esi","eax"); - &mov(&DWP( 4,$tmp1,"",0),$B); - &jb(&label("start")); - - &stack_pop(18+9); - &pop("edi"); - &pop("ebx"); - &pop("ebp"); - &pop("esi"); - &ret(); - - # keep a note of shortcut label so it can be used outside - # block. - my $sclabel = &label("shortcut"); - - &function_end_B($name); - # Putting this here avoids problems with MASM in debugging mode - &sha1_block_host("sha1_block_asm_host_order", $sclabel); - } + &mov(&wparam(1),$T); # redundant in 1st spin + + &mov($A,&DWP(0,$tmp1)); # load SHA_CTX + &mov($B,&DWP(4,$tmp1)); + &mov($C,&DWP(8,$tmp1)); + &mov($D,&DWP(12,$tmp1)); + # E is pre-loaded + + for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } + for(;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } + for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } + for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + + (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check + + &mov($tmp1,&wparam(0)); # re-load SHA_CTX* + &mov($D,&wparam(1)); # D is last "T" and is discarded + + &add($E,&DWP(0,$tmp1)); # E is last "A"... + &add($T,&DWP(4,$tmp1)); + &add($A,&DWP(8,$tmp1)); + &add($B,&DWP(12,$tmp1)); + &add($C,&DWP(16,$tmp1)); + + &mov(&DWP(0,$tmp1),$E); # update SHA_CTX + &add($D,64); # advance input pointer + &mov(&DWP(4,$tmp1),$T); + &cmp($D,&wparam(2)); # have we reached the end yet? + &mov(&DWP(8,$tmp1),$A); + &mov($E,$C); # C is last "E" which needs to be "pre-loaded" + &mov(&DWP(12,$tmp1),$B); + &mov($T,$D); # input pointer + &mov(&DWP(16,$tmp1),$C); + &jb(&label("loop")); + + &stack_pop(16); +&function_end("sha1_block_data_order"); +&asm_finish(); diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl index cb9dfad1243a7..aa18c1089b289 100644 --- a/crypto/sha/asm/sha1-ia64.pl +++ b/crypto/sha/asm/sha1-ia64.pl @@ -2,8 +2,9 @@ # # ==================================================================== # Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. # ==================================================================== # # Eternal question is what's wrong with compiler generated code? The @@ -11,15 +12,10 @@ # to perform rotations by maintaining copy of 32-bit value in upper # bits of 64-bit register. Just follow mux2 and shrp instructions... # Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which -# is >50% better than HP C and >2x better than gcc. As of this moment -# performance under little-endian OS such as Linux and Windows will be -# a bit lower, because data has to be picked in reverse byte-order. -# It's possible to resolve this issue by implementing third function, -# sha1_block_asm_data_order_aligned, which would temporarily flip -# BE field in User Mask register... +# is >50% better than HP C and >2x better than gcc. $code=<<___; -.ident \"sha1-ia64.s, version 1.0\" +.ident \"sha1-ia64.s, version 1.2\" .ident \"IA-64 ISA artwork by Andy Polyakov \" .explicit @@ -55,63 +51,55 @@ else { sub BODY_00_15 { local *code=shift; -local ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_; +local ($i,$a,$b,$c,$d,$e,$f)=@_; -if ($unaligned) { - $code.=<<___; -{ .mmi; ld1 tmp0=[inp],2 // MSB - ld1 tmp1=[tmp3],2 };; -{ .mmi; ld1 tmp2=[inp],2 - ld1 $X[$i&0xf]=[tmp3],2 // LSB - dep tmp1=tmp0,tmp1,8,8 };; -{ .mii; cmp.ne p16,p0=r0,r0 // no misaligned prefetch - dep $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;; - dep $X[$i&0xf]=tmp1,$X[$i&0xf],16,16 };; -{ .mmi; nop.m 0 -___ - } -elsif ($i<15) { - $code.=<<___; -{ .mmi; ld4 $X[($i+1)&0xf]=[inp],4 // prefetch -___ - } -else { - $code.=<<___; -{ .mmi; nop.m 0 +$code.=<<___ if ($i==0); +{ .mmi; ld1 $X[$i&0xf]=[inp],2 // MSB + ld1 tmp2=[tmp3],2 };; +{ .mmi; ld1 tmp0=[inp],2 + ld1 tmp4=[tmp3],2 // LSB + dep $X[$i&0xf]=$X[$i&0xf],tmp2,8,8 };; ___ - } if ($i<15) { $code.=<<___; - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 +{ .mmi; ld1 $X[($i+1)&0xf]=[inp],2 // +1 + dep tmp1=tmp0,tmp4,8,8 };; +{ .mmi; ld1 tmp2=[tmp3],2 // +1 + and tmp4=$c,$b + dep $X[$i&0xf]=$X[$i&0xf],tmp1,16,16 } //;; { .mmi; andcm tmp1=$d,$b - add tmp4=$e,$K_00_19 };; -{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 + add tmp0=$e,$K_00_19 + dep.z tmp5=$a,5,27 };; // a<<5 +{ .mmi; or tmp4=tmp4,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) + add $f=tmp0,$X[$i&0xf] // f=xi+e+K_00_19 extr.u tmp1=$a,27,5 };; // a>>27 -{ .mib; add $f=$f,tmp0 // f+=F_00_19(b,c,d) +{ .mmi; ld1 tmp0=[inp],2 // +1 + add $f=$f,tmp4 // f+=F_00_19(b,c,d) shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mib; or tmp1=tmp1,tmp5 // ROTATE(a,5) +{ .mmi; ld1 tmp4=[tmp3],2 // +1 + or tmp5=tmp1,tmp5 // ROTATE(a,5) mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) - mux2 $X[$i&0xf]=$X[$i&0xf],0x44 - nop.i 0 };; +{ .mii; add $f=$f,tmp5 // f+=ROTATE(a,5) + dep $X[($i+1)&0xf]=$X[($i+1)&0xf],tmp2,8,8 // +1 + mux2 $X[$i&0xf]=$X[$i&0xf],0x44 } //;; ___ } else { $code.=<<___; - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 ;;? +{ .mii; and tmp3=$c,$b + dep tmp1=tmp0,tmp4,8,8;; + dep $X[$i&0xf]=$X[$i&0xf],tmp1,16,16 } //;; { .mmi; andcm tmp1=$d,$b - add tmp4=$e,$K_00_19 };; -{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 + add tmp0=$e,$K_00_19 + dep.z tmp5=$a,5,27 };; // a<<5 +{ .mmi; or tmp4=tmp3,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) + add $f=tmp0,$X[$i&0xf] // f=xi+e+K_00_19 extr.u tmp1=$a,27,5 } // a>>27 { .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 nop.i 0 };; -{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) +{ .mmi; add $f=$f,tmp4 // f+=F_00_19(b,c,d) xor tmp2=tmp2,tmp3 // +1 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) @@ -190,9 +178,7 @@ $code.=<<___; extr.u tmp1=$a,27,5 } // a>>27 { .mib; add $f=$f,tmp4 // f+=e+K_20_39 add $h1=$h1,$a };; // wrap up -{ .mmi; -(p16) ld4.s $X[0]=[inp],4 // non-faulting prefetch - add $f=$f,tmp0 // f+=F_20_39(b,c,d) +{ .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d) shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) ;;? { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) add $h3=$h3,$c };; // wrap up @@ -245,172 +231,15 @@ tmp3=r11; ctx=r32; // in0 inp=r33; // in1 -// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num); -.global sha1_block_asm_host_order# -.proc sha1_block_asm_host_order# +// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num); +.global sha1_block_data_order# +.proc sha1_block_data_order# .align 32 -sha1_block_asm_host_order: +sha1_block_data_order: .prologue - .fframe 0 - .save ar.pfs,r0 - .save ar.lc,r3 { .mmi; alloc tmp1=ar.pfs,3,15,0,0 $ADDP tmp0=4,ctx - mov r3=ar.lc } -{ .mmi; $ADDP ctx=0,ctx - $ADDP inp=0,inp - mov r2=pr };; -tmp4=in2; -tmp5=loc13; -tmp6=loc14; - .body -{ .mlx; ld4 $h0=[ctx],8 - movl $K_00_19=0x5a827999 } -{ .mlx; ld4 $h1=[tmp0],8 - movl $K_20_39=0x6ed9eba1 };; -{ .mlx; ld4 $h2=[ctx],8 - movl $K_40_59=0x8f1bbcdc } -{ .mlx; ld4 $h3=[tmp0] - movl $K_60_79=0xca62c1d6 };; -{ .mmi; ld4 $h4=[ctx],-16 - add in2=-1,in2 // adjust num for ar.lc - mov ar.ec=1 };; -{ .mmi; ld4 $X[0]=[inp],4 // prefetch - cmp.ne p16,p0=r0,in2 // prefecth at loop end - mov ar.lc=in2 };; // brp.loop.imp: too far - -.Lhtop: -{ .mmi; mov $A=$h0 - mov $B=$h1 - mux2 tmp6=$h1,0x44 } -{ .mmi; mov $C=$h2 - mov $D=$h3 - mov $E=$h4 };; - -___ - - &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C); - &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B); - &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A); - &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C); - &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B); - &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A); - &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C); - - &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); - -$code.=<<___; -{ .mmb; add $h0=$h0,$E - nop.m 0 - br.ctop.dptk.many .Lhtop };; -.Lhend: -{ .mmi; add tmp0=4,ctx - mov ar.lc=r3 };; -{ .mmi; st4 [ctx]=$h0,8 - st4 [tmp0]=$h1,8 };; -{ .mmi; st4 [ctx]=$h2,8 - st4 [tmp0]=$h3 };; -{ .mib; st4 [ctx]=$h4,-16 - mov pr=r2,0x1ffff - br.ret.sptk.many b0 };; -.endp sha1_block_asm_host_order# -___ - - -$code.=<<___; -// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num); -.global sha1_block_asm_data_order# -.proc sha1_block_asm_data_order# -.align 32 -sha1_block_asm_data_order: -___ -$code.=<<___ if ($big_endian); -{ .mmi; and r2=3,inp };; -{ .mib; cmp.eq p6,p0=r0,r2 -(p6) br.dptk.many sha1_block_asm_host_order };; -___ -$code.=<<___; - .prologue - .fframe 0 - .save ar.pfs,r0 .save ar.lc,r3 -{ .mmi; alloc tmp1=ar.pfs,3,15,0,0 - $ADDP tmp0=4,ctx mov r3=ar.lc } { .mmi; $ADDP ctx=0,ctx $ADDP inp=0,inp @@ -444,90 +273,16 @@ tmp6=loc14; ___ - &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1); - &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1); - &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1); - &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1); - &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1); - &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1); - &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1); - - &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); +{ my $i,@V=($A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); + for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); } + for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); } + for(;$i<40;$i++) { &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); } + for(;$i<60;$i++) { &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); } + for(;$i<80;$i++) { &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); } - &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); + (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check +} $code.=<<___; { .mmb; add $h0=$h0,$E @@ -543,7 +298,8 @@ $code.=<<___; { .mib; st4 [ctx]=$h4,-16 mov pr=r2,0x1ffff br.ret.sptk.many b0 };; -.endp sha1_block_asm_data_order# +.endp sha1_block_data_order# +stringz "SHA1 block transform for IA64, CRYPTOGAMS by " ___ print $code; diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl new file mode 100755 index 0000000000000..f7ed67a72609e --- /dev/null +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -0,0 +1,242 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# sha1_block procedure for x86_64. +# +# It was brought to my attention that on EM64T compiler-generated code +# was far behind 32-bit assembler implementation. This is unlike on +# Opteron where compiler-generated code was only 15% behind 32-bit +# assembler, which originally made it hard to motivate the effort. +# There was suggestion to mechanically translate 32-bit code, but I +# dismissed it, reasoning that x86_64 offers enough register bank +# capacity to fully utilize SHA-1 parallelism. Therefore this fresh +# implementation:-) However! While 64-bit code does performs better +# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well, +# x86_64 does offer larger *addressable* bank, but out-of-order core +# reaches for even more registers through dynamic aliasing, and EM64T +# core must have managed to run-time optimize even 32-bit code just as +# good as 64-bit one. Performance improvement is summarized in the +# following table: +# +# gcc 3.4 32-bit asm cycles/byte +# Opteron +45% +20% 6.8 +# Xeon P4 +65% +0% 9.9 +# Core2 +60% +10% 7.0 + +$output=shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $output"; + +$ctx="%rdi"; # 1st arg +$inp="%rsi"; # 2nd arg +$num="%rdx"; # 3rd arg + +# reassign arguments in order to produce more compact code +$ctx="%r8"; +$inp="%r9"; +$num="%r10"; + +$xi="%eax"; +$t0="%ebx"; +$t1="%ecx"; +$A="%edx"; +$B="%esi"; +$C="%edi"; +$D="%ebp"; +$E="%r11d"; +$T="%r12d"; + +@V=($A,$B,$C,$D,$E,$T); + +sub PROLOGUE { +my $func=shift; +$code.=<<___; +.globl $func +.type $func,\@function,3 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + mov %rsp,%rax + mov %rdi,$ctx # reassigned argument + sub \$`8+16*4`,%rsp + mov %rsi,$inp # reassigned argument + and \$-64,%rsp + mov %rdx,$num # reassigned argument + mov %rax,`16*4`(%rsp) + + mov 0($ctx),$A + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov 16($ctx),$E +___ +} + +sub EPILOGUE { +my $func=shift; +$code.=<<___; + mov `16*4`(%rsp),%rsp + pop %r12 + pop %rbp + pop %rbx + ret +.size $func,.-$func +___ +} + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e,$f,$host)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + mov `4*$i`($inp),$xi + `"bswap $xi" if(!defined($host))` + mov $xi,`4*$i`(%rsp) +___ +$code.=<<___ if ($i<15); + lea 0x5a827999($xi,$e),$f + mov $c,$t0 + mov `4*$j`($inp),$xi + mov $a,$e + xor $d,$t0 + `"bswap $xi" if(!defined($host))` + rol \$5,$e + and $b,$t0 + mov $xi,`4*$j`(%rsp) + add $e,$f + xor $d,$t0 + rol \$30,$b + add $t0,$f +___ +$code.=<<___ if ($i>=15); + lea 0x5a827999($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi + mov $c,$t0 + mov $a,$e + xor `4*(($j+2)%16)`(%rsp),$xi + xor $d,$t0 + rol \$5,$e + xor `4*(($j+8)%16)`(%rsp),$xi + and $b,$t0 + add $e,$f + xor `4*(($j+13)%16)`(%rsp),$xi + xor $d,$t0 + rol \$30,$b + add $t0,$f + rol \$1,$xi + mov $xi,`4*($j%16)`(%rsp) +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +my $K=($i<40)?0x6ed9eba1:0xca62c1d6; +$code.=<<___ if ($i<79); + lea $K($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi + mov $c,$t0 + mov $a,$e + xor `4*(($j+2)%16)`(%rsp),$xi + xor $b,$t0 + rol \$5,$e + xor `4*(($j+8)%16)`(%rsp),$xi + xor $d,$t0 + add $e,$f + xor `4*(($j+13)%16)`(%rsp),$xi + rol \$30,$b + add $t0,$f + rol \$1,$xi +___ +$code.=<<___ if ($i<76); + mov $xi,`4*($j%16)`(%rsp) +___ +$code.=<<___ if ($i==79); + lea $K($xi,$e),$f + mov $c,$t0 + mov $a,$e + xor $b,$t0 + rol \$5,$e + xor $d,$t0 + add $e,$f + rol \$30,$b + add $t0,$f +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___; + lea 0x8f1bbcdc($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi + mov $b,$t0 + mov $b,$t1 + xor `4*(($j+2)%16)`(%rsp),$xi + mov $a,$e + and $c,$t0 + xor `4*(($j+8)%16)`(%rsp),$xi + or $c,$t1 + rol \$5,$e + xor `4*(($j+13)%16)`(%rsp),$xi + and $d,$t1 + add $e,$f + rol \$1,$xi + or $t1,$t0 + rol \$30,$b + mov $xi,`4*($j%16)`(%rsp) + add $t0,$f +___ +} + +$code=".text\n"; + +&PROLOGUE("sha1_block_data_order"); +$code.=".align 4\n.Lloop:\n"; +for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add 0($ctx),$E + add 4($ctx),$T + add 8($ctx),$A + add 12($ctx),$B + add 16($ctx),$C + mov $E,0($ctx) + mov $T,4($ctx) + mov $A,8($ctx) + mov $B,12($ctx) + mov $C,16($ctx) + + xchg $E,$A # mov $E,$A + xchg $T,$B # mov $T,$B + xchg $E,$C # mov $A,$C + xchg $T,$D # mov $B,$D + # mov $C,$E + lea `16*4`($inp),$inp + sub \$1,$num + jnz .Lloop +___ +&EPILOGUE("sha1_block_data_order"); +$code.=<<___; +.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by " +___ + +#################################################################### + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl index 0aea02399a9b0..1c6ce56522ed2 100755 --- a/crypto/sha/asm/sha512-ia64.pl +++ b/crypto/sha/asm/sha512-ia64.pl @@ -2,8 +2,9 @@ # # ==================================================================== # Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. # ==================================================================== # # SHA256/512_Transform for Itanium. @@ -71,7 +72,7 @@ if ($output =~ /512.*\.[s|asm]/) { $ADD="add"; $SHRU="shr.u"; $TABLE="K512"; - $func="sha512_block"; + $func="sha512_block_data_order"; @Sigma0=(28,34,39); @Sigma1=(14,18,41); @sigma0=(1, 8, 7); @@ -85,7 +86,7 @@ if ($output =~ /512.*\.[s|asm]/) { $ADD="padd4"; $SHRU="pshr4.u"; $TABLE="K256"; - $func="sha256_block"; + $func="sha256_block_data_order"; @Sigma0=( 2,13,22); @Sigma1=( 6,11,25); @sigma0=( 7,18, 3); @@ -105,11 +106,13 @@ if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); } $code=<<___; -.ident \"$output, version 1.0\" +.ident \"$output, version 1.1\" .ident \"IA-64 ISA artwork by Andy Polyakov \" .explicit .text +pfssave=r2; +lcsave=r3; prsave=r14; K=r15; A=r16; B=r17; C=r18; D=r19; @@ -121,6 +124,8 @@ ctx=r31; // 1st arg input=r48; // 2nd arg num=r49; // 3rd arg sgm0=r50; sgm1=r51; // small constants +A_=r54; B_=r55; C_=r56; D_=r57; +E_=r58; F_=r59; G_=r60; H_=r61; // void $func (SHA_CTX *ctx, const void *in,size_t num[,int host]) .global $func# @@ -128,82 +133,319 @@ sgm0=r50; sgm1=r51; // small constants .align 32 $func: .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 - .save pr,prsave -{ .mmi; alloc r2=ar.pfs,3,17,0,16 + .save ar.pfs,pfssave +{ .mmi; alloc pfssave=ar.pfs,3,27,0,16 $ADDP ctx=0,r32 // 1st arg - mov r3=ar.lc } + .save ar.lc,lcsave + mov lcsave=ar.lc } { .mmi; $ADDP input=0,r33 // 2nd arg - addl Ktbl=\@ltoff($TABLE#),gp + mov num=r34 // 3rd arg + .save pr,prsave mov prsave=pr };; .body -{ .mii; ld8 Ktbl=[Ktbl] - mov num=r34 };; // 3rd arg - { .mib; add r8=0*$SZ,ctx add r9=1*$SZ,ctx - brp.loop.imp .L_first16,.L_first16_ctop - } + brp.loop.imp .L_first16,.L_first16_end-16 } { .mib; add r10=2*$SZ,ctx add r11=3*$SZ,ctx - brp.loop.imp .L_rest,.L_rest_ctop - };; -// load A-H -{ .mmi; $LDW A=[r8],4*$SZ - $LDW B=[r9],4*$SZ - mov sgm0=$sigma0[2] } -{ .mmi; $LDW C=[r10],4*$SZ - $LDW D=[r11],4*$SZ - mov sgm1=$sigma1[2] };; -{ .mmi; $LDW E=[r8] - $LDW F=[r9] } -{ .mmi; $LDW G=[r10] - $LDW H=[r11] - cmp.ne p15,p14=0,r35 };; // used in sha256_block + brp.loop.imp .L_rest,.L_rest_end-16 };; +// load A-H +.Lpic_point: +{ .mmi; $LDW A_=[r8],4*$SZ + $LDW B_=[r9],4*$SZ + mov Ktbl=ip } +{ .mmi; $LDW C_=[r10],4*$SZ + $LDW D_=[r11],4*$SZ + mov sgm0=$sigma0[2] };; +{ .mmi; $LDW E_=[r8] + $LDW F_=[r9] + add Ktbl=($TABLE#-.Lpic_point),Ktbl } +{ .mmi; $LDW G_=[r10] + $LDW H_=[r11] + cmp.ne p0,p16=0,r0 };; // used in sha256_block +___ +$code.=<<___ if ($BITS==64); +{ .mii; and r8=7,input + and input=~7,input;; + cmp.eq p9,p0=1,r8 } +{ .mmi; cmp.eq p10,p0=2,r8 + cmp.eq p11,p0=3,r8 + cmp.eq p12,p0=4,r8 } +{ .mmi; cmp.eq p13,p0=5,r8 + cmp.eq p14,p0=6,r8 + cmp.eq p15,p0=7,r8 };; +___ +$code.=<<___; .L_outer: -{ .mii; mov ar.lc=15 - mov ar.ec=1 };; -.align 32 -.L_first16: .rotr X[16] +{ .mmi; mov A=A_ + mov B=B_ + mov ar.lc=14 } +{ .mmi; mov C=C_ + mov D=D_ + mov E=E_ } +{ .mmi; mov F=F_ + mov G=G_ + mov ar.ec=2 } +{ .mmi; ld1 X[15]=[input],$SZ // eliminated in 64-bit + mov H=H_ + mov sgm1=$sigma1[2] };; + ___ $t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); -{ .mib; (p14) add r9=1,input - (p14) add r10=2,input } -{ .mib; (p14) add r11=3,input - (p15) br.dptk.few .L_host };; -{ .mmi; (p14) ld1 r8=[input],$SZ - (p14) ld1 r9=[r9] } -{ .mmi; (p14) ld1 r10=[r10] - (p14) ld1 r11=[r11] };; -{ .mii; (p14) dep r9=r8,r9,8,8 - (p14) dep r11=r10,r11,8,8 };; -{ .mib; (p14) dep X[15]=r9,r11,16,16 };; -.L_host: -{ .mib; (p15) $LDW X[15]=[input],$SZ // X[i]=*input++ +.align 32 +.L_first16: +{ .mmi; add r9=1-$SZ,input + add r10=2-$SZ,input + add r11=3-$SZ,input };; +{ .mmi; ld1 r9=[r9] + ld1 r10=[r10] dep.z $t1=E,32,32 } -{ .mib; $LDW K=[Ktbl],$SZ +{ .mmi; $LDW K=[Ktbl],$SZ + ld1 r11=[r11] zxt4 E=E };; -{ .mmi; or $t1=$t1,E - and T1=F,E - and T2=A,B } +{ .mii; or $t1=$t1,E + dep X[15]=X[15],r9,8,8 + dep r11=r10,r11,8,8 };; +{ .mmi; and T1=F,E + and T2=A,B + dep X[15]=X[15],r11,16,16 } { .mmi; andcm r8=G,E and r9=A,C mux2 $t0=A,0x44 };; // copy lower half to upper -{ .mib; xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) +{ .mmi; (p16) ld1 X[15-1]=[input],$SZ // prefetch + xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14) { .mib; and r10=B,C xor T2=T2,r9 };; ___ $t0="A", $t1="E", $code.=<<___ if ($BITS==64); -{ .mmi; $LDW X[15]=[input],$SZ // X[i]=*input++ +// in 64-bit mode I load whole X[16] at once and take care of alignment... +{ .mmi; add r8=1*$SZ,input + add r9=2*$SZ,input + add r10=3*$SZ,input };; +{ .mmb; $LDW X[15]=[input],4*$SZ + $LDW X[14]=[r8],4*$SZ +(p9) br.cond.dpnt.many .L1byte };; +{ .mmb; $LDW X[13]=[r9],4*$SZ + $LDW X[12]=[r10],4*$SZ +(p10) br.cond.dpnt.many .L2byte };; +{ .mmb; $LDW X[11]=[input],4*$SZ + $LDW X[10]=[r8],4*$SZ +(p11) br.cond.dpnt.many .L3byte };; +{ .mmb; $LDW X[ 9]=[r9],4*$SZ + $LDW X[ 8]=[r10],4*$SZ +(p12) br.cond.dpnt.many .L4byte };; +{ .mmb; $LDW X[ 7]=[input],4*$SZ + $LDW X[ 6]=[r8],4*$SZ +(p13) br.cond.dpnt.many .L5byte };; +{ .mmb; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ +(p14) br.cond.dpnt.many .L6byte };; +{ .mmb; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ +(p15) br.cond.dpnt.many .L7byte };; +{ .mmb; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + br.many .L_first16 };; +.L1byte: +{ .mmi; $LDW X[13]=[r9],4*$SZ + $LDW X[12]=[r10],4*$SZ + shrp X[15]=X[15],X[14],56 };; +{ .mmi; $LDW X[11]=[input],4*$SZ + $LDW X[10]=[r8],4*$SZ + shrp X[14]=X[14],X[13],56 } +{ .mmi; $LDW X[ 9]=[r9],4*$SZ + $LDW X[ 8]=[r10],4*$SZ + shrp X[13]=X[13],X[12],56 };; +{ .mmi; $LDW X[ 7]=[input],4*$SZ + $LDW X[ 6]=[r8],4*$SZ + shrp X[12]=X[12],X[11],56 } +{ .mmi; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ + shrp X[11]=X[11],X[10],56 };; +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[10]=X[10],X[ 9],56 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[ 9]=X[ 9],X[ 8],56 };; +{ .mii; $LDW T1=[input] + shrp X[ 8]=X[ 8],X[ 7],56 + shrp X[ 7]=X[ 7],X[ 6],56 } +{ .mii; shrp X[ 6]=X[ 6],X[ 5],56 + shrp X[ 5]=X[ 5],X[ 4],56 };; +{ .mii; shrp X[ 4]=X[ 4],X[ 3],56 + shrp X[ 3]=X[ 3],X[ 2],56 } +{ .mii; shrp X[ 2]=X[ 2],X[ 1],56 + shrp X[ 1]=X[ 1],X[ 0],56 } +{ .mib; shrp X[ 0]=X[ 0],T1,56 + br.many .L_first16 };; +.L2byte: +{ .mmi; $LDW X[11]=[input],4*$SZ + $LDW X[10]=[r8],4*$SZ + shrp X[15]=X[15],X[14],48 } +{ .mmi; $LDW X[ 9]=[r9],4*$SZ + $LDW X[ 8]=[r10],4*$SZ + shrp X[14]=X[14],X[13],48 };; +{ .mmi; $LDW X[ 7]=[input],4*$SZ + $LDW X[ 6]=[r8],4*$SZ + shrp X[13]=X[13],X[12],48 } +{ .mmi; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ + shrp X[12]=X[12],X[11],48 };; +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[11]=X[11],X[10],48 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[10]=X[10],X[ 9],48 };; +{ .mii; $LDW T1=[input] + shrp X[ 9]=X[ 9],X[ 8],48 + shrp X[ 8]=X[ 8],X[ 7],48 } +{ .mii; shrp X[ 7]=X[ 7],X[ 6],48 + shrp X[ 6]=X[ 6],X[ 5],48 };; +{ .mii; shrp X[ 5]=X[ 5],X[ 4],48 + shrp X[ 4]=X[ 4],X[ 3],48 } +{ .mii; shrp X[ 3]=X[ 3],X[ 2],48 + shrp X[ 2]=X[ 2],X[ 1],48 } +{ .mii; shrp X[ 1]=X[ 1],X[ 0],48 + shrp X[ 0]=X[ 0],T1,48 } +{ .mfb; br.many .L_first16 };; +.L3byte: +{ .mmi; $LDW X[ 9]=[r9],4*$SZ + $LDW X[ 8]=[r10],4*$SZ + shrp X[15]=X[15],X[14],40 };; +{ .mmi; $LDW X[ 7]=[input],4*$SZ + $LDW X[ 6]=[r8],4*$SZ + shrp X[14]=X[14],X[13],40 } +{ .mmi; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ + shrp X[13]=X[13],X[12],40 };; +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[12]=X[12],X[11],40 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[11]=X[11],X[10],40 };; +{ .mii; $LDW T1=[input] + shrp X[10]=X[10],X[ 9],40 + shrp X[ 9]=X[ 9],X[ 8],40 } +{ .mii; shrp X[ 8]=X[ 8],X[ 7],40 + shrp X[ 7]=X[ 7],X[ 6],40 };; +{ .mii; shrp X[ 6]=X[ 6],X[ 5],40 + shrp X[ 5]=X[ 5],X[ 4],40 } +{ .mii; shrp X[ 4]=X[ 4],X[ 3],40 + shrp X[ 3]=X[ 3],X[ 2],40 } +{ .mii; shrp X[ 2]=X[ 2],X[ 1],40 + shrp X[ 1]=X[ 1],X[ 0],40 } +{ .mib; shrp X[ 0]=X[ 0],T1,40 + br.many .L_first16 };; +.L4byte: +{ .mmi; $LDW X[ 7]=[input],4*$SZ + $LDW X[ 6]=[r8],4*$SZ + shrp X[15]=X[15],X[14],32 } +{ .mmi; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ + shrp X[14]=X[14],X[13],32 };; +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[13]=X[13],X[12],32 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[12]=X[12],X[11],32 };; +{ .mii; $LDW T1=[input] + shrp X[11]=X[11],X[10],32 + shrp X[10]=X[10],X[ 9],32 } +{ .mii; shrp X[ 9]=X[ 9],X[ 8],32 + shrp X[ 8]=X[ 8],X[ 7],32 };; +{ .mii; shrp X[ 7]=X[ 7],X[ 6],32 + shrp X[ 6]=X[ 6],X[ 5],32 } +{ .mii; shrp X[ 5]=X[ 5],X[ 4],32 + shrp X[ 4]=X[ 4],X[ 3],32 } +{ .mii; shrp X[ 3]=X[ 3],X[ 2],32 + shrp X[ 2]=X[ 2],X[ 1],32 } +{ .mii; shrp X[ 1]=X[ 1],X[ 0],32 + shrp X[ 0]=X[ 0],T1,32 } +{ .mfb; br.many .L_first16 };; +.L5byte: +{ .mmi; $LDW X[ 5]=[r9],4*$SZ + $LDW X[ 4]=[r10],4*$SZ + shrp X[15]=X[15],X[14],24 };; +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[14]=X[14],X[13],24 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[13]=X[13],X[12],24 };; +{ .mii; $LDW T1=[input] + shrp X[12]=X[12],X[11],24 + shrp X[11]=X[11],X[10],24 } +{ .mii; shrp X[10]=X[10],X[ 9],24 + shrp X[ 9]=X[ 9],X[ 8],24 };; +{ .mii; shrp X[ 8]=X[ 8],X[ 7],24 + shrp X[ 7]=X[ 7],X[ 6],24 } +{ .mii; shrp X[ 6]=X[ 6],X[ 5],24 + shrp X[ 5]=X[ 5],X[ 4],24 } +{ .mii; shrp X[ 4]=X[ 4],X[ 3],24 + shrp X[ 3]=X[ 3],X[ 2],24 } +{ .mii; shrp X[ 2]=X[ 2],X[ 1],24 + shrp X[ 1]=X[ 1],X[ 0],24 } +{ .mib; shrp X[ 0]=X[ 0],T1,24 + br.many .L_first16 };; +.L6byte: +{ .mmi; $LDW X[ 3]=[input],4*$SZ + $LDW X[ 2]=[r8],4*$SZ + shrp X[15]=X[15],X[14],16 } +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[14]=X[14],X[13],16 };; +{ .mii; $LDW T1=[input] + shrp X[13]=X[13],X[12],16 + shrp X[12]=X[12],X[11],16 } +{ .mii; shrp X[11]=X[11],X[10],16 + shrp X[10]=X[10],X[ 9],16 };; +{ .mii; shrp X[ 9]=X[ 9],X[ 8],16 + shrp X[ 8]=X[ 8],X[ 7],16 } +{ .mii; shrp X[ 7]=X[ 7],X[ 6],16 + shrp X[ 6]=X[ 6],X[ 5],16 } +{ .mii; shrp X[ 5]=X[ 5],X[ 4],16 + shrp X[ 4]=X[ 4],X[ 3],16 } +{ .mii; shrp X[ 3]=X[ 3],X[ 2],16 + shrp X[ 2]=X[ 2],X[ 1],16 } +{ .mii; shrp X[ 1]=X[ 1],X[ 0],16 + shrp X[ 0]=X[ 0],T1,16 } +{ .mfb; br.many .L_first16 };; +.L7byte: +{ .mmi; $LDW X[ 1]=[r9],4*$SZ + $LDW X[ 0]=[r10],4*$SZ + shrp X[15]=X[15],X[14],8 };; +{ .mii; $LDW T1=[input] + shrp X[14]=X[14],X[13],8 + shrp X[13]=X[13],X[12],8 } +{ .mii; shrp X[12]=X[12],X[11],8 + shrp X[11]=X[11],X[10],8 };; +{ .mii; shrp X[10]=X[10],X[ 9],8 + shrp X[ 9]=X[ 9],X[ 8],8 } +{ .mii; shrp X[ 8]=X[ 8],X[ 7],8 + shrp X[ 7]=X[ 7],X[ 6],8 } +{ .mii; shrp X[ 6]=X[ 6],X[ 5],8 + shrp X[ 5]=X[ 5],X[ 4],8 } +{ .mii; shrp X[ 4]=X[ 4],X[ 3],8 + shrp X[ 3]=X[ 3],X[ 2],8 } +{ .mii; shrp X[ 2]=X[ 2],X[ 1],8 + shrp X[ 1]=X[ 1],X[ 0],8 } +{ .mib; shrp X[ 0]=X[ 0],T1,8 + br.many .L_first16 };; + +.align 32 +.L_first16: +{ .mmi; $LDW K=[Ktbl],$SZ and T1=F,E and T2=A,B } -{ .mmi; $LDW K=[Ktbl],$SZ +{ .mmi; //$LDW X[15]=[input],$SZ // X[i]=*input++ andcm r8=G,E and r9=A,C };; { .mmi; xor T1=T1,r8 //T1=((e & f) ^ (~e & g)) @@ -236,13 +478,14 @@ $code.=<<___; { .mmi; xor r10=r8,r10 // r10=Sigma0(a) mov B=A add A=T1,T2 };; -.L_first16_ctop: { .mib; add E=E,T1 add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) br.ctop.sptk .L_first16 };; +.L_first16_end: + +{ .mii; mov ar.lc=$rounds-17 + mov ar.ec=1 };; -{ .mib; mov ar.lc=$rounds-17 } -{ .mib; mov ar.ec=1 };; .align 32 .L_rest: .rotr X[16] @@ -311,46 +554,38 @@ $code.=<<___; { .mmi; xor r10=r8,r10 // r10=Sigma0(a) mov B=A add A=T1,T2 };; -.L_rest_ctop: { .mib; add E=E,T1 add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) br.ctop.sptk .L_rest };; +.L_rest_end: + +{ .mmi; add A_=A_,A + add B_=B_,B + add C_=C_,C } +{ .mmi; add D_=D_,D + add E_=E_,E + cmp.ltu p16,p0=1,num };; +{ .mmi; add F_=F_,F + add G_=G_,G + add H_=H_,H } +{ .mmb; add Ktbl=-$SZ*$rounds,Ktbl +(p16) add num=-1,num +(p16) br.dptk.many .L_outer };; { .mib; add r8=0*$SZ,ctx add r9=1*$SZ,ctx } { .mib; add r10=2*$SZ,ctx add r11=3*$SZ,ctx };; -{ .mmi; $LDW r32=[r8],4*$SZ - $LDW r33=[r9],4*$SZ } -{ .mmi; $LDW r34=[r10],4*$SZ - $LDW r35=[r11],4*$SZ - cmp.ltu p6,p7=1,num };; -{ .mmi; $LDW r36=[r8],-4*$SZ - $LDW r37=[r9],-4*$SZ -(p6) add Ktbl=-$SZ*$rounds,Ktbl } -{ .mmi; $LDW r38=[r10],-4*$SZ - $LDW r39=[r11],-4*$SZ -(p7) mov ar.lc=r3 };; -{ .mmi; add A=A,r32 - add B=B,r33 - add C=C,r34 } -{ .mmi; add D=D,r35 - add E=E,r36 - add F=F,r37 };; -{ .mmi; $STW [r8]=A,4*$SZ - $STW [r9]=B,4*$SZ - add G=G,r38 } -{ .mmi; $STW [r10]=C,4*$SZ - $STW [r11]=D,4*$SZ - add H=H,r39 };; -{ .mmi; $STW [r8]=E - $STW [r9]=F -(p6) add num=-1,num } -{ .mmb; $STW [r10]=G - $STW [r11]=H -(p6) br.dptk.many .L_outer };; - -{ .mib; mov pr=prsave,0x1ffff +{ .mmi; $STW [r8]=A_,4*$SZ + $STW [r9]=B_,4*$SZ + mov ar.lc=lcsave } +{ .mmi; $STW [r10]=C_,4*$SZ + $STW [r11]=D_,4*$SZ + mov pr=prsave,0x1ffff };; +{ .mmb; $STW [r8]=E_ + $STW [r9]=F_ } +{ .mmb; $STW [r10]=G_ + $STW [r11]=H_ br.ret.sptk.many b0 };; .endp $func# ___ @@ -359,7 +594,10 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm; if ($BITS==64) { $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm; - $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian); + $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian); + $code =~ s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm + if (!$big_endian); + $code =~ s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm; } print $code; @@ -384,6 +622,7 @@ K256: data4 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 data4 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 data4 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256#,$SZ*$rounds +stringz "SHA256 block transform for IA64, CRYPTOGAMS by " ___ print<<___ if ($BITS==64); .align 64 @@ -429,4 +668,5 @@ K512: data8 0x428a2f98d728ae22,0x7137449123ef65cd data8 0x4cc5d4becb3e42b6,0x597f299cfc657e2a data8 0x5fcb6fab3ad6faec,0x6c44198c4a475817 .size K512#,$SZ*$rounds +stringz "SHA512 block transform for IA64, CRYPTOGAMS by " ___ diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl new file mode 100755 index 0000000000000..b6252d31eca20 --- /dev/null +++ b/crypto/sha/asm/sha512-x86_64.pl @@ -0,0 +1,344 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# sha256/512_block procedure for x86_64. +# +# 40% improvement over compiler-generated code on Opteron. On EM64T +# sha256 was observed to run >80% faster and sha512 - >40%. No magical +# tricks, just straight implementation... I really wonder why gcc +# [being armed with inline assembler] fails to generate as fast code. +# The only thing which is cool about this module is that it's very +# same instruction sequence used for both SHA-256 and SHA-512. In +# former case the instructions operate on 32-bit operands, while in +# latter - on 64-bit ones. All I had to do is to get one flavor right, +# the other one passed the test right away:-) +# +# sha256_block runs in ~1005 cycles on Opteron, which gives you +# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock +# frequency in GHz. sha512_block runs in ~1275 cycles, which results +# in 128*1000/1275=100MBps per GHz. Is there room for improvement? +# Well, if you compare it to IA-64 implementation, which maintains +# X[16] in register bank[!], tends to 4 instructions per CPU clock +# cycle and runs in 1003 cycles, 1275 is very good result for 3-way +# issue Opteron pipeline and X[16] maintained in memory. So that *if* +# there is a way to improve it, *then* the only way would be to try to +# offload X[16] updates to SSE unit, but that would require "deeper" +# loop unroll, which in turn would naturally cause size blow-up, not +# to mention increased complexity! And once again, only *if* it's +# actually possible to noticeably improve overall ILP, instruction +# level parallelism, on a given CPU implementation in this case. +# +# Special note on Intel EM64T. While Opteron CPU exhibits perfect +# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above], +# [currently available] EM64T CPUs apparently are far from it. On the +# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit +# sha256_block:-( This is presumably because 64-bit shifts/rotates +# apparently are not atomic instructions, but implemented in microcode. + +$output=shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $output"; + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $TABLE="K512"; + $SZ=8; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", + "%r8", "%r9", "%r10","%r11"); + ($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15"); + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; +} else { + $func="sha256_block_data_order"; + $TABLE="K256"; + $SZ=4; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", + "%r8d","%r9d","%r10d","%r11d"); + ($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d"); + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; +} + +$ctx="%rdi"; # 1st arg +$round="%rdi"; # zaps $ctx +$inp="%rsi"; # 2nd arg +$Tbl="%rbp"; + +$_ctx="16*$SZ+0*8(%rsp)"; +$_inp="16*$SZ+1*8(%rsp)"; +$_end="16*$SZ+2*8(%rsp)"; +$_rsp="16*$SZ+3*8(%rsp)"; +$framesz="16*$SZ+4*8"; + + +sub ROUND_00_15() +{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + mov $e,$a0 + mov $e,$a1 + mov $f,$a2 + + ror \$$Sigma1[0],$a0 + ror \$$Sigma1[1],$a1 + xor $g,$a2 # f^g + + xor $a1,$a0 + ror \$`$Sigma1[2]-$Sigma1[1]`,$a1 + and $e,$a2 # (f^g)&e + mov $T1,`$SZ*($i&0xf)`(%rsp) + + xor $a1,$a0 # Sigma1(e) + xor $g,$a2 # Ch(e,f,g)=((f^g)&e)^g + add $h,$T1 # T1+=h + + mov $a,$h + add $a0,$T1 # T1+=Sigma1(e) + + add $a2,$T1 # T1+=Ch(e,f,g) + mov $a,$a0 + mov $a,$a1 + + ror \$$Sigma0[0],$h + ror \$$Sigma0[1],$a0 + mov $a,$a2 + add ($Tbl,$round,$SZ),$T1 # T1+=K[round] + + xor $a0,$h + ror \$`$Sigma0[2]-$Sigma0[1]`,$a0 + or $c,$a1 # a|c + + xor $a0,$h # h=Sigma0(a) + and $c,$a2 # a&c + add $T1,$d # d+=T1 + + and $b,$a1 # (a|c)&b + add $T1,$h # h+=T1 + + or $a2,$a1 # Maj(a,b,c)=((a|c)&b)|(a&c) + lea 1($round),$round # round++ + + add $a1,$h # h+=Maj(a,b,c) +___ +} + +sub ROUND_16_XX() +{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + mov `$SZ*(($i+1)&0xf)`(%rsp),$a0 + mov `$SZ*(($i+14)&0xf)`(%rsp),$T1 + + mov $a0,$a2 + + shr \$$sigma0[2],$a0 + ror \$$sigma0[0],$a2 + + xor $a2,$a0 + ror \$`$sigma0[1]-$sigma0[0]`,$a2 + + xor $a2,$a0 # sigma0(X[(i+1)&0xf]) + mov $T1,$a1 + + shr \$$sigma1[2],$T1 + ror \$$sigma1[0],$a1 + + xor $a1,$T1 + ror \$`$sigma1[1]-$sigma1[0]`,$a1 + + xor $a1,$T1 # sigma1(X[(i+14)&0xf]) + + add $a0,$T1 + + add `$SZ*(($i+9)&0xf)`(%rsp),$T1 + + add `$SZ*($i&0xf)`(%rsp),$T1 +___ + &ROUND_00_15(@_); +} + +$code=<<___; +.text + +.globl $func +.type $func,\@function,4 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + mov %rsp,%rbp # copy %rsp + shl \$4,%rdx # num*16 + sub \$$framesz,%rsp + lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ + and \$-64,%rsp # align stack frame + mov $ctx,$_ctx # save ctx, 1st arg + mov $inp,$_inp # save inp, 2nd arh + mov %rdx,$_end # save end pointer, "3rd" arg + mov %rbp,$_rsp # save copy of %rsp + + .picmeup $Tbl + lea $TABLE-.($Tbl),$Tbl + + mov $SZ*0($ctx),$A + mov $SZ*1($ctx),$B + mov $SZ*2($ctx),$C + mov $SZ*3($ctx),$D + mov $SZ*4($ctx),$E + mov $SZ*5($ctx),$F + mov $SZ*6($ctx),$G + mov $SZ*7($ctx),$H + jmp .Lloop + +.align 16 +.Lloop: + xor $round,$round +___ + for($i=0;$i<16;$i++) { + $code.=" mov $SZ*$i($inp),$T1\n"; + $code.=" bswap $T1\n"; + &ROUND_00_15($i,@ROT); + unshift(@ROT,pop(@ROT)); + } +$code.=<<___; + jmp .Lrounds_16_xx +.align 16 +.Lrounds_16_xx: +___ + for(;$i<32;$i++) { + &ROUND_16_XX($i,@ROT); + unshift(@ROT,pop(@ROT)); + } + +$code.=<<___; + cmp \$$rounds,$round + jb .Lrounds_16_xx + + mov $_ctx,$ctx + lea 16*$SZ($inp),$inp + + add $SZ*0($ctx),$A + add $SZ*1($ctx),$B + add $SZ*2($ctx),$C + add $SZ*3($ctx),$D + add $SZ*4($ctx),$E + add $SZ*5($ctx),$F + add $SZ*6($ctx),$G + add $SZ*7($ctx),$H + + cmp $_end,$inp + + mov $A,$SZ*0($ctx) + mov $B,$SZ*1($ctx) + mov $C,$SZ*2($ctx) + mov $D,$SZ*3($ctx) + mov $E,$SZ*4($ctx) + mov $F,$SZ*5($ctx) + mov $G,$SZ*6($ctx) + mov $H,$SZ*7($ctx) + jb .Lloop + + mov $_rsp,%rsp + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + + ret +.size $func,.-$func +___ + +if ($SZ==4) { +$code.=<<___; +.align 64 +.type $TABLE,\@object +$TABLE: + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ +} else { +$code.=<<___; +.align 64 +.type $TABLE,\@object +$TABLE: + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index b0650c7254f2e..6feb3964c7577 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -106,7 +106,7 @@ static char *pt(unsigned char *md); int main(int argc, char *argv[]) { int i,err=0; - unsigned char **P,**R; + char **P,**R; static unsigned char buf[1000]; char *p,*r; EVP_MD_CTX c; @@ -118,8 +118,8 @@ int main(int argc, char *argv[]) #endif EVP_MD_CTX_init(&c); - P=(unsigned char **)test; - R=(unsigned char **)ret; + P=test; + R=ret; i=1; while (*P != NULL) { diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 05ae9445db11e..867f90cc97c3d 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -69,17 +69,11 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) int SHA224_Final (unsigned char *md, SHA256_CTX *c) { return SHA256_Final (md,c); } -#ifndef SHA_LONG_LOG2 -#define SHA_LONG_LOG2 2 /* default to 32 bits */ -#endif - #define DATA_ORDER_IS_BIG_ENDIAN #define HASH_LONG SHA_LONG -#define HASH_LONG_LOG2 SHA_LONG_LOG2 #define HASH_CTX SHA256_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_LBLOCK SHA_LBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." * default: case below covers for it. It's not clear however if it's @@ -90,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) */ #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - unsigned int n; \ + unsigned int xn; \ switch ((c)->md_len) \ { case SHA224_DIGEST_LENGTH: \ - for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ break; \ case SHA256_DIGEST_LENGTH: \ - for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ break; \ default: \ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ return 0; \ - for (n=0;n<(c)->md_len/4;n++) \ - { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \ + for (xn=0;xn<(c)->md_len/4;xn++) \ + { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ break; \ } \ } while (0) @@ -112,16 +106,15 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) #define HASH_UPDATE SHA256_Update #define HASH_TRANSFORM SHA256_Transform #define HASH_FINAL SHA256_Final -#define HASH_BLOCK_HOST_ORDER sha256_block_host_order #define HASH_BLOCK_DATA_ORDER sha256_block_data_order -void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num); +#ifndef SHA256_ASM +static +#endif void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); #include "md32_common.h" -#ifdef SHA256_ASM -void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host); -#else +#ifndef SHA256_ASM static const SHA_LONG K256[64] = { 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, @@ -155,10 +148,10 @@ static const SHA_LONG K256[64] = { #ifdef OPENSSL_SMALL_FOOTPRINT -static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) { unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; - SHA_LONG X[16]; + SHA_LONG X[16],l; int i; const unsigned char *data=in; @@ -167,33 +160,13 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - if (host) - { - const SHA_LONG *W=(const SHA_LONG *)data; - - for (i=0;i<16;i++) - { - T1 = X[i] = W[i]; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - data += SHA256_CBLOCK; - } - else + for (i=0;i<16;i++) { - SHA_LONG l; - - for (i=0;i<16;i++) - { - HOST_c2l(data,l); T1 = X[i] = l; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } + HOST_c2l(data,l); T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; } for (;i<64;i++) @@ -227,19 +200,20 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) { unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; SHA_LONG X[16]; int i; const unsigned char *data=in; + const union { long one; char little; } is_endian = {1}; while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - if (host) + if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) { const SHA_LONG *W=(const SHA_LONG *)data; @@ -305,15 +279,4 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) #endif #endif /* SHA256_ASM */ -/* - * Idea is to trade couple of cycles for some space. On IA-32 we save - * about 4K in "big footprint" case. In "small footprint" case any gain - * is appreciated:-) - */ -void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num) -{ sha256_block (ctx,in,num,1); } - -void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) -{ sha256_block (ctx,in,num,0); } - #endif /* OPENSSL_NO_SHA256 */ diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 39d18b8fb46ec..987fc07c99d17 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -52,7 +52,10 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; -#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(SHA512_ASM) #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif @@ -89,7 +92,7 @@ int SHA512_Init (SHA512_CTX *c) #ifndef SHA512_ASM static #endif -void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); +void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final (unsigned char *md, SHA512_CTX *c) { @@ -100,7 +103,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) n++; if (n > (sizeof(c->u)-16)) memset (p+n,0,sizeof(c->u)-n), n=0, - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); memset (p+n,0,sizeof(c->u)-16-n); #ifdef B_ENDIAN @@ -125,7 +128,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); #endif - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); if (md==0) return 0; @@ -197,7 +200,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) else { memcpy (p+c->num,data,n), c->num = 0; len-=n, data+=n; - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); } } @@ -207,12 +210,12 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if ((size_t)data%sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy (p,data,sizeof(c->u)), - sha512_block (c,p,1), + sha512_block_data_order (c,p,1), len -= sizeof(c->u), data += sizeof(c->u); else #endif - sha512_block (c,data,len/sizeof(c->u)), + sha512_block_data_order (c,data,len/sizeof(c->u)), data += len, len %= sizeof(c->u), data -= len; @@ -227,7 +230,7 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) { return SHA512_Update (c,data,len); } void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) -{ sha512_block (c,data,1); } +{ sha512_block_data_order (c,data,1); } unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) { @@ -301,40 +304,78 @@ static const SHA_LONG64 K512[80] = { #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__x86_64) || defined(__x86_64__) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ - asm ("bswapq %0" \ - : "=r"(ret) \ - : "0"(ret)); ret; }) -# endif -# endif -#endif - -#ifndef PULL64 -#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -#endif - -#ifndef PEDANTIC -# if defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# define ROTR(a,n) _rotr64((a),n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) # define ROTR(a,n) ({ unsigned long ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ : "cc"); ret; }) -# elif defined(_ARCH_PPC) && defined(__64BIT__) +# if !defined(B_ENDIAN) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# endif +# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +# if defined(I386_ONLY) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ + "roll $16,%%eax; roll $16,%%edx; "\ + "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ + : "=a"(lo),"=d"(hi) \ + : "0"(lo),"1"(hi) : "cc"); \ + ((SHA_LONG64)hi)<<32|lo; }) +# else +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) +# endif +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) # define ROTR(a,n) ({ unsigned long ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) # endif +# elif defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# define ROTR(a,n) _rotr64((a),n) +# endif +# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(I386_ONLY) + static SHA_LONG64 __fastcall __pull64be(const void *x) + { _asm mov edx, [ecx + 0] + _asm mov eax, [ecx + 4] + _asm xchg dh,dl + _asm xchg ah,al + _asm rol edx,16 + _asm rol eax,16 + _asm xchg dh,dl + _asm xchg ah,al + } +# else + static SHA_LONG64 __fastcall __pull64be(const void *x) + { _asm mov edx, [ecx + 0] + _asm mov eax, [ecx + 4] + _asm bswap edx + _asm bswap eax + } +# endif +# define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) +# endif +# endif # endif #endif +#ifndef PULL64 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +#endif + #ifndef ROTR #define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) #endif @@ -357,7 +398,7 @@ static const SHA_LONG64 K512[80] = { #ifdef OPENSSL_SMALL_FOOTPRINT -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; @@ -418,7 +459,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 6281313a45568..e37e5726e33dc 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -62,17 +62,11 @@ #include #include -#ifndef SHA_LONG_LOG2 -#define SHA_LONG_LOG2 2 /* default to 32 bits */ -#endif - #define DATA_ORDER_IS_BIG_ENDIAN #define HASH_LONG SHA_LONG -#define HASH_LONG_LOG2 SHA_LONG_LOG2 #define HASH_CTX SHA_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_LBLOCK SHA_LBLOCK #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->h0; HOST_l2c(ll,(s)); \ @@ -88,12 +82,10 @@ # define HASH_TRANSFORM SHA_Transform # define HASH_FINAL SHA_Final # define HASH_INIT SHA_Init -# define HASH_BLOCK_HOST_ORDER sha_block_host_order # define HASH_BLOCK_DATA_ORDER sha_block_data_order # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - void sha_block_host_order (SHA_CTX *c, const void *p,size_t num); - void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); +static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); #elif defined(SHA_1) @@ -101,7 +93,6 @@ # define HASH_TRANSFORM SHA1_Transform # define HASH_FINAL SHA1_Final # define HASH_INIT SHA1_Init -# define HASH_BLOCK_HOST_ORDER sha1_block_host_order # define HASH_BLOCK_DATA_ORDER sha1_block_data_order # if defined(__MWERKS__) && defined(__MC68K__) /* Metrowerks for Motorola fails otherwise:-( */ @@ -114,24 +105,10 @@ ) # endif -# ifdef SHA1_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# if !defined(B_ENDIAN) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order -# endif -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# endif -# endif - void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num); - void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); +#ifndef SHA1_ASM +static +#endif +void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #else # error "Either SHA_0 or SHA_1 must be defined." @@ -229,133 +206,8 @@ int HASH_INIT (SHA_CTX *c) # define X(i) XX[i] #endif -#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) - { - const SHA_LONG *W=d; - register unsigned MD32_REG_T A,B,C,D,E,T; -#ifndef MD32_XARRAY - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; -#else - SHA_LONG XX[16]; -#endif - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); - BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); - BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); - BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); - BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); - BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); - BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); - BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); - BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); - BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); - BODY_00_15(10,C,D,E,T,A,B,W[10]); - BODY_00_15(11,B,C,D,E,T,A,W[11]); - BODY_00_15(12,A,B,C,D,E,T,W[12]); - BODY_00_15(13,T,A,B,C,D,E,W[13]); - BODY_00_15(14,E,T,A,B,C,D,W[14]); - BODY_00_15(15,D,E,T,A,B,C,W[15]); - - BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); - BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); - BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); - BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); - - BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); - BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); - BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); - BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); - BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); - BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); - BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); - BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); - BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); - BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); - BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); - BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); - - BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); - BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); - BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); - BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); - BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); - BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); - BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); - BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); - - BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); - BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); - BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); - BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); - BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); - BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); - BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); - BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); - BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); - BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); - BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); - BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); - BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); - BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); - BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); - BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); - - BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); - BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); - BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); - BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); - BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); - BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); - BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); - BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); - BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); - BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); - BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); - BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); - BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); - BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); - BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); - BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); - BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); - BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); - BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); - BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); - - c->h0=(c->h0+E)&0xffffffffL; - c->h1=(c->h1+T)&0xffffffffL; - c->h2=(c->h2+A)&0xffffffffL; - c->h3=(c->h3+B)&0xffffffffL; - c->h4=(c->h4+C)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - W+=SHA_LBLOCK; - } - } -#endif - -#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +#if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E,T,l; @@ -373,25 +225,53 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) E=c->h4; for (;;) - { + { + const union { long one; char little; } is_endian = {1}; - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; - BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; - BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; - BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; - BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; - BODY_00_15(14,E,T,A,B,C,D,X(14)); - BODY_00_15(15,D,E,T,A,B,C,X(15)); + if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + X( 0) = W[0]; X( 1) = W[ 1]; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; + BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; + BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; + BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; + BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + + data += SHA_CBLOCK; + } + else + { + HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + } BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); @@ -476,7 +356,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) D=c->h3; E=c->h4; - } + } } #endif @@ -511,54 +391,8 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) E=D, D=C, C=ROTATE(B,30), B=A; \ A=ROTATE(A,5)+T+xa; } while(0) -#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) - { - const SHA_LONG *W=d; - register unsigned MD32_REG_T A,B,C,D,E,T; - int i; - SHA_LONG X[16]; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - for (i=0;i<16;i++) - { X[i]=W[i]; BODY_00_15(X[i]); } - for (i=0;i<4;i++) - { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } - for (;i<24;i++) - { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } - for (i=0;i<20;i++) - { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - for (i=4;i<24;i++) - { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - - c->h0=(c->h0+A)&0xffffffffL; - c->h1=(c->h1+B)&0xffffffffL; - c->h2=(c->h2+C)&0xffffffffL; - c->h3=(c->h3+D)&0xffffffffL; - c->h4=(c->h4+E)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - W+=SHA_LBLOCK; - } - } -#endif - -#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +#if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E,T,l; diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index bfb11f0a5f2cf..ed0fe06a7bee4 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -106,7 +106,7 @@ static char *pt(unsigned char *md); int main(int argc, char *argv[]) { int i,err=0; - unsigned char **P,**R; + char **P,**R; static unsigned char buf[1000]; char *p,*r; EVP_MD_CTX c; @@ -118,8 +118,8 @@ int main(int argc, char *argv[]) #endif EVP_MD_CTX_init(&c); - P=(unsigned char **)test; - R=(unsigned char **)ret; + P=test; + R=ret; i=1; while (*P != NULL) { diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index d496f365c2703..40b17902e0746 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -57,11 +57,20 @@ #include -typedef void (*openssl_fptr)(void); -#define openssl_fcast(f) ((openssl_fptr)f) - #ifdef DEBUG_SAFESTACK +#ifndef CHECKED_PTR_OF +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#endif + +#define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +#define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const char * const *, const char * const *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + #define STACK_OF(type) struct stack_st_##type #define PREDECLARE_STACK_OF(type) STACK_OF(type); @@ -76,76 +85,71 @@ STACK_OF(type) \ /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk__... instead */ #define SKM_sk_new(type, cmp) \ - ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp) + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) #define SKM_sk_new_null(type) \ - ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))() + ((STACK_OF(type) *)sk_new_null()) #define SKM_sk_free(type, st) \ - ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st) + sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_num(type, st) \ - ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st) + sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_value(type, st,i) \ - ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i) + ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) #define SKM_sk_set(type, st,i,val) \ - ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val) + sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) #define SKM_sk_zero(type, st) \ - ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st) + sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_push(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val) + sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) #define SKM_sk_unshift(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val) + sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) #define SKM_sk_find(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val) + sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) #define SKM_sk_delete(type, st,i) \ - ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i) + (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) #define SKM_sk_delete_ptr(type, st,ptr) \ - ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr) + (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) #define SKM_sk_insert(type, st,val,i) \ - ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i) + sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) #define SKM_sk_set_cmp_func(type, st,cmp) \ - ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ - (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\ - (st, cmp) + ((int (*)(const type * const *,const type * const *)) \ + sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) #define SKM_sk_dup(type, st) \ - ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st) + (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_pop_free(type, st,free_func) \ - ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\ - (st, free_func) + sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) #define SKM_sk_shift(type, st) \ - ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st) + (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_pop(type, st) \ - ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st) + (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_sort(type, st) \ - ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st) + sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_sk_is_sorted(type, st) \ - ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st) + sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -((STACK_OF(type) * (*) (STACK_OF(type) **,const unsigned char **, long , \ - type *(*)(type **, const unsigned char **,long), \ - void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \ - (st,pp,length, d2i_func, free_func, ex_tag,ex_class) + (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \ + pp, length, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + ex_tag, ex_class) + #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - ((int (*)(STACK_OF(type) *,unsigned char **, \ - int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \ - (st,pp,i2d_func,ex_tag,ex_class,is_set) + i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ + CHECKED_I2D_OF(type, i2d_func), \ + ex_tag, ex_class, is_set) #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ((unsigned char *(*)(STACK_OF(type) *, \ - int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \ - (st, i2d_func, buf, len) + ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ + CHECKED_I2D_OF(type, i2d_func), buf, len) + #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ((STACK_OF(type) * (*)(const unsigned char *,int, \ - type *(*)(type **,const unsigned char **, long), \ - void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \ - (buf,len,d2i_func, free_func) + (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - ((STACK_OF(type) * (*)(X509_ALGOR *, \ - type *(*)(type **, const unsigned char **, long), \ - void (*)(type *), \ - const char *, int, \ - ASN1_STRING *, int))PKCS12_decrypt_d2i) \ - (algor,d2i_func,free_func,pass,passlen,oct,seq) + (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + pass, passlen, oct, seq) #else @@ -171,7 +175,7 @@ STACK_OF(type) \ #define SKM_sk_push(type, st,val) \ sk_push(st, (char *)val) #define SKM_sk_unshift(type, st,val) \ - sk_unshift(st, val) + sk_unshift(st, (char *)val) #define SKM_sk_find(type, st,val) \ sk_find(st, (char *)val) #define SKM_sk_delete(type, st,i) \ @@ -410,6 +414,94 @@ STACK_OF(type) \ #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) +#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) + +#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) + +#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) + +#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) + #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) @@ -608,6 +700,28 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) @@ -872,6 +986,50 @@ STACK_OF(type) \ #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) +#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) + +#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) + #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) @@ -960,6 +1118,28 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index c0ad763e9a1cc..32ae5bd3957df 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -236,7 +236,7 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) #define check_store(s,fncode,fnname,fnerrcode) \ do \ { \ - if ((s) == NULL || (s)->meth) \ + if ((s) == NULL || (s)->meth == NULL) \ { \ STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ return 0; \ diff --git a/crypto/symhacks.h b/crypto/symhacks.h index 7e3602d2ea438..64528ad5c2ef7 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -342,6 +342,20 @@ #undef STORE_method_get_unlock_store_function #define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn +/* Hack some long CMS names */ +#undef CMS_RecipientInfo_ktri_get0_algs +#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +#undef CMS_RecipientInfo_ktri_get0_signer_id +#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +#undef CMS_OtherRevocationInfoFormat_it +#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +#undef CMS_KeyAgreeRecipientIdentifier_it +#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +#undef CMS_OriginatorIdentifierOrKey_it +#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +#undef cms_SignerIdentifier_get0_signer_id +#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id + #endif /* defined OPENSSL_SYS_VMS */ @@ -381,3 +395,6 @@ #endif /* ! defined HEADER_VMS_IDHACKS_H */ +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 16a954f709941..e71b5257e5761 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -146,9 +146,10 @@ struct X509_algor_st ASN1_TYPE *parameter; } /* X509_ALGOR */; -DECLARE_STACK_OF(X509_ALGOR) DECLARE_ASN1_SET_OF(X509_ALGOR) +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + typedef struct X509_val_st { ASN1_TIME *notBefore; @@ -203,6 +204,8 @@ typedef struct X509_extension_st ASN1_OCTET_STRING *value; } X509_EXTENSION; +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + DECLARE_STACK_OF(X509_EXTENSION) DECLARE_ASN1_SET_OF(X509_EXTENSION) @@ -862,6 +865,10 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor); + X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -883,6 +890,7 @@ X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) @@ -918,6 +926,7 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) @@ -1191,6 +1200,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type, const unsigned char *bytes, int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 65968c4944aab..98460e8921534 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -67,8 +67,7 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { - if (!x) return 0; - return(sk_X509_ATTRIBUTE_num(x)); + return sk_X509_ATTRIBUTE_num(x); } int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, @@ -193,6 +192,22 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, return ret; } +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + ASN1_OBJECT *obj, int lastpos, int type) +{ + int i; + X509_ATTRIBUTE *at; + i = X509at_get_attr_by_OBJ(x, obj, lastpos); + if (i == -1) + return NULL; + if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) + return NULL; + at = X509at_get_attr(x, i); + if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) + return NULL; + return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); +} + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len) { @@ -230,7 +245,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, goto err; if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) goto err; - + if ((attr != NULL) && (*attr == NULL)) *attr=ret; return(ret); err: @@ -270,8 +285,8 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) { ASN1_TYPE *ttmp; - ASN1_STRING *stmp; - int atype; + ASN1_STRING *stmp = NULL; + int atype = 0; if (!attr) return 0; if(attrtype & MBSTRING_FLAG) { stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, @@ -281,16 +296,28 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat return 0; } atype = stmp->type; - } else { + } else if (len != -1){ if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; if(!ASN1_STRING_set(stmp, data, len)) goto err; atype = attrtype; } if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + attr->single = 0; + /* This is a bit naughty because the attribute should really have + * at least one value but some types use and zero length SET and + * require this. + */ + if (attrtype == 0) + return 1; if(!(ttmp = ASN1_TYPE_new())) goto err; + if ((len == -1) && !(attrtype & MBSTRING_FLAG)) + { + if (!ASN1_TYPE_set1(ttmp, attrtype, data)) + goto err; + } + else + ASN1_TYPE_set(ttmp, atype, stmp); if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; - attr->single = 0; - ASN1_TYPE_set(ttmp, atype, stmp); return 1; err: X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index a80c87eef3a97..73a8ec726feef 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -129,7 +129,7 @@ const char *X509_verify_cert_error_string(long n) case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: return("proxy path length constraint exceeded"); case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: - return("proxy cerificates not allowed, please set the appropriate flag"); + return("proxy certificates not allowed, please set the appropriate flag"); case X509_V_ERR_INVALID_PURPOSE: return ("unsupported certificate purpose"); case X509_V_ERR_CERT_UNTRUSTED: diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 07df21f6b975a..336c40ddd7e7d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -164,7 +164,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) goto end; } CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); - sk_X509_delete_ptr(sktmp,xtmp); + (void)sk_X509_delete_ptr(sktmp,xtmp); ctx->last_untrusted++; x=xtmp; num++; @@ -214,7 +214,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ X509_free(x); x = xtmp; - sk_X509_set(ctx->chain, i - 1, x); + (void)sk_X509_set(ctx->chain, i - 1, x); ctx->last_untrusted=0; } } @@ -394,7 +394,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) #ifdef OPENSSL_NO_CHAIN_VERIFY return 1; #else - int i, ok=0, must_be_ca; + int i, ok=0, must_be_ca, plen = 0; X509 *x; int (*cb)(int xok,X509_STORE_CTX *xctx); int proxy_path_length = 0; @@ -495,9 +495,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!ok) goto end; } } - /* Check pathlen */ - if ((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + proxy_path_length + 1))) + /* Check pathlen if not self issued */ + if ((i > 1) && !(x->ex_flags & EXFLAG_SI) + && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length + 1))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; @@ -505,6 +506,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ok=cb(0,ctx); if (!ok) goto end; } + /* Increment path length if not self issued */ + if (!(x->ex_flags & EXFLAG_SI)) + plen++; /* If this certificate is a proxy certificate, the next certificate must be another proxy certificate or a EE certificate. If not, the next certificate must be a diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 5e69259a7934b..e9db6d62a7498 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -385,7 +385,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) { ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); X509_VERIFY_PARAM_free(ptmp); - sk_X509_VERIFY_PARAM_delete(param_table, idx); + (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); } } if (!sk_X509_VERIFY_PARAM_push(param_table, param)) diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 614d2b4935507..4711b1ee927b9 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) X509_POLICY_DATA *ret; if (!policy && !id) return NULL; + if (id) + { + id = OBJ_dup(id); + if (!id) + return NULL; + } ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); if (!ret) return NULL; @@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) if (!ret->expected_policy_set) { OPENSSL_free(ret); + if (id) + ASN1_OBJECT_free(id); return NULL; } diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 27d29f25a84e7..b1ce77b9afc7a 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, ret = 2; if (explicit_policy > 0) { - explicit_policy--; - if (!(x->ex_flags & EXFLAG_SS) - && (cache->explicit_skip != -1) + if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } @@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Any matching allowed if certificate is self * issued and not the last in the chain. */ - if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - any_skip--; - if ((cache->any_skip > 0) + if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; + if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } @@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, else { map_skip--; - if ((cache->map_skip > 0) + if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } @@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (data == NULL) return 0; - data->qualifier_set = curr->anyPolicy->data->qualifier_set; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; if (!level_add_node(curr, data, node, tree)) { @@ -345,7 +347,7 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { node->parent->nchild--; OPENSSL_free(node); - sk_X509_POLICY_NODE_delete(curr->nodes, i); + (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); } } @@ -358,7 +360,7 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { node->parent->nchild--; OPENSSL_free(node); - sk_X509_POLICY_NODE_delete(curr->nodes, i); + (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); } } if (curr->anyPolicy && !curr->anyPolicy->nchild) diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index ed9847b3071ff..c6730ab3fd26a 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, return NULL; switch (afi) { case IANA_AFI_IPV4: - sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); break; case IANA_AFI_IPV6: - sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); break; } f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; @@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, if (!make_addressRange(&merged, a_min, b_max, length)) return 0; sk_IPAddressOrRange_set(aors, i, merged); - sk_IPAddressOrRange_delete(aors, i + 1); + (void)sk_IPAddressOrRange_delete(aors, i + 1); IPAddressOrRange_free(a); IPAddressOrRange_free(b); --i; @@ -1122,7 +1122,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 1; if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; - sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); @@ -1183,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); - sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ret = 0; @@ -1209,7 +1209,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } continue; } - sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 271930f9670a2..abd497ed1fd42 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) break; } ASIdOrRange_free(b); - sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); + (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); i--; continue; } diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 5158b1dfb3338..601211f41691f 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -286,12 +286,6 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); goto err; } - pci->proxyPolicy = PROXY_POLICY_new(); - if (!pci->proxyPolicy) - { - X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); - goto err; - } pci->proxyPolicy->policyLanguage = language; language = NULL; pci->proxyPolicy->policy = policy; policy = NULL; @@ -301,11 +295,6 @@ err: if (language) { ASN1_OBJECT_free(language); language = NULL; } if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } - if (pci && pci->proxyPolicy) - { - PROXY_POLICY_free(pci->proxyPolicy); - pci->proxyPolicy = NULL; - } if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b2f5cdfa05f3c..c54e7887c7075 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -291,7 +291,9 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ #endif - NID_proxyCertInfo /* 661 */ + NID_policy_constraints, /* 401 */ + NID_proxyCertInfo, /* 661 */ + NID_inhibit_any_policy /* 748 */ }; int ex_nid; @@ -325,7 +327,7 @@ static void x509v3_cache_extensions(X509 *x) #endif /* Does subject name match issuer ? */ if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* V1 should mean no extensions ... */ if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 3dba0557b86d8..ac171ca940a3c 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -473,6 +473,30 @@ STACK *X509_get1_email(X509 *x) return ret; } +STACK *X509_get1_ocsp(X509 *x) +{ + AUTHORITY_INFO_ACCESS *info; + STACK *ret = NULL; + int i; + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + if (!info) + return NULL; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) + { + ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); + if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) + { + if (ad->location->type == GEN_URI) + { + if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) + break; + } + } + } + AUTHORITY_INFO_ACCESS_free(info); + return ret; +} + STACK *X509_REQ_get1_email(X509_REQ *x) { GENERAL_NAMES *gens; diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 91d2fb5b8baf6..5ba59f71c9455 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -363,6 +363,8 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) #define EXFLAG_NSCERT 0x8 #define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +#define EXFLAG_SI 0x20 #define EXFLAG_SS 0x20 #define EXFLAG_V1 0x40 #define EXFLAG_INVALID 0x80 @@ -370,7 +372,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) #define EXFLAG_CRITICAL 0x200 #define EXFLAG_PROXY 0x400 -#define EXFLAG_INVALID_POLICY 0x400 +#define EXFLAG_INVALID_POLICY 0x800 #define KU_DIGITAL_SIGNATURE 0x0080 #define KU_NON_REPUDIATION 0x0040 @@ -617,6 +619,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +STACK *X509_get1_ocsp(X509 *x); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index 4d88ad191b37a..2616a03da6994 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -1,19 +1,12 @@ #!/usr/bin/env perl $output=shift; -$win64a=1 if ($output =~ /win64a\.[s|asm]/); +$masm=1 if ($output =~ /\.asm/); open STDOUT,">$output" || die "can't open $output: $!"; -print<<___ if(defined($win64a)); +print<<___ if(defined($masm)); _TEXT SEGMENT PUBLIC OPENSSL_rdtsc -ALIGN 16 -OPENSSL_rdtsc PROC - rdtsc - shl rdx,32 - or rax,rdx - ret -OPENSSL_rdtsc ENDP PUBLIC OPENSSL_atomic_add ALIGN 16 @@ -45,35 +38,16 @@ OPENSSL_wipe_cpu PROC lea rax,QWORD PTR[rsp+8] ret OPENSSL_wipe_cpu ENDP - -OPENSSL_ia32_cpuid PROC - mov r8,rbx - mov eax,1 - cpuid - shl rcx,32 - mov eax,edx - mov rbx,r8 - or rax,rcx - ret -OPENSSL_ia32_cpuid ENDP _TEXT ENDS CRT\$XIU SEGMENT EXTRN OPENSSL_cpuid_setup:PROC DQ OPENSSL_cpuid_setup CRT\$XIU ENDS -END + ___ -print<<___ if(!defined($win64a)); +print<<___ if(!defined($masm)); .text -.globl OPENSSL_rdtsc -.align 16 -OPENSSL_rdtsc: - rdtsc - shlq \$32,%rdx - orq %rdx,%rax - ret -.size OPENSSL_rdtsc,.-OPENSSL_rdtsc .globl OPENSSL_atomic_add .type OPENSSL_atomic_add,\@function @@ -120,19 +94,66 @@ OPENSSL_wipe_cpu: ret .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu +.section .init + call OPENSSL_cpuid_setup + +___ + +open STDOUT,"| $^X perlasm/x86_64-xlate.pl $output"; +print<<___; +.text + +.globl OPENSSL_rdtsc +.type OPENSSL_rdtsc,\@abi-omnipotent +.align 16 +OPENSSL_rdtsc: + rdtsc + shl \$32,%rdx + or %rdx,%rax + ret +.size OPENSSL_rdtsc,.-OPENSSL_rdtsc + .globl OPENSSL_ia32_cpuid +.type OPENSSL_ia32_cpuid,\@abi-omnipotent .align 16 OPENSSL_ia32_cpuid: - movq %rbx,%r8 - movl \$1,%eax + mov %rbx,%r8 + + xor %eax,%eax + cpuid + xor %eax,%eax + cmp \$0x756e6547,%ebx # "Genu" + setne %al + mov %eax,%r9d + cmp \$0x49656e69,%edx # "ineI" + setne %al + or %eax,%r9d + cmp \$0x6c65746e,%ecx # "ntel" + setne %al + or %eax,%r9d + + mov \$1,%eax cpuid - shlq \$32,%rcx - movl %edx,%eax - movq %r8,%rbx - orq %rcx,%rax + cmp \$0,%r9d + jne .Lnotintel + or \$0x00100000,%edx # use reserved 20th bit to engage RC4_CHAR + and \$15,%ah + cmp \$15,%ah # examine Family ID + je .Lnotintel + or \$0x40000000,%edx # use reserved bit to skip unrolled loop +.Lnotintel: + bt \$28,%edx # test hyper-threading bit + jnc .Ldone + shr \$16,%ebx + cmp \$1,%bl # see if cache is shared + ja .Ldone + and \$0xefffffff,%edx # ~(1<<28) +.Ldone: + shl \$32,%rcx + mov %edx,%eax + mov %r8,%rbx + or %rcx,%rax ret .size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid - -.section .init - call OPENSSL_cpuid_setup ___ +close STDOUT; # flush diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index c53c9bc9980f6..4408ef2936ecf 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -19,13 +19,41 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &pop ("eax"); &xor ("ecx","eax"); &bt ("ecx",21); - &jnc (&label("nocpuid")); + &jnc (&label("done")); + &xor ("eax","eax"); + &cpuid (); + &xor ("eax","eax"); + &cmp ("ebx",0x756e6547); # "Genu" + &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &mov ("ebp","eax"); + &cmp ("edx",0x49656e69); # "ineI" + &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &or ("ebp","eax"); + &cmp ("ecx",0x6c65746e); # "ntel" + &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &or ("ebp","eax"); &mov ("eax",1); &cpuid (); -&set_label("nocpuid"); + &cmp ("ebp",0); + &jne (&label("notP4")); + &and ("eax",15<<8); # familiy ID + &cmp ("eax",15<<8); # P4? + &jne (&label("notP4")); + &or ("edx",1<<20); # use reserved bit to engage RC4_CHAR +&set_label("notP4"); + &bt ("edx",28); # test hyper-threading bit + &jnc (&label("done")); + &shr ("ebx",16); + &and ("ebx",0xff); + &cmp ("ebx",1); # see if cache is shared(*) + &ja (&label("done")); + &and ("edx",0xefffffff); # clear hyper-threading bit if not +&set_label("done"); &mov ("eax","edx"); &mov ("edx","ecx"); &function_end("OPENSSL_ia32_cpuid"); +# (*) on Core2 this value is set to 2 denoting the fact that L2 +# cache is shared between cores. &external_label("OPENSSL_ia32cap_P"); diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h index afc175b133554..f548a3b668de5 100644 --- a/demos/engines/cluster_labs/hw_cluster_labs_err.h +++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CL_ERR_H #define HEADER_CL_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h index da64bde5f21bd..2070f9579903c 100644 --- a/demos/engines/ibmca/hw_ibmca_err.h +++ b/demos/engines/ibmca/hw_ibmca_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_IBMCA_ERR_H #define HEADER_IBMCA_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h index 1b5dcb5685272..60e923fd88ab2 100644 --- a/demos/engines/zencod/hw_zencod_err.h +++ b/demos/engines/zencod/hw_zencod_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_ZENCOD_ERR_H #define HEADER_ZENCOD_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index e16eadef21eef..694e433ef392d 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings. =item B the default cipher list. This is determined at compile time and is normally -B. This must be the first cipher string +B. This must be the first cipher string specified. =item B @@ -209,6 +209,10 @@ anonymous DH cipher suites. cipher suites using AES. +=item B + +cipher suites using Camellia. + =item B<3DES> cipher suites using triple DES. @@ -229,6 +233,10 @@ cipher suites using RC2. cipher suites using IDEA. +=item B + +cipher suites using SEED. + =item B cipher suites using MD5. @@ -237,10 +245,6 @@ cipher suites using MD5. cipher suites using SHA1. -=item B - -cipher suites using Camellia. - =back =head1 CIPHER SUITE NAMES @@ -323,10 +327,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA - TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA - TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA - TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA - TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA + TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented. TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA @@ -354,6 +358,18 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA +=head2 SEED ciphersuites from RFC4162, extending TLS v1.0 + + TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA + + TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented. + + TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA + TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + + TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA + =head2 Additional Export 1024 and other cipher suites Note: these ciphers can also be used in SSL v3. diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index b0d198724c6b2..908cd2a6d657d 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -18,6 +18,7 @@ B B [B<-verify filename>] [B<-prverify filename>] [B<-signature filename>] +[B<-hmac key>] [B] [B] @@ -78,6 +79,10 @@ verify the signature using the the private key in "filename". the actual signature to verify. +=item B<-hmac key> + +create a hashed MAC using "key". + =item B<-rand file(s)> a file or files containing random data used to seed the random number diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index c43da5b3f1eec..4391c933600f1 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key. rc5-ecb RC5 cipher in ECB mode rc5-ofb RC5 cipher in OFB mode + aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode + aes-[128|192|256] Alias for aes-[128|192|256]-cbc + aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode + aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode + aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode + aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode + aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode + =head1 EXAMPLES Just base64 encode a binary file: diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 4f266058e5365..b58ddc1788cbe 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -73,7 +73,7 @@ specify output filename, default is standard output. This specifies the current issuer certificate. This option can be used multiple times. The certificate specified in B must be in -PEM format. +PEM format. This option B come before any B<-cert> options. =item B<-cert filename> @@ -146,7 +146,7 @@ certificate in such cases. =item B<-trust_other> -the certificates specified by the B<-verify_certs> option should be explicitly +the certificates specified by the B<-verify_other> option should be explicitly trusted and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate. @@ -154,7 +154,7 @@ root CA is not appropriate. =item B<-VAfile file> file containing explicitly trusted responder certificates. Equivalent to the -B<-verify_certs> and B<-trust_other> options. +B<-verify_other> and B<-trust_other> options. =item B<-noverify> @@ -166,7 +166,7 @@ of the responders certificate. ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified -with either the B<-verify_certs> or B<-VAfile> options. +with either the B<-verify_other> or B<-VAfile> options. =item B<-no_signature_verify> diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index dc0f49ddca632..964cdf0f027dc 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -227,6 +227,22 @@ SHA Digest SHA-1 Digest +=item B + +SHA-224 Digest + +=item B + +SHA-256 Digest + +=item B + +SHA-384 Digest + +=item B + +SHA-512 Digest + =back =head2 ENCODING AND CIPHER COMMANDS diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index a7c1681d9859b..1a498c2f62e0e 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with: The certificate public key can be extracted with: - openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem + openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem The signature can be analysed with: diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index c17a83a225812..c44d357cf754a 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -38,6 +38,10 @@ B B [B<-cipher cipherlist>] [B<-starttls protocol>] [B<-engine id>] +[B<-tlsextdebug>] +[B<-no_ticket>] +[B<-sess_out filename>] +[B<-sess_in filename>] [B<-rand file(s)>] =head1 DESCRIPTION @@ -186,6 +190,26 @@ send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", and "ftp". +=item B<-tlsextdebug> + +print out a hex dump of any TLS extensions received from the server. Note: this +option is only available if extension support is explicitly enabled at compile +time + +=item B<-no_ticket> + +disable RFC4507bis session ticket support. Note: this option is only available +if extension support is explicitly enabled at compile time + +=item B<-sess_out filename> + +output SSL session to B + +=item B<-sess_in sess.pem> + +load SSL session from B. The client will attempt to resume a +connection from this session. + =item B<-engine id> specifying an engine (by it's unique B string) will cause B @@ -246,6 +270,13 @@ on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the B<-showcerts> option can be used to show the whole chain. +Since the SSLv23 client hello cannot include compression methods or extensions +these will only be supported if its use is disabled, for example by using the +B<-no_sslv2> option. + +TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly +enabled at compile time using for example the B switch. + =head1 BUGS Because this program has a lot of options and also because some of diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 7c1a9581d9619..fdcc170e2832a 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -12,6 +12,8 @@ B B [B<-context id>] [B<-verify depth>] [B<-Verify depth>] +[B<-crl_check>] +[B<-crl_check_all>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key keyfile>] @@ -48,6 +50,8 @@ B B [B<-WWW>] [B<-HTTP>] [B<-engine id>] +[B<-tlsextdebug>] +[B<-no_ticket>] [B<-id_prefix arg>] [B<-rand file(s)>] @@ -140,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +=item B<-crl_check>, B<-crl_check_all> + +Check the peer certificate has not been revoked by its CA. +The CRL(s) are appended to the certificate file. With the B<-crl_check_all> +option all CRLs of all CAs in the chain are checked. + =item B<-CApath directory> The directory to use for client certificate verification. This directory @@ -205,6 +215,14 @@ also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the B command for more information. +=item B<-tlsextdebug> + +print out a hex dump of any TLS extensions received from the server. + +=item B<-no_ticket> + +disable RFC4507bis session ticket support. + =item B<-www> sends a status message back to the client when it connects. This includes @@ -307,6 +325,9 @@ mean any CA is acceptable. This is useful for debugging purposes. The session parameters can printed out using the B program. +TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly +enabled at compile time using for example the B switch. + =head1 BUGS Because this program has a lot of options and also because some of diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index ea5c29c150218..ff2629d2cf851 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -169,7 +169,7 @@ the operation was successful. the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. -=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL> +=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> the CRL of a certificate could not be found. Unused. diff --git a/doc/c-indentation.el b/doc/c-indentation.el index cbf01cb1720a4..90861d3979780 100644 --- a/doc/c-indentation.el +++ b/doc/c-indentation.el @@ -20,6 +20,7 @@ (c-add-style "eay" '((c-basic-offset . 8) + (indent-tabs-mode . t) (c-comment-only-line-offset . 0) (c-hanging-braces-alist) (c-offsets-alist . ((defun-open . +) diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index ba6e3c2e81401..1157cff510d6c 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -28,7 +28,11 @@ The actual data encoded is determined by the string B and the configuration information. The general format of the string is: - B<[modifier,]type[:value]> +=over 2 + +=item B<[modifier,]type[:value]> + +=back That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of B, @@ -81,13 +85,13 @@ the format B. =item B, B -Emcodes an ASN1 B. B represents the contents +Encodes an ASN1 B. B represents the contents of this structure, the format strings B and B can be used to specify the format of B. -=item B, B +=item B, B -Emcodes an ASN1 B. B represents the contents +Encodes an ASN1 B. B represents the contents of this structure, the format strings B, B and B can be used to specify the format of B. @@ -147,10 +151,11 @@ bits is set to zero. This specifies the format of the ultimate value. It should be followed by a colon and one of the strings B, B, B or B. -If no format specifier is included then B is used. If B is specified -then the value string must be a valid B string. For B the output must -be a set of hex digits. B (which is only valid for a BIT STRING) is a -comma separated list of set bits. +If no format specifier is included then B is used. If B is +specified then the value string must be a valid B string. For B the +output must be a set of hex digits. B (which is only valid for a BIT +STRING) is a comma separated list of the indices of the set bits, all other +bits are zero. =back @@ -168,16 +173,20 @@ An IA5String explicitly tagged using APPLICATION tagging: EXPLICIT:0A,IA5STRING:Hello World +A BITSTRING with bits 1 and 5 set and all others zero: + + FORMAT=BITLIST,BITSTRING:1,5 + A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String: -asn1 = SEQUENCE:seq_section + asn1 = SEQUENCE:seq_section -[seq_section] + [seq_section] -field1 = BOOLEAN:TRUE -field2 = OID:commonName -field3 = UTF8:Third field + field1 = BOOLEAN:TRUE + field2 = OID:commonName + field3 = UTF8:Third field This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod index 73261fc4675dd..d5cdc3be0ce6a 100644 --- a/doc/crypto/DH_set_method.pod +++ b/doc/crypto/DH_set_method.pod @@ -36,7 +36,7 @@ structures created later. B: This is true only whilst no ENGINE has been set as a default for DH, so this function is no longer recommended. DH_get_default_method() returns a pointer to the current default DH_METHOD. -However, the meaningfulness of this result is dependant on whether the ENGINE +However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended. DH_set_method() selects B to perform all operations using the key B. diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod index bc3cfb1f0a78d..9c1434bd8d429 100644 --- a/doc/crypto/DSA_set_method.pod +++ b/doc/crypto/DSA_set_method.pod @@ -36,7 +36,7 @@ structures created later. B: This is true only whilst no ENGINE has been set as a default for DSA, so this function is no longer recommended. DSA_get_default_method() returns a pointer to the current default -DSA_METHOD. However, the meaningfulness of this result is dependant on +DSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended. diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod index 121a8ddee5e1f..2e659d34a5c43 100644 --- a/doc/crypto/OPENSSL_ia32cap.pod +++ b/doc/crypto/OPENSSL_ia32cap.pod @@ -17,19 +17,27 @@ register after executing CPUID instruction with EAX=1 input value (see Intel Application Note #241618). Naturally it's meaningful on IA-32[E] platforms only. The variable is normally set up automatically upon toolkit initialization, but can be manipulated afterwards to modify -crypto library behaviour. For the moment of this writing three bits are -significant, namely bit #28 denoting Hyperthreading, which is used to -distinguish Intel P4 core, bit #26 denoting SSE2 support, and bit #4 -denoting presence of Time-Stamp Counter. Clearing bit #26 at run-time -for example disables high-performance SSE2 code present in the crypto -library. You might have to do this if target OpenSSL application is -executed on SSE2 capable CPU, but under control of OS which does not -support SSE2 extentions. Even though you can manipulate the value -programmatically, you most likely will find it more appropriate to set -up an environment variable with the same name prior starting target -application, e.g. 'env OPENSSL_ia32cap=0x10 apps/openssl', to achieve -same effect without modifying the application source code. -Alternatively you can reconfigure the toolkit with no-sse2 option and -recompile. +crypto library behaviour. For the moment of this writing six bits are +significant, namely: + +1. bit #28 denoting Hyperthreading, which is used to distiguish + cores with shared cache; +2. bit #26 denoting SSE2 support; +3. bit #25 denoting SSE support; +4. bit #23 denoting MMX support; +5. bit #20, reserved by Intel, is used to choose between RC4 code + pathes; +6. bit #4 denoting presence of Time-Stamp Counter. + +For example, clearing bit #26 at run-time disables high-performance +SSE2 code present in the crypto library. You might have to do this if +target OpenSSL application is executed on SSE2 capable CPU, but under +control of OS which does not support SSE2 extentions. Even though you +can manipulate the value programmatically, you most likely will find it +more appropriate to set up an environment variable with the same name +prior starting target application, e.g. on Intel P4 processor 'env +OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect +without modifying the application source code. Alternatively you can +reconfigure the toolkit with no-sse2 option and recompile. =cut diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index ce6329ce54afe..1a9b91e281442 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. +The contents of B is mixed into the entropy pool before retrieving +the new pseudo-random bytes unless disabled at compile time (see FAQ). + =head1 RETURN VALUES RAND_bytes() returns 1 on success, 0 otherwise. The error code can be diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod index c9bb6d9f27b3f..e5b780fad06b5 100644 --- a/doc/crypto/RAND_set_rand_method.pod +++ b/doc/crypto/RAND_set_rand_method.pod @@ -30,7 +30,7 @@ true only whilst no ENGINE has been set as a default for RAND, so this function is no longer recommended. RAND_get_default_method() returns a pointer to the current RAND_METHOD. -However, the meaningfulness of this result is dependant on whether the ENGINE +However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended. =head1 THE RAND_METHOD STRUCTURE diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 0a305f6b140d4..2c963d7e5bbaa 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -42,7 +42,7 @@ structures created later. B: This is true only whilst no ENGINE has been set as a default for RSA, so this function is no longer recommended. RSA_get_default_method() returns a pointer to the current default -RSA_METHOD. However, the meaningfulness of this result is dependant on +RSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended. diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod index 919b90891937f..2579a5dc9dc6f 100644 --- a/doc/crypto/X509_NAME_print_ex.pod +++ b/doc/crypto/X509_NAME_print_ex.pod @@ -86,10 +86,10 @@ is equivalent to: B -B is a more readable one line format it is the same as: +B is a more readable one line format which is the same as: B -B is a multiline format is is the same as: +B is a multiline format which is the same as: B B uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally. diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod index 02664036fc6c4..e883ca8fde862 100644 --- a/doc/crypto/des_modes.pod +++ b/doc/crypto/des_modes.pod @@ -4,7 +4,7 @@ =head1 NAME -Modes of DES - the variants of DES and other crypto algorithms of OpenSSL +des_modes - the variants of DES and other crypto algorithms of OpenSSL =head1 DESCRIPTION diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 75933fccadc50..f5ab1c3e50fd7 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -183,7 +183,7 @@ Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be treated as handles - ie. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and -released) independantly. +released) independently. ENGINE objects have two levels of reference-counting to match the way in which the objects are used. At the most basic level, each ENGINE pointer is @@ -200,7 +200,7 @@ B reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two -kinds of reference independantly. If you have a functional reference to an +kinds of reference independently. If you have a functional reference to an ENGINE, you have a guarantee that the ENGINE has been initialised ready to perform cryptographic operations and will remain uninitialised until after you have released your reference. @@ -587,7 +587,7 @@ extension). The ENGINE API and internal architecture is currently being reviewed. Slated for possible release in 0.9.8 is support for transparent loading of "dynamic" ENGINEs (built as self-contained shared-libraries). This would allow ENGINE -implementations to be provided independantly of OpenSSL libraries and/or +implementations to be provided independently of OpenSSL libraries and/or OpenSSL-based applications, and would also remove any requirement for applications to explicitly use the "dynamic" ENGINE to bind to shared-library implementations. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index fa63263601c82..eaed190809751 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -201,6 +201,15 @@ When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients. +=item SSL_OP_NO_TICKET + +Normally clients and servers will, where possible, transparently make use +of RFC4507bis tickets for stateless session resumption if extension support +is explicitly set when OpenSSL is compiled. + +If this option is set this functionality is disabled and tickets will +not be used by clients or servers. + =back =head1 RETURN VALUES diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index f6c37f77e491d..7038cd2d7520d 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -64,6 +64,11 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +L can be used to find out whether there +are buffered bytes available for immediate retrieval. In this case +SSL_read() can be called without blocking or actually receiving new +data from the underlying socket. + =head1 WARNING When an SSL_read() operation has to be repeated because of @@ -112,6 +117,7 @@ L, L, L, L, L, L L, +L, L, L, L, L diff --git a/doc/standards.txt b/doc/standards.txt index bda55d1581ad0..a5ce778f8e6e8 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -100,6 +100,15 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 bytes) (Status: PROPOSED STANDARD) +4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). + H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) + (Status: PROPOSED STANDARD) + +4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, + D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) + (Obsoletes RFC4009) (Status: INFORMATIONAL) + + Related: -------- diff --git a/e_os.h b/e_os.h index 5068d1bd74fea..acc6a15eb7c75 100644 --- a/e_os.h +++ b/e_os.h @@ -186,9 +186,15 @@ extern "C" { #define get_last_socket_error() errno #define clear_socket_error() errno=0 #define closesocket(s) close(s) +#define ioctlsocket(a,b,c) ioctl(a,b,c) +#if defined(NETWARE_LIBC) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) #else +#define readsocket(s,b,n) recv((s),(char*)(b),(n),0) +#define writesocket(s,b,n) send((s),(char*)(b),(n),0) +#endif +#else #define get_last_socket_error() WSAGetLastError() #define clear_socket_error() WSASetLastError(0) #define readsocket(s,b,n) recv((s),(b),(n),0) @@ -277,6 +283,14 @@ static unsigned int _strlen31(const char *str) } # endif # include +# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) + /* compensate for bug is VC6 ctype.h */ +# undef isspace +# undef isdigit +# undef isalnum +# undef isupper +# undef isxdigit +# endif # endif # include # include @@ -371,6 +385,12 @@ static unsigned int _strlen31(const char *str) # undef DEVRANDOM # ifdef NETWARE_CLIB # define getpid GetThreadID + extern int GetThreadID(void); +/* # include */ + extern int kbhit(void); + extern void delay(unsigned milliseconds); +# else +# include # endif # define NO_SYSLOG # define _setmode setmode @@ -471,7 +491,11 @@ extern HINSTANCE _hInstance; # include # include # include -# include +# if defined(NETWARE_CLIB) +# include +# else +# include +# endif # define INVALID_SOCKET (int)(~0) # else # include @@ -613,16 +637,12 @@ extern char *sys_errlist[]; extern int sys_nerr; #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) # define strcasecmp stricmp # define strncasecmp strnicmp -#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -# define strcasecmp stricmp -# define strncasecmp strnicmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); - int strncasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ +#elif defined(OPENSSL_SYS_NETWARE) +# include +# if defined(NETWARE_CLIB) +# define strcasecmp stricmp +# define strncasecmp strnicmp +# endif /* NETWARE_CLIB */ #endif #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) diff --git a/engines/Makefile b/engines/Makefile index 88f8390d0ed6d..dbf1bd72514d0 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -20,7 +20,7 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi LIBSRC= e_4758cca.c \ e_aep.c \ @@ -30,7 +30,8 @@ LIBSRC= e_4758cca.c \ e_chil.c \ e_nuron.c \ e_sureware.c \ - e_ubsec.c + e_ubsec.c \ + e_capi.c LIBOBJ= e_4758cca.o \ e_aep.o \ e_atalla.o \ @@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \ e_chil.o \ e_nuron.o \ e_sureware.o \ - e_ubsec.o + e_ubsec.o \ + e_capi.o SRC= $(LIBSRC) @@ -52,7 +54,8 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \ e_chil_err.c e_chil_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ - e_ubsec_err.c e_ubsec_err.h + e_ubsec_err.c e_ubsec_err.h \ + e_capi_err.c e_capi_err.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -157,24 +160,47 @@ e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h +e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_aep.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_aep.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_aep.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_aep.o: ../include/openssl/x509_vfy.h e_aep.c e_aep_err.c e_aep_err.h e_aep.o: vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c +e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_atalla.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_atalla.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c e_atalla.o: e_atalla_err.h vendor_defns/atalla.h +e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_capi.o: ../include/openssl/x509_vfy.h e_capi.c e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -196,28 +222,46 @@ e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h -e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c +e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h +e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h -e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h -e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c +e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h +e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_nuron.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_nuron.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_nuron.o: ../include/openssl/x509_vfy.h e_nuron.c e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -240,10 +284,15 @@ e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h +e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_ubsec.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_ubsec.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_ubsec.o: ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h e_ubsec.o: vendor_defns/hw_ubsec.h diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h index 3d4276be91b39..26087edbfae76 100644 --- a/engines/e_4758cca_err.h +++ b/engines/e_4758cca_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CCA4758_ERR_H #define HEADER_CCA4758_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_aep.c b/engines/e_aep.c index 7307ddfafb5b4..ffdc354cdcf99 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -65,6 +65,11 @@ typedef int pid_t; #endif +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +#define getpid GetThreadID +extern int GetThreadID(void); +#endif + #include #include #include diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h index 8fe4cf921f06a..35b2e742603aa 100644 --- a/engines/e_aep_err.h +++ b/engines/e_aep_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_AEPHK_ERR_H #define HEADER_AEPHK_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h index cdac052d8c980..36e09bf42fe10 100644 --- a/engines/e_atalla_err.h +++ b/engines/e_atalla_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_ATALLA_ERR_H #define HEADER_ATALLA_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_capi.c b/engines/e_capi.c new file mode 100644 index 0000000000000..e98946c85a0a2 --- /dev/null +++ b/engines/e_capi.c @@ -0,0 +1,1781 @@ +/* engines/e_capi.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef OPENSSL_SYS_WIN32 +#ifndef OPENSSL_NO_CAPIENG + + +#include + +#ifndef _WIN32_WINNT +#define _WIN32_WINNT 0x0400 +#endif + +#include + +#undef X509_EXTENSIONS +#undef X509_CERT_PAIR + +/* Definitions which may be missing from earlier version of headers */ +#ifndef CERT_STORE_OPEN_EXISTING_FLAG +#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 +#endif + +#ifndef CERT_STORE_CREATE_NEW_FLAG +#define CERT_STORE_CREATE_NEW_FLAG 0x00002000 +#endif + +#include +#include +#include + +#include "e_capi_err.h" +#include "e_capi_err.c" + + +static const char *engine_capi_id = "capi"; +static const char *engine_capi_name = "CryptoAPI ENGINE"; + +typedef struct CAPI_CTX_st CAPI_CTX; +typedef struct CAPI_KEY_st CAPI_KEY; + +static void capi_addlasterror(void); +static void capi_adderror(DWORD err); + +static void CAPI_trace(CAPI_CTX *ctx, char *format, ...); + +static int capi_list_providers(CAPI_CTX *ctx, BIO *out); +static int capi_list_containers(CAPI_CTX *ctx, BIO *out); +int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename); +void capi_free_key(CAPI_KEY *key); + +static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore); + +CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id); + +static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +static int capi_rsa_priv_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int capi_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int capi_rsa_free(RSA *rsa); + +static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, + DSA *dsa); +static int capi_dsa_free(DSA *dsa); + +static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); + +static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); +#ifdef OPENSSL_CAPIENG_DIALOG +static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); +#endif + +typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR, + LPCWSTR, DWORD, DWORD, + void *); +typedef HWND (WINAPI *GETCONSWIN)(void); + +/* This structure contains CAPI ENGINE specific data: + * it contains various global options and affects how + * other functions behave. + */ + +#define CAPI_DBG_TRACE 2 +#define CAPI_DBG_ERROR 1 + +struct CAPI_CTX_st { + int debug_level; + char *debug_file; + /* Parameters to use for container lookup */ + DWORD keytype; + LPTSTR cspname; + DWORD csptype; + /* Certificate store name to use */ + LPTSTR storename; + LPTSTR ssl_client_store; + /* System store flags */ + DWORD store_flags; + +/* Lookup string meanings in load_private_key */ +/* Substring of subject: uses "storename" */ +#define CAPI_LU_SUBSTR 0 +/* Friendly name: uses storename */ +#define CAPI_LU_FNAME 1 +/* Container name: uses cspname, keytype */ +#define CAPI_LU_CONTNAME 2 + int lookup_method; +/* Info to dump with dumpcerts option */ +/* Issuer and serial name strings */ +#define CAPI_DMP_SUMMARY 0x1 +/* Friendly name */ +#define CAPI_DMP_FNAME 0x2 +/* Full X509_print dump */ +#define CAPI_DMP_FULL 0x4 +/* Dump PEM format certificate */ +#define CAPI_DMP_PEM 0x8 +/* Dump pseudo key (if possible) */ +#define CAPI_DMP_PSKEY 0x10 +/* Dump key info (if possible) */ +#define CAPI_DMP_PKEYINFO 0x20 + + DWORD dump_flags; + int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); + + CERTDLG certselectdlg; + GETCONSWIN getconswindow; +}; + + +static CAPI_CTX *capi_ctx_new(); +static void capi_ctx_free(CAPI_CTX *ctx); +static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check); +static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx); + +#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE +#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) +#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) +#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) +#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) +#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) +#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) +#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) +#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) +#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) +#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) +#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) +#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) +#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) + +static const ENGINE_CMD_DEFN capi_cmd_defns[] = { + {CAPI_CMD_LIST_CERTS, + "list_certs", + "List all certificates in store", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LOOKUP_CERT, + "lookup_cert", + "Lookup and output certificates", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_DEBUG_LEVEL, + "debug_level", + "debug level (1=errors, 2=trace)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_DEBUG_FILE, + "debug_file", + "debugging filename)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_KEYTYPE, + "key_type", + "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CSPS, + "list_csps", + "List all CSPs", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_SET_CSP_IDX, + "csp_idx", + "Set CSP by index", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_SET_CSP_NAME, + "csp_name", + "Set CSP name, (default CSP used if not specified)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_SET_CSP_TYPE, + "csp_type", + "Set CSP type, (default RSA_PROV_FULL)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CONTAINERS, + "list_containers", + "list container names", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LIST_OPTIONS, + "list_options", + "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " + "32=private key info)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LOOKUP_METHOD, + "lookup_method", + "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_STORE_NAME, + "store_name", + "certificate store name, default \"MY\"", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_STORE_FLAGS, + "store_flags", + "Certificate store flags: 1 = system store", + ENGINE_CMD_FLAG_NUMERIC}, + + {0, NULL, NULL, 0} + }; + +static int capi_idx = -1; +static int rsa_capi_idx = -1; +static int dsa_capi_idx = -1; +static int cert_capi_idx = -1; + +static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) + { + int ret = 1; + CAPI_CTX *ctx; + BIO *out; + if (capi_idx == -1) + { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED); + return 0; + } + ctx = ENGINE_get_ex_data(e, capi_idx); + out = BIO_new_fp(stdout, BIO_NOCLOSE); + switch (cmd) + { + case CAPI_CMD_LIST_CSPS: + ret = capi_list_providers(ctx, out); + break; + + case CAPI_CMD_LIST_CERTS: + ret = capi_list_certs(ctx, out, NULL); + break; + + case CAPI_CMD_LOOKUP_CERT: + ret = capi_list_certs(ctx, out, p); + break; + + case CAPI_CMD_LIST_CONTAINERS: + ret = capi_list_containers(ctx, out); + break; + + case CAPI_CMD_STORE_NAME: + if (ctx->storename) + OPENSSL_free(ctx->storename); + ctx->storename = BUF_strdup(p); + CAPI_trace(ctx, "Setting store name to %s\n", p); + break; + + case CAPI_CMD_STORE_FLAGS: + if (i & 1) + { + ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE; + ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER; + } + else + { + ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER; + ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE; + } + CAPI_trace(ctx, "Setting flags to %d\n", i); + break; + + case CAPI_CMD_DEBUG_LEVEL: + ctx->debug_level = (int)i; + CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level); + break; + + case CAPI_CMD_DEBUG_FILE: + ctx->debug_file = BUF_strdup(p); + CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file); + break; + + case CAPI_CMD_KEYTYPE: + ctx->keytype = i; + CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype); + break; + + case CAPI_CMD_SET_CSP_IDX: + ret = capi_ctx_set_provname_idx(ctx, i); + break; + + case CAPI_CMD_LIST_OPTIONS: + ctx->dump_flags = i; + break; + + case CAPI_CMD_LOOKUP_METHOD: + if (i < 1 || i > 3) + { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD); + return 0; + } + ctx->lookup_method = i; + break; + + case CAPI_CMD_SET_CSP_NAME: + ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1); + break; + + case CAPI_CMD_SET_CSP_TYPE: + ctx->csptype = i; + break; + + default: + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND); + ret = 0; + } + + BIO_free(out); + return ret; + + } + +static RSA_METHOD capi_rsa_method = + { + "CryptoAPI RSA method", + 0, /* pub_enc */ + 0, /* pub_dec */ + capi_rsa_priv_enc, /* priv_enc */ + capi_rsa_priv_dec, /* priv_dec */ + 0, /* rsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_rsa_free, /* finish */ + RSA_FLAG_SIGN_VER, /* flags */ + NULL, /* app_data */ + capi_rsa_sign, /* rsa_sign */ + 0 /* rsa_verify */ + }; + +static DSA_METHOD capi_dsa_method = + { + "CryptoAPI DSA method", + capi_dsa_do_sign, /* dsa_do_sign */ + 0, /* dsa_sign_setup */ + 0, /* dsa_do_verify */ + 0, /* dsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_dsa_free, /* finish */ + 0, /* flags */ + NULL, /* app_data */ + 0, /* dsa_paramgen */ + 0 /* dsa_keygen */ + }; + +static int capi_init(ENGINE *e) + { + CAPI_CTX *ctx; + const RSA_METHOD *ossl_rsa_meth; + const DSA_METHOD *ossl_dsa_meth; + capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); + cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); + + ctx = capi_ctx_new(); + if (!ctx || (capi_idx < 0)) + goto memerr; + + ENGINE_set_ex_data(e, capi_idx, ctx); + /* Setup RSA_METHOD */ + rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_rsa_meth = RSA_PKCS1_SSLeay(); + capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; + capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; + capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; + capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; + + /* Setup DSA Method */ + dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_dsa_meth = DSA_OpenSSL(); + capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; + capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; + capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; + +#ifdef OPENSSL_CAPIENG_DIALOG + { + HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + if (cryptui) + ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore"); + if (kernel) + ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow"); + if (cryptui && !OPENSSL_isservice()) + ctx->client_cert_select = cert_select_dialog; + } +#endif + + + return 1; + + memerr: + CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); + return 0; + + return 1; + } + +static int capi_destroy(ENGINE *e) + { + ERR_unload_CAPI_strings(); + return 1; + } + +static int capi_finish(ENGINE *e) + { + CAPI_CTX *ctx; + ctx = ENGINE_get_ex_data(e, capi_idx); + capi_ctx_free(ctx); + ENGINE_set_ex_data(e, capi_idx, NULL); + return 1; + } + + +/* CryptoAPI key application data. This contains + * a handle to the private key container (for sign operations) + * and a handle to the key (for decrypt operations). + */ + +struct CAPI_KEY_st + { + /* Associated certificate context (if any) */ + PCCERT_CONTEXT pcert; + HCRYPTPROV hprov; + HCRYPTKEY key; + DWORD keyspec; + }; + +static int bind_capi(ENGINE *e) + { + if (!ENGINE_set_id(e, engine_capi_id) + || !ENGINE_set_name(e, engine_capi_name) + || !ENGINE_set_init_function(e, capi_init) + || !ENGINE_set_finish_function(e, capi_finish) + || !ENGINE_set_destroy_function(e, capi_destroy) + || !ENGINE_set_RSA(e, &capi_rsa_method) + || !ENGINE_set_DSA(e, &capi_dsa_method) + || !ENGINE_set_load_privkey_function(e, capi_load_privkey) + || !ENGINE_set_load_ssl_client_cert_function(e, + capi_load_ssl_client_cert) + || !ENGINE_set_cmd_defns(e, capi_cmd_defns) + || !ENGINE_set_ctrl_function(e, capi_ctrl)) + return 0; + ERR_load_CAPI_strings(); + + return 1; + + } + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int bind_helper(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_capi_id) != 0)) + return 0; + if(!bind_capi(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +#else +static ENGINE *engine_capi(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_capi(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_capi(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_capi(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } +#endif + + +static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen) + { + int i; + /* Reverse buffer in place: since this is a keyblob structure + * that will be freed up after conversion anyway it doesn't + * matter if we change it. + */ + for(i = 0; i < binlen / 2; i++) + { + unsigned char c; + c = bin[i]; + bin[i] = bin[binlen - i - 1]; + bin[binlen - i - 1] = c; + } + + if (!BN_bin2bn(bin, binlen, bn)) + return 0; + return 1; + } + +/* Given a CAPI_KEY get an EVP_PKEY structure */ + +static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key) + { + unsigned char *pubkey = NULL; + DWORD len; + BLOBHEADER *bh; + RSA *rkey = NULL; + DSA *dkey = NULL; + EVP_PKEY *ret = NULL; + if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR); + capi_addlasterror(); + return NULL; + } + + pubkey = OPENSSL_malloc(len); + + if (!pubkey) + goto memerr; + + if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR); + capi_addlasterror(); + goto err; + } + + bh = (BLOBHEADER *)pubkey; + if (bh->bType != PUBLICKEYBLOB) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB); + goto err; + } + if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) + { + RSAPUBKEY *rp; + DWORD rsa_modlen; + unsigned char *rsa_modulus; + rp = (RSAPUBKEY *)(bh + 1); + if (rp->magic != 0x31415352) + { + char magstr[10]; + BIO_snprintf(magstr, 10, "%lx", rp->magic); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + ERR_add_error_data(2, "magic=0x", magstr); + goto err; + } + rsa_modulus = (unsigned char *)(rp + 1); + rkey = RSA_new_method(eng); + if (!rkey) + goto memerr; + + rkey->e = BN_new(); + rkey->n = BN_new(); + + if (!rkey->e || !rkey->n) + goto memerr; + + if (!BN_set_word(rkey->e, rp->pubexp)) + goto memerr; + + rsa_modlen = rp->bitlen / 8; + if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen)) + goto memerr; + + RSA_set_ex_data(rkey, rsa_capi_idx, key); + + if (!(ret = EVP_PKEY_new())) + goto memerr; + + EVP_PKEY_assign_RSA(ret, rkey); + rkey = NULL; + + } + else if (bh->aiKeyAlg == CALG_DSS_SIGN) + { + DSSPUBKEY *dp; + DWORD dsa_plen; + unsigned char *btmp; + dp = (DSSPUBKEY *)(bh + 1); + if (dp->magic != 0x31535344) + { + char magstr[10]; + BIO_snprintf(magstr, 10, "%lx", dp->magic); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + ERR_add_error_data(2, "magic=0x", magstr); + goto err; + } + dsa_plen = dp->bitlen / 8; + btmp = (unsigned char *)(dp + 1); + dkey = DSA_new_method(eng); + if (!dkey) + goto memerr; + dkey->p = BN_new(); + dkey->q = BN_new(); + dkey->g = BN_new(); + dkey->pub_key = BN_new(); + if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key) + goto memerr; + if (!lend_tobn(dkey->p, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + if (!lend_tobn(dkey->q, btmp, 20)) + goto memerr; + btmp += 20; + if (!lend_tobn(dkey->g, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + if (!lend_tobn(dkey->pub_key, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + + DSA_set_ex_data(dkey, dsa_capi_idx, key); + + if (!(ret = EVP_PKEY_new())) + goto memerr; + + EVP_PKEY_assign_DSA(ret, dkey); + dkey = NULL; + } + else + { + char algstr[10]; + BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM); + ERR_add_error_data(2, "aiKeyAlg=0x", algstr); + goto err; + } + + + err: + if (pubkey) + OPENSSL_free(pubkey); + if (!ret) + { + if (rkey) + RSA_free(rkey); + if (dkey) + DSA_free(dkey); + } + + return ret; + +memerr: + CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE); + goto err; + + } + +static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + CAPI_CTX *ctx; + CAPI_KEY *key; + EVP_PKEY *ret; + ctx = ENGINE_get_ex_data(eng, capi_idx); + + if (!ctx) + { + CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT); + return NULL; + } + + key = capi_find_key(ctx, key_id); + + if (!key) + return NULL; + + ret = capi_get_pkey(eng, key); + + if (!ret) + capi_free_key(key); + return ret; + + } + +/* CryptoAPI RSA operations */ + +int capi_rsa_priv_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED); + return -1; + } + +int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + { + ALG_ID alg; + HCRYPTHASH hash; + DWORD slen; + unsigned int i; + int ret = -1; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); + + CAPI_trace(ctx, "Called CAPI_rsa_sign()\n"); + + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); + return -1; + } +/* Convert the signature type to a CryptoAPI algorithm ID */ + switch(dtype) + { + case NID_sha1: + alg = CALG_SHA1; + break; + + case NID_md5: + alg = CALG_MD5; + break; + + case NID_md5_sha1: + alg = CALG_SSL3_SHAMD5; + break; + default: + { + char algstr[10]; + BIO_snprintf(algstr, 10, "%lx", dtype); + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID); + ERR_add_error_data(2, "NID=0x", algstr); + return -1; + } + } + + + +/* Create the hash object */ + if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); + capi_addlasterror(); + return -1; + } +/* Set the hash value to the value passed */ + + if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); + capi_addlasterror(); + goto err; + } + + +/* Finally sign it */ + slen = RSA_size(rsa); + if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); + capi_addlasterror(); + goto err; + } + else + { + ret = 1; + /* Inplace byte reversal of signature */ + for(i = 0; i < slen / 2; i++) + { + unsigned char c; + c = sigret[i]; + sigret[i] = sigret[slen - i - 1]; + sigret[slen - i - 1] = c; + } + *siglen = slen; + } + + /* Now cleanup */ + +err: + CryptDestroyHash(hash); + + return ret; + } + +int capi_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + int i; + unsigned char *tmpbuf; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); + + CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n"); + + + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY); + return -1; + } + + if(padding != RSA_PKCS1_PADDING) + { + char errstr[10]; + BIO_snprintf(errstr, 10, "%d", padding); + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); + ERR_add_error_data(2, "padding=", errstr); + return -1; + } + + /* Create temp reverse order version of input */ + if(!(tmpbuf = OPENSSL_malloc(flen)) ) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE); + return -1; + } + for(i = 0; i < flen; i++) + tmpbuf[flen - i - 1] = from[i]; + + /* Finally decrypt it */ + if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); + capi_addlasterror(); + OPENSSL_free(tmpbuf); + return -1; + } + else memcpy(to, tmpbuf, flen); + + OPENSSL_free(tmpbuf); + + return flen; + } + +static int capi_rsa_free(RSA *rsa) + { + CAPI_KEY *capi_key; + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + capi_free_key(capi_key); + RSA_set_ex_data(rsa, rsa_capi_idx, 0); + return 1; + } + +/* CryptoAPI DSA operations */ + +static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, + DSA *dsa) + { + HCRYPTHASH hash; + DWORD slen; + DSA_SIG *ret = NULL; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + unsigned char csigbuf[40]; + + ctx = ENGINE_get_ex_data(dsa->engine, capi_idx); + + CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n"); + + capi_key = DSA_get_ex_data(dsa, dsa_capi_idx); + + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY); + return NULL; + } + + if (dlen != 20) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH); + return NULL; + } + + /* Create the hash object */ + if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); + capi_addlasterror(); + return NULL; + } + + /* Set the hash value to the value passed */ + if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE); + capi_addlasterror(); + goto err; + } + + + /* Finally sign it */ + slen = sizeof(csigbuf); + if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH); + capi_addlasterror(); + goto err; + } + else + { + ret = DSA_SIG_new(); + if (!ret) + goto err; + ret->r = BN_new(); + ret->s = BN_new(); + if (!ret->r || !ret->s) + goto err; + if (!lend_tobn(ret->r, csigbuf, 20) + || !lend_tobn(ret->s, csigbuf + 20, 20)) + { + DSA_SIG_free(ret); + ret = NULL; + goto err; + } + } + + /* Now cleanup */ + +err: + OPENSSL_cleanse(csigbuf, 40); + CryptDestroyHash(hash); + return ret; + } + +static int capi_dsa_free(DSA *dsa) + { + CAPI_KEY *capi_key; + capi_key = DSA_get_ex_data(dsa, dsa_capi_idx); + capi_free_key(capi_key); + DSA_set_ex_data(dsa, dsa_capi_idx, 0); + return 1; + } + +static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr) + { + BIO *out; + + if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file)) + return; + out = BIO_new_file(ctx->debug_file, "a+"); + BIO_vprintf(out, format, argptr); + BIO_free(out); + } + +static void CAPI_trace(CAPI_CTX *ctx, char *format, ...) + { + va_list args; + va_start(args, format); + capi_vtrace(ctx, CAPI_DBG_TRACE, format, args); + va_end(args); + } + +static void capi_addlasterror(void) + { + capi_adderror(GetLastError()); + } + +static void capi_adderror(DWORD err) + { + char errstr[10]; + BIO_snprintf(errstr, 10, "%lX", err); + ERR_add_error_data(2, "Error code= 0x", errstr); + } + +static char *wide_to_asc(LPWSTR wstr) + { + char *str; + if (!wstr) + return NULL; + str = OPENSSL_malloc(wcslen(wstr) + 1); + if (!str) + { + CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE); + return NULL; + } + sprintf(str, "%S", wstr); + return str; + } + +static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx) + { + LPSTR name; + DWORD len, err; + CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx); + if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + return 2; + CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR); + capi_adderror(err); + return 0; + } + name = OPENSSL_malloc(len); + if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + return 2; + CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR); + capi_adderror(err); + return 0; + } + *pname = name; + CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype); + + return 1; + } + +static int capi_list_providers(CAPI_CTX *ctx, BIO *out) + { + DWORD idx, ptype; + int ret; + LPTSTR provname = NULL; + CAPI_trace(ctx, "capi_list_providers\n"); + BIO_printf(out, "Available CSPs:\n"); + for(idx = 0; ; idx++) + { + ret = capi_get_provname(ctx, &provname, &ptype, idx); + if (ret == 2) + break; + if (ret == 0) + break; + BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype); + OPENSSL_free(provname); + } + return 1; + } + +static int capi_list_containers(CAPI_CTX *ctx, BIO *out) + { + int ret = 1; + HCRYPTPROV hprov; + DWORD err, idx, flags, buflen = 0, clen; + LPSTR cname; + CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype); + if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + return 0; + } + if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); + capi_addlasterror(); + return 0; + } + CAPI_trace(ctx, "Got max container len %d\n", buflen); + if (buflen == 0) + buflen = 1024; + cname = OPENSSL_malloc(buflen); + if (!cname) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (idx = 0;;idx++) + { + clen = buflen; + cname[0] = 0; + + if (idx == 0) + flags = CRYPT_FIRST; + else + flags = 0; + if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + goto done; + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); + capi_adderror(err); + goto err; + } + CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags); + if (!cname[0] && (clen == buflen)) + { + CAPI_trace(ctx, "Enumerate bug: using workaround\n"); + goto done; + } + BIO_printf(out, "%d. %s\n", idx, cname); + } + err: + + ret = 0; + + done: + if (cname) + OPENSSL_free(cname); + CryptReleaseContext(hprov, 0); + + return ret; + } + +CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + DWORD len; + CRYPT_KEY_PROV_INFO *pinfo; + + if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len)) + return NULL; + pinfo = OPENSSL_malloc(len); + if (!pinfo) + { + CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE); + return NULL; + } + if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO); + capi_addlasterror(); + OPENSSL_free(pinfo); + return NULL; + } + return pinfo; + } + +static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo) + { + char *provname = NULL, *contname = NULL; + if (!pinfo) + { + BIO_printf(out, " No Private Key\n"); + return; + } + provname = wide_to_asc(pinfo->pwszProvName); + contname = wide_to_asc(pinfo->pwszContainerName); + if (!provname || !contname) + goto err; + + BIO_printf(out, " Private Key Info:\n"); + BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType); + BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec); + err: + if (provname) + OPENSSL_free(provname); + if (contname) + OPENSSL_free(contname); + } + +char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + LPWSTR wfname; + DWORD dlen; + + CAPI_trace(ctx, "capi_cert_get_fname\n"); + if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen)) + return NULL; + wfname = OPENSSL_malloc(dlen); + if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) + { + char *fname = wide_to_asc(wfname); + OPENSSL_free(wfname); + return fname; + } + CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME); + capi_addlasterror(); + + OPENSSL_free(wfname); + return NULL; + } + + +void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert) + { + X509 *x; + unsigned char *p; + unsigned long flags = ctx->dump_flags; + if (flags & CAPI_DMP_FNAME) + { + char *fname; + fname = capi_cert_get_fname(ctx, cert); + if (fname) + { + BIO_printf(out, " Friendly Name \"%s\"\n", fname); + OPENSSL_free(fname); + } + else + BIO_printf(out, " \n"); + } + + p = cert->pbCertEncoded; + x = d2i_X509(NULL, &p, cert->cbCertEncoded); + if (!x) + BIO_printf(out, " \n"); + if (flags & CAPI_DMP_SUMMARY) + { + BIO_printf(out, " Subject: "); + X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); + BIO_printf(out, "\n Issuer: "); + X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); + BIO_printf(out, "\n"); + } + if (flags & CAPI_DMP_FULL) + X509_print_ex(out, x, XN_FLAG_ONELINE,0); + + if (flags & CAPI_DMP_PKEYINFO) + { + CRYPT_KEY_PROV_INFO *pinfo; + pinfo = capi_get_prov_info(ctx, cert); + capi_dump_prov_info(ctx, out, pinfo); + if (pinfo) + OPENSSL_free(pinfo); + } + + if (flags & CAPI_DMP_PEM) + PEM_write_bio_X509(out, x); + X509_free(x); + } + +HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename) + { + HCERTSTORE hstore; + + if (!storename) + storename = ctx->storename; + if (!storename) + storename = "MY"; + CAPI_trace(ctx, "Opening certificate store %s\n", storename); + + hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0, + ctx->store_flags, storename); + if (!hstore) + { + CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE); + capi_addlasterror(); + } + return hstore; + } + +int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id) + { + char *storename; + int idx; + int ret = 1; + HCERTSTORE hstore; + PCCERT_CONTEXT cert = NULL; + + storename = ctx->storename; + if (!storename) + storename = "MY"; + CAPI_trace(ctx, "Listing certs for store %s\n", storename); + + hstore = capi_open_store(ctx, storename); + if (!hstore) + return 0; + if (id) + { + cert = capi_find_cert(ctx, id, hstore); + if (!cert) + { + ret = 0; + goto err; + } + capi_dump_cert(ctx, out, cert); + CertFreeCertificateContext(cert); + } + else + { + for(idx = 0;;idx++) + { + LPWSTR fname = NULL; + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + break; + BIO_printf(out, "Certificate %d\n", idx); + capi_dump_cert(ctx, out, cert); + } + } + err: + CertCloseStore(hstore, 0); + return ret; + } + +static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore) + { + PCCERT_CONTEXT cert = NULL; + char *fname = NULL; + int match; + switch(ctx->lookup_method) + { + case CAPI_LU_SUBSTR: + return CertFindCertificateInStore(hstore, + X509_ASN_ENCODING, 0, + CERT_FIND_SUBJECT_STR_A, id, NULL); + case CAPI_LU_FNAME: + for(;;) + { + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + return NULL; + fname = capi_cert_get_fname(ctx, cert); + if (fname) + { + if (strcmp(fname, id)) + match = 0; + else + match = 1; + OPENSSL_free(fname); + if (match) + return cert; + } + } + default: + return NULL; + } + } + +static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec) + { + CAPI_KEY *key; + key = OPENSSL_malloc(sizeof(CAPI_KEY)); + CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", + contname, provname, ptype); + if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0)) + { + CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + goto err; + } + if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) + { + CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR); + capi_addlasterror(); + CryptReleaseContext(key->hprov, 0); + goto err; + } + key->keyspec = keyspec; + key->pcert = NULL; + return key; + + err: + OPENSSL_free(key); + return NULL; + } + +static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + CAPI_KEY *key = NULL; + CRYPT_KEY_PROV_INFO *pinfo = NULL; + char *provname = NULL, *contname = NULL; + pinfo = capi_get_prov_info(ctx, cert); + if (!pinfo) + goto err; + provname = wide_to_asc(pinfo->pwszProvName); + contname = wide_to_asc(pinfo->pwszContainerName); + if (!provname || !contname) + goto err; + key = capi_get_key(ctx, contname, provname, + pinfo->dwProvType, pinfo->dwKeySpec); + + err: + if (pinfo) + OPENSSL_free(pinfo); + if (provname) + OPENSSL_free(provname); + if (contname) + OPENSSL_free(contname); + return key; + } + +CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id) + { + PCCERT_CONTEXT cert; + HCERTSTORE hstore; + CAPI_KEY *key = NULL; + switch (ctx->lookup_method) + { + case CAPI_LU_SUBSTR: + case CAPI_LU_FNAME: + hstore = capi_open_store(ctx, NULL); + if (!hstore) + return NULL; + cert = capi_find_cert(ctx, id, hstore); + if (cert) + { + key = capi_get_cert_key(ctx, cert); + CertFreeCertificateContext(cert); + } + CertCloseStore(hstore, 0); + break; + + case CAPI_LU_CONTNAME: + key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, + ctx->keytype); + break; + } + + return key; + } + +void capi_free_key(CAPI_KEY *key) + { + if (!key) + return; + CryptDestroyKey(key->key); + CryptReleaseContext(key->hprov, 0); + if (key->pcert) + CertFreeCertificateContext(key->pcert); + OPENSSL_free(key); + } + + +/* Initialize a CAPI_CTX structure */ + +static CAPI_CTX *capi_ctx_new() + { + CAPI_CTX *ctx; + ctx = OPENSSL_malloc(sizeof(CAPI_CTX)); + if (!ctx) + { + CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + ctx->cspname = NULL; + ctx->csptype = PROV_RSA_FULL; + ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME; + ctx->keytype = AT_KEYEXCHANGE; + ctx->storename = NULL; + ctx->ssl_client_store = NULL; + ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG | + CERT_STORE_READONLY_FLAG | + CERT_SYSTEM_STORE_CURRENT_USER; + ctx->lookup_method = CAPI_LU_SUBSTR; + ctx->debug_level = 0; + ctx->debug_file = NULL; + ctx->client_cert_select = cert_select_simple; + return ctx; + } + +static void capi_ctx_free(CAPI_CTX *ctx) + { + CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx); + if (!ctx) + return; + if (ctx->cspname) + OPENSSL_free(ctx->cspname); + if (ctx->debug_file) + OPENSSL_free(ctx->debug_file); + if (ctx->storename) + OPENSSL_free(ctx->storename); + if (ctx->ssl_client_store) + OPENSSL_free(ctx->ssl_client_store); + OPENSSL_free(ctx); + } + +static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check) + { + CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type); + if (check) + { + HCRYPTPROV hprov; + if (!CryptAcquireContext(&hprov, NULL, pname, type, + CRYPT_VERIFYCONTEXT)) + { + CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + return 0; + } + CryptReleaseContext(hprov, 0); + } + ctx->cspname = BUF_strdup(pname); + ctx->csptype = type; + return 1; + } + +static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx) + { + LPSTR pname; + DWORD type; + if (capi_get_provname(ctx, &pname, &type, idx) != 1) + return 0; + return capi_ctx_set_provname(ctx, pname, type, 0); + } + +static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x) + { + int i; + X509_NAME *nm; + /* Special case: empty list: match anything */ + if (sk_X509_NAME_num(ca_dn) <= 0) + return 1; + for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) + { + nm = sk_X509_NAME_value(ca_dn, i); + if (!X509_NAME_cmp(nm, X509_get_issuer_name(x))) + return 1; + } + return 0; + } + + + +static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) + { + STACK_OF(X509) *certs = NULL; + X509 *x; + char *storename; + const char *p; + int i, client_cert_idx; + HCERTSTORE hstore; + PCCERT_CONTEXT cert = NULL, excert = NULL; + CAPI_CTX *ctx; + CAPI_KEY *key; + ctx = ENGINE_get_ex_data(e, capi_idx); + + *pcert = NULL; + *pkey = NULL; + + storename = ctx->ssl_client_store; + if (!storename) + storename = "MY"; + + hstore = capi_open_store(ctx, storename); + if (!hstore) + return 0; + /* Enumerate all certificates collect any matches */ + for(i = 0;;i++) + { + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + break; + p = cert->pbCertEncoded; + x = d2i_X509(NULL, &p, cert->cbCertEncoded); + if (!x) + { + CAPI_trace(ctx, "Can't Parse Certificate %d\n", i); + continue; + } + if (cert_issuer_match(ca_dn, x) + && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) + { + key = capi_get_cert_key(ctx, cert); + if (!key) + { + X509_free(x); + continue; + } + /* Match found: attach extra data to it so + * we can retrieve the key later. + */ + excert = CertDuplicateCertificateContext(cert); + key->pcert = excert; + X509_set_ex_data(x, cert_capi_idx, key); + + if (!certs) + certs = sk_X509_new_null(); + + sk_X509_push(certs, x); + } + else + X509_free(x); + + } + + if (cert) + CertFreeCertificateContext(cert); + if (hstore) + CertCloseStore(hstore, 0); + + if (!certs) + return 0; + + + /* Select the appropriate certificate */ + + client_cert_idx = ctx->client_cert_select(e, ssl, certs); + + /* Set the selected certificate and free the rest */ + + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + if (i == client_cert_idx) + *pcert = x; + else + { + key = X509_get_ex_data(x, cert_capi_idx); + capi_free_key(key); + X509_free(x); + } + } + + sk_X509_free(certs); + + if (!*pcert) + return 0; + + /* Setup key for selected certificate */ + + key = X509_get_ex_data(*pcert, cert_capi_idx); + *pkey = capi_get_pkey(e, key); + X509_set_ex_data(*pcert, cert_capi_idx, NULL); + + return 1; + + } + + +/* Simple client cert selection function: always select first */ + +static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) + { + return 0; + } + +#ifdef OPENSSL_CAPIENG_DIALOG + +/* More complex cert selection function, using standard function + * CryptUIDlgSelectCertificateFromStore() to produce a dialog box. + */ + +/* Definitions which are in cryptuiapi.h but this is not present in older + * versions of headers. + */ + +#ifndef CRYPTUI_SELECT_LOCATION_COLUMN +#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010 +#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004 +#endif + +#define dlg_title L"OpenSSL Application SSL Client Certificate Selection" +#define dlg_prompt L"Select a certificate to use for authentication" +#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \ + |CRYPTUI_SELECT_INTENDEDUSE_COLUMN + +static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) + { + X509 *x; + HCERTSTORE dstore; + PCCERT_CONTEXT cert; + CAPI_CTX *ctx; + CAPI_KEY *key; + HWND hwnd; + int i, idx = -1; + if (sk_X509_num(certs) == 1) + return 0; + ctx = ENGINE_get_ex_data(e, capi_idx); + /* Create an in memory store of certificates */ + dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + if (!dstore) + { + CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE); + capi_addlasterror(); + goto err; + } + /* Add all certificates to store */ + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + key = X509_get_ex_data(x, cert_capi_idx); + + if (!CertAddCertificateContextToStore(dstore, key->pcert, + CERT_STORE_ADD_NEW, NULL)) + { + CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT); + capi_addlasterror(); + goto err; + } + + } + hwnd = GetForegroundWindow(); + if (!hwnd) + hwnd = GetActiveWindow(); + if (!hwnd && ctx->getconswindow) + hwnd = ctx->getconswindow(); + /* Call dialog to select one */ + cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt, + dlg_columns, 0, NULL); + + /* Find matching cert from list */ + if (cert) + { + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + key = X509_get_ex_data(x, cert_capi_idx); + if (CertCompareCertificate( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + cert->pCertInfo, + key->pcert->pCertInfo)) + { + idx = i; + break; + } + } + } + + err: + if (dstore) + CertCloseStore(dstore, 0); + return idx; + + } +#endif + +#endif +#else /* !WIN32 */ +#include +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +IMPLEMENT_DYNAMIC_CHECK_FN() +#endif +#endif diff --git a/engines/e_capi.ec b/engines/e_capi.ec new file mode 100644 index 0000000000000..d2ad668a987ca --- /dev/null +++ b/engines/e_capi.ec @@ -0,0 +1 @@ +L CAPI e_capi_err.h e_capi_err.c diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c new file mode 100644 index 0000000000000..73bbaaa718b45 --- /dev/null +++ b/engines/e_capi_err.c @@ -0,0 +1,183 @@ +/* e_capi_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include "e_capi_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(0,func,0) +#define ERR_REASON(reason) ERR_PACK(0,0,reason) + +static ERR_STRING_DATA CAPI_str_functs[]= + { +{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"}, +{ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"}, +{ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"}, +{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"}, +{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"}, +{ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"}, +{ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"}, +{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"}, +{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"}, +{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"}, +{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"}, +{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"}, +{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"}, +{0,NULL} + }; + +static ERR_STRING_DATA CAPI_str_reasons[]= + { +{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"}, +{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"}, +{ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"}, +{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE) ,"cant set hash value"}, +{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"}, +{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"}, +{ERR_REASON(CAPI_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"}, +{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"}, +{ERR_REASON(CAPI_R_ERROR_ADDING_CERT) ,"error adding cert"}, +{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"}, +{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"}, +{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"}, +{ERR_REASON(CAPI_R_ERROR_OPENING_STORE) ,"error opening store"}, +{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH) ,"error signing hash"}, +{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"}, +{ERR_REASON(CAPI_R_GETUSERKEY_ERROR) ,"getuserkey error"}, +{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"}, +{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"}, +{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"}, +{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"}, +{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"}, +{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR) ,"pubkey export error"}, +{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"}, +{ERR_REASON(CAPI_R_UNKNOWN_COMMAND) ,"unknown command"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING) ,"unsupported padding"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"}, +{0,NULL} + }; + +#endif + +#ifdef CAPI_LIB_NAME +static ERR_STRING_DATA CAPI_lib_name[]= + { +{0 ,CAPI_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int CAPI_lib_error_code=0; +static int CAPI_error_init=1; + +static void ERR_load_CAPI_strings(void) + { + if (CAPI_lib_error_code == 0) + CAPI_lib_error_code=ERR_get_next_error_library(); + + if (CAPI_error_init) + { + CAPI_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs); + ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons); +#endif + +#ifdef CAPI_LIB_NAME + CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0); + ERR_load_strings(0,CAPI_lib_name); +#endif + } + } + +static void ERR_unload_CAPI_strings(void) + { + if (CAPI_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs); + ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons); +#endif + +#ifdef CAPI_LIB_NAME + ERR_unload_strings(0,CAPI_lib_name); +#endif + CAPI_error_init=1; + } + } + +static void ERR_CAPI_error(int function, int reason, char *file, int line) + { + if (CAPI_lib_error_code == 0) + CAPI_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line); + } diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h new file mode 100644 index 0000000000000..efdb751251894 --- /dev/null +++ b/engines/e_capi_err.h @@ -0,0 +1,123 @@ +/* ==================================================================== + * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_CAPI_ERR_H +#define HEADER_CAPI_ERR_H + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +static void ERR_load_CAPI_strings(void); +static void ERR_unload_CAPI_strings(void); +static void ERR_CAPI_error(int function, int reason, char *file, int line); +#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the CAPI functions. */ + +/* Function codes. */ +#define CAPI_F_CAPI_CERT_GET_FNAME 99 +#define CAPI_F_CAPI_CTRL 100 +#define CAPI_F_CAPI_CTX_NEW 101 +#define CAPI_F_CAPI_CTX_SET_PROVNAME 102 +#define CAPI_F_CAPI_DSA_DO_SIGN 114 +#define CAPI_F_CAPI_GET_KEY 103 +#define CAPI_F_CAPI_GET_PKEY 115 +#define CAPI_F_CAPI_GET_PROVNAME 104 +#define CAPI_F_CAPI_GET_PROV_INFO 105 +#define CAPI_F_CAPI_INIT 106 +#define CAPI_F_CAPI_LIST_CONTAINERS 107 +#define CAPI_F_CAPI_LOAD_PRIVKEY 108 +#define CAPI_F_CAPI_OPEN_STORE 109 +#define CAPI_F_CAPI_RSA_PRIV_DEC 110 +#define CAPI_F_CAPI_RSA_PRIV_ENC 111 +#define CAPI_F_CAPI_RSA_SIGN 112 +#define CAPI_F_CERT_SELECT_DIALOG 117 +#define CAPI_F_CLIENT_CERT_SELECT 116 +#define CAPI_F_WIDE_TO_ASC 113 + +/* Reason codes. */ +#define CAPI_R_CANT_CREATE_HASH_OBJECT 99 +#define CAPI_R_CANT_FIND_CAPI_CONTEXT 100 +#define CAPI_R_CANT_GET_KEY 101 +#define CAPI_R_CANT_SET_HASH_VALUE 102 +#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103 +#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104 +#define CAPI_R_DECRYPT_ERROR 105 +#define CAPI_R_ENGINE_NOT_INITIALIZED 106 +#define CAPI_R_ENUMCONTAINERS_ERROR 107 +#define CAPI_R_ERROR_ADDING_CERT 125 +#define CAPI_R_ERROR_CREATING_STORE 126 +#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108 +#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109 +#define CAPI_R_ERROR_OPENING_STORE 110 +#define CAPI_R_ERROR_SIGNING_HASH 111 +#define CAPI_R_FUNCTION_NOT_SUPPORTED 112 +#define CAPI_R_GETUSERKEY_ERROR 113 +#define CAPI_R_INVALID_DIGEST_LENGTH 124 +#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 +#define CAPI_R_INVALID_LOOKUP_METHOD 114 +#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115 +#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123 +#define CAPI_R_PUBKEY_EXPORT_ERROR 116 +#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117 +#define CAPI_R_UNKNOWN_COMMAND 118 +#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119 +#define CAPI_R_UNSUPPORTED_PADDING 120 +#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h index 482086e3b51a9..051854950a1d0 100644 --- a/engines/e_chil_err.h +++ b/engines/e_chil_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_HWCRHK_ERR_H #define HEADER_HWCRHK_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h index 9072cbe616e46..69c2a9f874455 100644 --- a/engines/e_cswift_err.h +++ b/engines/e_cswift_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CSWIFT_ERR_H #define HEADER_CSWIFT_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_gmp.c b/engines/e_gmp.c index 39da65f74bf13..a1a2d2bda6105 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -57,10 +57,10 @@ */ /* This engine is not (currently) compiled in by default. Do enable it, - * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and + * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and * headers must reside in one of the paths searched by the compiler/linker, * otherwise paths must be specified - eg. try configuring with - * "-DOPENSSL_USE_GMP -I -L -lgmp". YMMV. */ + * "enable-gmp -I -L -lgmp". YMMV. */ /* As for what this does - it's a largely unoptimised implementation of an * ENGINE that uses the GMP library to perform RSA private key operations. To @@ -85,9 +85,11 @@ #include #include #include +#include +#include #ifndef OPENSSL_NO_HW -#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) +#ifndef OPENSSL_NO_GMP #include @@ -251,27 +253,61 @@ static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) return to_return; } -/* HACK - use text I/O functions in openssl and GMP to handle conversions. This - * is vile. */ + +/* Most often limb sizes will be the same. If not, we use hex conversion + * which is neat, but extremely inefficient. */ static int bn2gmp(const BIGNUM *bn, mpz_t g) { - int toret; - char *tmpchar = BN_bn2hex(bn); - if(!tmpchar) return 0; - toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); - OPENSSL_free(tmpchar); - return toret; + bn_check_top(bn); + if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) && + (BN_BITS2 == GMP_NUMB_BITS)) + { + /* The common case */ + if(!_mpz_realloc (g, bn->top)) + return 0; + memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0])); + g->_mp_size = bn->top; + if(bn->neg) + g->_mp_size = -g->_mp_size; + return 1; + } + else + { + int toret; + char *tmpchar = BN_bn2hex(bn); + if(!tmpchar) return 0; + toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); + OPENSSL_free(tmpchar); + return toret; + } } static int gmp2bn(mpz_t g, BIGNUM *bn) { - int toret; - char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); - if(!tmpchar) return 0; - mpz_get_str(tmpchar, 16, g); - toret = BN_hex2bn(&bn, tmpchar); - OPENSSL_free(tmpchar); - return toret; + if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) && + (BN_BITS2 == GMP_NUMB_BITS)) + { + /* The common case */ + int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size; + BN_zero(bn); + if(bn_expand2 (bn, s) == NULL) + return 0; + bn->top = s; + memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0])); + bn_correct_top(bn); + bn->neg = g->_mp_size >= 0 ? 0 : 1; + return 1; + } + else + { + int toret; + char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); + if(!tmpchar) return 0; + mpz_get_str(tmpchar, 16, g); + toret = BN_hex2bn(&bn, tmpchar); + OPENSSL_free(tmpchar); + return toret; + } } #ifndef OPENSSL_NO_RSA @@ -415,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) } #endif +#endif /* !OPENSSL_NO_GMP */ + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +IMPLEMENT_DYNAMIC_CHECK_FN() +#ifndef OPENSSL_NO_GMP static int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_e_gmp_id) != 0)) @@ -426,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id) return 0; return 1; } -IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ +#else +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +#endif +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -#endif /* !OPENSSL_NO_HW_GMP */ #endif /* !OPENSSL_NO_HW */ - diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h index cf46f0ec742af..dd05dfd800ce2 100644 --- a/engines/e_gmp_err.h +++ b/engines/e_gmp_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_GMP_ERR_H #define HEADER_GMP_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h index a56bfdf30398b..219babbb457ee 100644 --- a/engines/e_nuron_err.h +++ b/engines/e_nuron_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_NURON_ERR_H #define HEADER_NURON_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h index 82af229bec7b2..ec8ed0c59bf3b 100644 --- a/engines/e_sureware_err.h +++ b/engines/e_sureware_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_SUREWARE_ERR_H #define HEADER_SUREWARE_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 8b6c98bafa20b..e8389de6a1f85 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -822,11 +822,11 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, int v_len, d_len; int to_return = 0; int fd; - BIGNUM v; + BIGNUM v, *pv = &v; BN_init(&v); - if(!bn_wexpand(&v, dsa->p->top)) { + if(!bn_wexpand(pv, dsa->p->top)) { UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL); goto err; } diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h index 3229eca5cf3d9..b10b2387f2814 100644 --- a/engines/e_ubsec_err.h +++ b/engines/e_ubsec_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_UBSEC_ERR_H #define HEADER_UBSEC_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/openssl.spec b/openssl.spec index 7ac35737acc59..a1fa1984237b8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 8 -%define librev e +%define librev i Release: 1 %define openssldir /var/ssl diff --git a/ssl/Makefile b/ssl/Makefile index ca1f0eb82e592..cb4267f5de67b 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -111,18 +111,19 @@ bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bio_ssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h -bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c +bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h +bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +bio_ssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -130,19 +131,20 @@ d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h +d1_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c +d1_both.o: ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -150,20 +152,21 @@ d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h -d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h +d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h +d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c +d1_clnt.o: kssl_lcl.h ssl_locl.h d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -192,19 +195,19 @@ d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c -d1_lib.o: ssl_locl.h +d1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -212,19 +215,19 @@ d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c -d1_meth.o: ssl_locl.h +d1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -232,12 +235,13 @@ d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h @@ -252,38 +256,40 @@ d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_srvr.o: ../include/openssl/evp.h ../include/openssl/kssl.h -d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h +d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c +d1_srvr.o: ssl_locl.h kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h -kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c +kssl.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h +kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +kssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +kssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +kssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +kssl.o: ../include/openssl/x509_vfy.h kssl.c s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -291,19 +297,20 @@ s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h +s23_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c +s23_clnt.o: ssl_locl.h s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -311,19 +318,19 @@ s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c -s23_lib.o: ssl_locl.h +s23_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -331,19 +338,19 @@ s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c -s23_meth.o: ssl_locl.h +s23_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -351,19 +358,19 @@ s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c -s23_pkt.o: ssl_locl.h +s23_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -371,19 +378,20 @@ s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h +s23_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c +s23_srvr.o: ssl_locl.h s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -391,19 +399,20 @@ s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h +s2_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c +s2_clnt.o: ssl_locl.h s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -411,19 +420,19 @@ s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c -s2_enc.o: ssl_locl.h +s2_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -431,19 +440,20 @@ s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h +s2_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c +s2_lib.o: ssl_locl.h s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -451,19 +461,19 @@ s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c -s2_meth.o: ssl_locl.h +s2_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -471,19 +481,19 @@ s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c -s2_pkt.o: ssl_locl.h +s2_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -491,19 +501,20 @@ s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h +s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c +s2_srvr.o: ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -511,27 +522,29 @@ s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h +s3_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c +s3_both.o: ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h @@ -552,19 +565,20 @@ s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h +s3_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c +s3_enc.o: ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -572,20 +586,20 @@ s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_lib.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_lib.o: s3_lib.c ssl_locl.h +s3_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -593,19 +607,19 @@ s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c -s3_meth.o: ssl_locl.h +s3_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -613,19 +627,19 @@ s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c -s3_pkt.o: ssl_locl.h +s3_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -633,21 +647,21 @@ s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/krb5_asn.h -s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_srvr.o: s3_srvr.c ssl_locl.h +s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h +s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -655,19 +669,19 @@ ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c -ssl_algs.o: ssl_locl.h +ssl_algs.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -675,19 +689,20 @@ ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_asn1.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c +ssl_asn1.o: ssl_locl.h ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -696,20 +711,20 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_cert.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -ssl_cert.o: ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_cert.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -717,55 +732,57 @@ ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c -ssl_ciph.o: ssl_locl.h +ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_err.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err2.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_err2.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err2.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -773,13 +790,15 @@ ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h +ssl_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h @@ -794,26 +813,27 @@ ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_rsa.o: ssl_rsa.c +ssl_rsa.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h +ssl_sess.o: ../include/openssl/evp.h ../include/openssl/hmac.h ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h @@ -834,19 +854,19 @@ ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_stat.o: ssl_stat.c +ssl_stat.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -854,19 +874,19 @@ ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_txt.o: ssl_txt.c +ssl_txt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -874,19 +894,20 @@ t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c +t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_clnt.o: t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -910,23 +931,25 @@ t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h t1_enc.o: t1_enc.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h -t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h -t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h +t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h +t1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +t1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +t1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +t1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +t1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h t1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h t1_lib.o: t1_lib.c t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -935,19 +958,19 @@ t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -t1_meth.o: t1_meth.c +t1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -955,16 +978,17 @@ t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c +t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_srvr.o: t1_srvr.c diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 22bd28a4bb0bc..15a201a25cf4f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -297,9 +297,9 @@ int dtls1_do_write(SSL *s, int type) { /* should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - unsigned char *p = &s->init_buf->data[s->init_off]; + unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int len; + int xlen; if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) { @@ -311,15 +311,15 @@ int dtls1_do_write(SSL *s, int type) l2n3(0,p); l2n3(msg_hdr->msg_len,p); p -= DTLS1_HM_HEADER_LENGTH; - len = ret; + xlen = ret; } else { p += DTLS1_HM_HEADER_LENGTH; - len = ret - DTLS1_HM_HEADER_LENGTH; + xlen = ret - DTLS1_HM_HEADER_LENGTH; } - ssl3_finish_mac(s, p, len); + ssl3_finish_mac(s, p, xlen); } if (ret == s->init_num) @@ -398,7 +398,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) * the potential damage caused by malformed overlaps. */ if ((unsigned int)s->init_num >= msg_hdr->msg_len) { - unsigned char *p = s->init_buf->data; + unsigned char *p = (unsigned char *)s->init_buf->data; unsigned long msg_len = msg_hdr->msg_len; /* reconstruct message header as if it was @@ -525,7 +525,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (al==0) /* no alert */ { - unsigned char *p = s->init_buf->data+DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment,frag->msg_header.frag_len); } @@ -683,7 +683,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( frag_len > 0) { - unsigned char *p=s->init_buf->data+DTLS1_HM_HEADER_LENGTH; + unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, &p[frag_off],frag_len,0); @@ -777,11 +777,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; *p++=SSL3_MT_CCS; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; s->init_num=DTLS1_CCS_HEADER_LENGTH; if (s->client_version == DTLS1_BAD_VER) { + s->d1->next_handshake_write_seq++; s2n(s->d1->handshake_write_seq,p); s->init_num+=2; } @@ -974,6 +974,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) pitem *item; hm_fragment *frag; PQ_64BIT seq64; + unsigned int epoch = s->d1->w_epoch; /* this function is called immediately after a message has * been serialized */ @@ -987,6 +988,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); + epoch++; } else { @@ -1002,7 +1004,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.is_ccs = is_ccs; pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, frag->msg_header.seq); + pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq); item = pitem_new(seq64, frag); pq_64bit_free(&seq64); diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index e8b60a45d225a..49c6760d19a76 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -214,17 +214,21 @@ int dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); - s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; + /* mark client_random uninitialized */ + memset(s->s3->client_random,0,sizeof(s->s3->client_random)); break; case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; + + /* every DTLS ClientHello resets Finished MAC */ + ssl3_init_finished_mac(s); + ret=dtls1_client_hello(s); if (ret <= 0) goto end; @@ -422,6 +426,9 @@ int dtls1_connect(SSL *s) s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; + /* mark client_random uninitialized */ + memset (s->s3->client_random,0,sizeof(s->s3->client_random)); + break; case SSL3_ST_CR_FINISHED_A: @@ -544,9 +551,15 @@ int dtls1_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + /* if client_random is initialized, reuse it, we are + * required to use same upon reply to HelloVerify */ + for (i=0;p[i]=='\0' && is3->client_random);i++) ; + if (i==sizeof(s->s3->client_random)) + { + Time=(unsigned long)time(NULL); /* Time */ + l2n(Time,p); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + } /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); @@ -732,7 +745,7 @@ int dtls1_send_client_key_exchange(SSL *s) s->session->master_key_length=sizeof tmp_buf; q=p; - /* Fix buf for TLS and beyond */ + /* Fix buf for TLS and [incidentally] DTLS */ if (s->version > SSL3_VERSION) p+=2; n=RSA_public_encrypt(sizeof tmp_buf, @@ -747,7 +760,7 @@ int dtls1_send_client_key_exchange(SSL *s) goto err; } - /* Fix buf for TLS and beyond */ + /* Fix buf for TLS and [incidentally] DTLS */ if (s->version > SSL3_VERSION) { s2n(n,q); @@ -1082,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d07a212faceab..fc088b4148938 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -188,3 +188,23 @@ void dtls1_clear(SSL *s) ssl3_clear(s); s->version=DTLS1_VERSION; } + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +SSL_CIPHER *dtls1_get_cipher(unsigned int u) + { + SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) + { + if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + return NULL; + } + + return ciph; + } diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 8270419a8dcea..b2765ba8019ff 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -120,6 +120,7 @@ #include #include #include +#include static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, int len, int peek); @@ -486,9 +487,9 @@ int dtls1_get_record(SSL *s) SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; - short version; + unsigned short version; DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; + unsigned int is_next_epoch; rr= &(s->s3->rrec); sess=s->session; @@ -524,7 +525,7 @@ again: ssl_minor= *(p++); version=(ssl_major<<8)|ssl_minor; - /* sequence number is 64 bits, with top 2 bytes = epoch */ + /* sequence number is 64 bits, with top 2 bytes = epoch */ n2s(p,rr->epoch); memcpy(&(s->s3->read_sequence[2]), p, 6); @@ -535,7 +536,7 @@ again: /* Lets check version */ if (!s->first_packet) { - if (version != s->version) + if (version != s->version && version != DTLS1_BAD_VER) { SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); /* Send back error using their @@ -546,7 +547,8 @@ again: } } - if ((version & 0xff00) != (DTLS1_VERSION & 0xff00)) + if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && + (version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto err; @@ -559,6 +561,7 @@ again: goto f_err; } + s->client_version = version; /* now s->rstate == SSL_ST_READ_BODY */ } @@ -808,6 +811,14 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + /* + * for normal alerts rr->length is 2, while + * dest_maxlen is 7 if we were to handle this + * non-existing alert... + */ + FIX ME +#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -973,47 +984,40 @@ start: } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - struct ccs_header_st ccs_hdr; + { + struct ccs_header_st ccs_hdr; dtls1_get_ccs_header(rr->data, &ccs_hdr); - if ( ccs_hdr.seq == s->d1->handshake_read_seq) - { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; - } - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - rr->data, 1, s, s->msg_callback_arg); - - s->s3->change_cipher_spec=1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - /* do this whenever CCS is processed */ - dtls1_reset_seq_numbers(s, SSL3_CC_READ); - - /* handshake read seq is reset upon handshake completion */ - s->d1->handshake_read_seq++; - - goto start; - } - else + /* 'Change Cipher Spec' is just a single byte, so we know + * exactly what the record payload has to look like */ + /* XDTLS: check that epoch is consistent */ + if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || + (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || + (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - rr->length = 0; - goto start; + i=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); + goto err; } + + rr->length=0; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, + rr->data, 1, s, s->msg_callback_arg); + + s->s3->change_cipher_spec=1; + if (!ssl3_do_change_cipher_spec(s)) + goto err; + + /* do this whenever CCS is processed */ + dtls1_reset_seq_numbers(s, SSL3_CC_READ); + + if (s->client_version == DTLS1_BAD_VER) + s->d1->handshake_read_seq++; + + goto start; } /* Unexpected handshake message (Client Hello, or protocol violation) */ @@ -1255,7 +1259,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len) else s->s3->wnum += i; - return tot + i; + return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) @@ -1341,8 +1345,12 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, *(p++)=type&0xff; wr->type=type; - *(p++)=(s->version>>8); - *(p++)=s->version&0xff; + if (s->client_version == DTLS1_BAD_VER) + *(p++) = DTLS1_BAD_VER>>8, + *(p++) = DTLS1_BAD_VER&0xff; + else + *(p++)=(s->version>>8), + *(p++)=s->version&0xff; /* field where we are to write out packet epoch, seq num and len */ pseq=p; @@ -1397,8 +1405,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, /* ssl3_enc can only have an error on read */ - wr->length += bs; /* bs != 0 in case of CBC. The enc fn provides - * the randomness */ + if (bs) /* bs != 0 in case of CBC */ + { + RAND_pseudo_bytes(p,bs); + /* master IV and last CBC residue stand for + * the rest of randomness */ + wr->length += bs; + } + s->method->ssl3_enc->enc(s,1); /* record length after mac and block padding */ @@ -1570,7 +1584,7 @@ int dtls1_dispatch_alert(SSL *s) { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; s->s3->alert_dispatch=0; @@ -1579,6 +1593,7 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); @@ -1594,6 +1609,7 @@ int dtls1_dispatch_alert(SSL *s) #endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } +#endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); if (i <= 0) @@ -1603,8 +1619,11 @@ int dtls1_dispatch_alert(SSL *s) } else { - if ( s->s3->send_alert[0] == SSL3_AL_FATAL || - s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) + if (s->s3->send_alert[0] == SSL3_AL_FATAL +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +#endif + ) (void)BIO_flush(s->wbio); if (s->msg_callback) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 475e6095fd803..0bbf8ae7f311b 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -285,6 +285,10 @@ int dtls1_accept(SSL *s) s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; + + /* HelloVerifyRequests resets Finished MAC */ + if (s->client_version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: @@ -620,20 +624,24 @@ int dtls1_send_hello_verify_request(SSL *s) buf = (unsigned char *)s->init_buf->data; msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++) = s->version >> 8; - *(p++) = s->version & 0xFF; + if (s->client_version == DTLS1_BAD_VER) + *(p++) = DTLS1_BAD_VER>>8, + *(p++) = DTLS1_BAD_VER&0xff; + else + *(p++) = s->version >> 8, + *(p++) = s->version & 0xFF; - *(p++) = (unsigned char) s->d1->cookie_len; - if ( s->ctx->app_gen_cookie_cb != NULL && - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) - { + if (s->ctx->app_gen_cookie_cb != NULL && + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) + { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); - return 0; - } - /* else the cookie is assumed to have - * been initialized by the application */ + return 0; + } + /* else the cookie is assumed to have + * been initialized by the application */ + *(p++) = (unsigned char) s->d1->cookie_len; memcpy(p, s->d1->cookie, s->d1->cookie_len); p += s->d1->cookie_len; msg_len = p - msg; @@ -672,8 +680,12 @@ int dtls1_send_server_hello(SSL *s) /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++)=s->version>>8; - *(p++)=s->version&0xff; + if (s->client_version == DTLS1_BAD_VER) + *(p++)=DTLS1_BAD_VER>>8, + *(p++)=DTLS1_BAD_VER&0xff; + else + *(p++)=s->version>>8, + *(p++)=s->version&0xff; /* Random stuff */ memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); @@ -720,7 +732,7 @@ int dtls1_send_server_hello(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; @@ -729,7 +741,7 @@ int dtls1_send_server_hello(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -753,7 +765,7 @@ int dtls1_send_server_done(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -1009,6 +1021,7 @@ int dtls1_send_certificate_request(SSL *s) STACK_OF(X509_NAME) *sk=NULL; X509_NAME *name; BUF_MEM *buf; + unsigned int msg_len; if (s->state == SSL3_ST_SW_CERT_REQ_A) { @@ -1086,6 +1099,10 @@ int dtls1_send_certificate_request(SSL *s) #endif /* XDTLS: set message header ? */ + msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; + dtls1_set_message_header(s, (void *)s->init_buf->data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); + /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 0); diff --git a/ssl/dtls1.h b/ssl/dtls1.h index a663cf85f282d..f159d3711026a 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -70,7 +70,10 @@ extern "C" { #define DTLS1_VERSION 0xFEFF #define DTLS1_BAD_VER 0x0100 +#if 0 +/* this alert description is not specified anywhere... */ #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +#endif /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 32 @@ -84,7 +87,11 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #define DTLS1_AL_HEADER_LENGTH 7 +#else +#define DTLS1_AL_HEADER_LENGTH 2 +#endif typedef struct dtls1_bitmap_st diff --git a/ssl/kssl.c b/ssl/kssl.c index 106428273078b..6da75e6416299 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -2196,7 +2196,7 @@ krb5_error_code kssl_build_principal_2( #else /* !OPENSSL_NO_KRB5 */ #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) -static int dummy=(int)&dummy; +static void *dummy=&dummy; #endif #endif /* !OPENSSL_NO_KRB5 */ diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 769dabdbb83cd..bc918170e1026 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -223,6 +223,17 @@ static int ssl23_client_hello(SSL *s) { version = SSL2_VERSION; } +#ifndef OPENSSL_NO_TLSEXT + if (version != SSL2_VERSION) + { + /* have to disable SSL 2.0 compatibility if we need TLS extensions */ + + if (s->tlsext_hostname != NULL) + ssl2_compat = 0; + if (s->tlsext_status_type != -1) + ssl2_compat = 0; + } +#endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) @@ -246,6 +257,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } +#ifdef OPENSSL_FIPS + else if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return -1; + } +#endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; @@ -360,6 +379,13 @@ static int ssl23_client_hello(SSL *s) *(p++)=comp->id; } *(p++)=0; /* Add the NULL method */ +#ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } +#endif l = p-d; *p = 42; @@ -518,6 +544,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 6637bb954906d..ba06e7ae2eb93 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) } } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (s->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index ce60de630a7a8..e2a90a3ca26b9 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -466,11 +466,11 @@ static int get_server_hello(SSL *s) return(-1); } - sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); + (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); /* get the array of ciphers we will accept */ cl=SSL_get_ciphers(s); - sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); + (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); /* * If server preference flag set, choose the first diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 27d71a2e0952e..0daf2b129df3c 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -607,7 +607,7 @@ static int get_client_hello(SSL *s) else { i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), - s->s2->tmp.session_id_length); + s->s2->tmp.session_id_length, NULL); if (i == 1) { /* previous session */ s->hit=1; @@ -657,7 +657,7 @@ static int get_client_hello(SSL *s) { if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) { - sk_SSL_CIPHER_delete(prio,z); + (void)sk_SSL_CIPHER_delete(prio,z); z--; } } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 278be82294cde..d583ebcc802d8 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -130,13 +130,23 @@ #include #include #include +#ifdef OPENSSL_FIPS +#include +#endif + #ifndef OPENSSL_NO_DH #include #endif #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif static SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); +#ifndef OPENSSL_NO_TLSEXT +static int ssl3_check_finished(SSL *s); +#endif #ifndef OPENSSL_NO_ECDH static int curve_id2nid(int curve_id); @@ -264,15 +274,43 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: +#ifndef OPENSSL_NO_TLSEXT + ret=ssl3_check_finished(s); + if (ret <= 0) goto end; + if (ret == 2) + { + s->hit = 1; + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_CR_SESSION_TICKET_A; + else + s->state=SSL3_ST_CR_FINISHED_A; + s->init_num=0; + break; + } +#endif /* Check if it is anon DH/ECDH */ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_CR_CERT_STATUS_A; + else + s->state=SSL3_ST_CR_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_CR_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_CR_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -416,11 +454,36 @@ int ssl3_connect(SSL *s) } else { +#ifndef OPENSSL_NO_TLSEXT + /* Allow NewSessionTicket if ticket expected */ + if (s->tlsext_ticket_expected) + s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; + else +#endif + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; break; +#ifndef OPENSSL_NO_TLSEXT + case SSL3_ST_CR_SESSION_TICKET_A: + case SSL3_ST_CR_SESSION_TICKET_B: + ret=ssl3_get_new_session_ticket(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_FINISHED_A; + s->init_num=0; + break; + + case SSL3_ST_CR_CERT_STATUS_A: + case SSL3_ST_CR_CERT_STATUS_B: + ret=ssl3_get_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_KEY_EXCH_A; + s->init_num=0; + break; +#endif + case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: @@ -600,7 +663,13 @@ int ssl3_client_hello(SSL *s) } #endif *(p++)=0; /* Add the NULL method */ - +#ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { + SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + goto err; + } +#endif l=(p-d); d=buf; *(d++)=SSL3_MT_CLIENT_HELLO; @@ -634,7 +703,7 @@ int ssl3_get_server_hello(SSL *s) SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, -1, - 300, /* ?? */ + 20000, /* ?? */ &ok); if (!ok) return((int)n); @@ -784,6 +853,24 @@ int ssl3_get_server_hello(SSL *s) s->s3->tmp.new_compression=comp; } #endif +#ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ + if (s->version > SSL3_VERSION) + { + if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) + { + /* 'al' set by ssl_parse_serverhello_tlsext */ + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); + goto f_err; + } + if (ssl_check_serverhello_tlsext(s) <= 0) + { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); + goto err; + } + } +#endif + if (p != (d+n)) { @@ -821,7 +908,9 @@ int ssl3_get_server_certificate(SSL *s) if (!ok) return((int)n); - if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) + if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || + ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && + (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) { s->s3->tmp.reuse_message=1; return(1); @@ -1333,6 +1422,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); @@ -1588,6 +1679,143 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } +#ifndef OPENSSL_NO_TLSEXT +int ssl3_get_new_session_ticket(SSL *s) + { + int ok,al,ret=0, ticklen; + long n; + const unsigned char *p; + unsigned char *d; + + n=s->method->ssl_get_message(s, + SSL3_ST_CR_SESSION_TICKET_A, + SSL3_ST_CR_SESSION_TICKET_B, + -1, + 16384, + &ok); + + if (!ok) + return((int)n); + + if (s->s3->tmp.message_type == SSL3_MT_FINISHED) + { + s->s3->tmp.reuse_message=1; + return(1); + } + if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); + goto f_err; + } + if (n < 6) + { + /* need at least ticket_lifetime_hint + ticket length */ + al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + p=d=(unsigned char *)s->init_msg; + n2l(p, s->session->tlsext_tick_lifetime_hint); + n2s(p, ticklen); + /* ticket_lifetime_hint + ticket_length + ticket */ + if (ticklen + 6 != n) + { + al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (s->session->tlsext_tick) + { + OPENSSL_free(s->session->tlsext_tick); + s->session->tlsext_ticklen = 0; + } + s->session->tlsext_tick = OPENSSL_malloc(ticklen); + if (!s->session->tlsext_tick) + { + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(s->session->tlsext_tick, p, ticklen); + s->session->tlsext_ticklen = ticklen; + + ret=1; + return(ret); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +int ssl3_get_cert_status(SSL *s) + { + int ok, al; + unsigned long resplen; + long n; + const unsigned char *p; + + n=s->method->ssl_get_message(s, + SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, + SSL3_MT_CERTIFICATE_STATUS, + 16384, + &ok); + + if (!ok) return((int)n); + if (n < 4) + { + /* need at least status type + length */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + p = (unsigned char *)s->init_msg; + if (*p++ != TLSEXT_STATUSTYPE_ocsp) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); + goto f_err; + } + n2l3(p, resplen); + if (resplen + 4 != n) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = BUF_memdup(p, resplen); + if (!s->tlsext_ocsp_resp) + { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); + goto f_err; + } + s->tlsext_ocsp_resplen = resplen; + if (s->ctx->tlsext_status_cb) + { + int ret; + ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (ret == 0) + { + al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); + goto f_err; + } + if (ret < 0) + { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); + goto f_err; + } + } + return 1; +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return(-1); + } +#endif int ssl3_get_server_done(SSL *s) { @@ -1842,6 +2070,13 @@ int ssl3_send_client_key_exchange(SSL *s) { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else @@ -2222,8 +2457,7 @@ int ssl3_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; @@ -2292,18 +2526,18 @@ int ssl3_check_cert_and_algorithm(SSL *s) sc=s->session->sess_cert; - if (sc == NULL) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); - goto err; - } - algs=s->s3->tmp.new_cipher->algorithms; /* we don't have a certificate */ if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) return(1); + if (sc == NULL) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); + goto err; + } + #ifndef OPENSSL_NO_RSA rsa=s->session->sess_cert->peer_rsa_tmp; #endif @@ -2456,3 +2690,55 @@ static int curve_id2nid(int curve_id) return nid_list[curve_id]; } #endif + +/* Check to see if handshake is full or resumed. Usually this is just a + * case of checking to see if a cache hit has occurred. In the case of + * session tickets we have to check the next message to be sure. + */ + +#ifndef OPENSSL_NO_TLSEXT +static int ssl3_check_finished(SSL *s) + { + int ok; + long n; + /* If we have no ticket or session ID is non-zero length (a match of + * a non-zero session length would never reach here) it cannot be a + * resumed session. + */ + if (!s->session->tlsext_tick || s->session->session_id_length) + return 1; + /* this function is called when we really expect a Certificate + * message, so permit appropriate message length */ + n=s->method->ssl_get_message(s, + SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, + -1, + s->max_cert_list, + &ok); + if (!ok) return((int)n); + s->s3->tmp.reuse_message = 1; + if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) + || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) + return 2; + + return 1; + } +#endif + +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) + { + int i = 0; +#ifndef OPENSSL_NO_ENGINE + if (s->ctx->client_cert_engine) + { + i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, + SSL_get_client_CA_list(s), + px509, ppkey, NULL, NULL, NULL); + if (i != 0) + return i; + } +#endif + if (s->ctx->client_cert_cb) + i = s->ctx->client_cert_cb(s,px509,ppkey); + return i; + } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2859351b001f6..06e54666b2774 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -146,6 +146,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) #endif k=0; EVP_MD_CTX_init(&m5); + EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i=0; (int)is3->finish_dgst1), + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } @@ -554,6 +557,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 28eaf9ddeb8e1..8916a0b1b3c71 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -158,7 +158,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 0, 0, 0, @@ -264,7 +264,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -304,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -343,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -384,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -423,7 +423,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -488,7 +488,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -542,11 +542,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #endif #ifndef OPENSSL_NO_KRB5 -/* The Kerberos ciphers -** 20000107 VRS: And the first shall be last, -** in hopes of avoiding the lynx ssl renegotiation problem. -*/ -/* Cipher 1E VRS */ +/* The Kerberos ciphers */ +/* Cipher 1E */ { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, @@ -560,13 +557,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 1F VRS */ +/* Cipher 1F */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_SHA, SSL3_CK_KRB5_DES_192_CBC3_SHA, SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -574,7 +571,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 20 VRS */ +/* Cipher 20 */ { 1, SSL3_TXT_KRB5_RC4_128_SHA, @@ -588,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 21 VRS */ +/* Cipher 21 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_SHA, @@ -602,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 22 VRS */ +/* Cipher 22 */ { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -616,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 23 VRS */ +/* Cipher 23 */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_MD5, @@ -630,7 +627,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 24 VRS */ +/* Cipher 24 */ { 1, SSL3_TXT_KRB5_RC4_128_MD5, @@ -644,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 25 VRS */ +/* Cipher 25 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_MD5, @@ -658,7 +655,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 26 VRS */ +/* Cipher 26 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, @@ -672,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 27 VRS */ +/* Cipher 27 */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, @@ -686,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 28 VRS */ +/* Cipher 28 */ { 1, SSL3_TXT_KRB5_RC4_40_SHA, @@ -700,7 +697,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 29 VRS */ +/* Cipher 29 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, @@ -714,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 2A VRS */ +/* Cipher 2A */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, @@ -728,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 2B VRS */ +/* Cipher 2B */ { 1, SSL3_TXT_KRB5_RC4_40_MD5, @@ -742,15 +739,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_KRB5 */ -/* New AES ciphersuites */ +/* New AES ciphersuites */ /* Cipher 2F */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -763,7 +760,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_DSS_WITH_AES_128_SHA, TLS1_CK_DH_DSS_WITH_AES_128_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -776,7 +773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_RSA_WITH_AES_128_SHA, TLS1_CK_DH_RSA_WITH_AES_128_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -789,7 +786,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, TLS1_CK_DHE_DSS_WITH_AES_128_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -802,7 +799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -815,7 +812,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -829,7 +826,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -842,7 +839,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_DSS_WITH_AES_256_SHA, TLS1_CK_DH_DSS_WITH_AES_256_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -855,7 +852,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_RSA_WITH_AES_256_SHA, TLS1_CK_DH_RSA_WITH_AES_256_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -868,7 +865,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, TLS1_CK_DHE_DSS_WITH_AES_256_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -881,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -894,7 +891,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -1165,6 +1162,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif /* OPENSSL_NO_CAMELLIA */ +#ifndef OPENSSL_NO_SEED + /* SEED ciphersuites from RFC4162 */ + + /* Cipher 96 */ + { + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 97 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_SEED_SHA, + TLS1_CK_DH_DSS_WITH_SEED_SHA, + SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 98 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_SEED_SHA, + TLS1_CK_DH_RSA_WITH_SEED_SHA, + SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 99 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 9A */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + + /* Cipher 9B */ + { + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +#endif /* OPENSSL_NO_SEED */ + #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { @@ -1818,6 +1904,77 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; #endif /* !OPENSSL_NO_ECDH */ +#ifndef OPENSSL_NO_TLSEXT + case SSL_CTRL_SET_TLSEXT_HOSTNAME: + if (larg == TLSEXT_NAMETYPE_host_name) + { + if (s->tlsext_hostname != NULL) + OPENSSL_free(s->tlsext_hostname); + s->tlsext_hostname = NULL; + + ret = 1; + if (parg == NULL) + break; + if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) + { + SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); + return 0; + } + if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) + { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); + return 0; + } + } + else + { + SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + return 0; + } + break; + case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: + s->tlsext_debug_arg=parg; + ret = 1; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + s->tlsext_status_type=larg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: + *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + ret = 1; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: + s->tlsext_ocsp_exts = parg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: + *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + ret = 1; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: + s->tlsext_ocsp_ids = parg; + ret = 1; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: + *(unsigned char **)parg = s->tlsext_ocsp_resp; + return s->tlsext_ocsp_resplen; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = parg; + s->tlsext_ocsp_resplen = larg; + ret = 1; + break; + +#endif /* !OPENSSL_NO_TLSEXT */ default: break; } @@ -1868,6 +2025,12 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; +#endif +#ifndef OPENSSL_NO_TLSEXT + case SSL_CTRL_SET_TLSEXT_DEBUG_CB: + s->tlsext_debug_cb=(void (*)(SSL *,int ,int, + unsigned char *, int, void *))fp; + break; #endif default: break; @@ -2002,6 +2165,42 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } break; #endif /* !OPENSSL_NO_ECDH */ +#ifndef OPENSSL_NO_TLSEXT + case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: + ctx->tlsext_servername_arg=parg; + break; + case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: + { + unsigned char *keys = parg; + if (!keys) + return 48; + if (larg != 48) + { + SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; + } + if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) + { + memcpy(ctx->tlsext_tick_key_name, keys, 16); + memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); + } + else + { + memcpy(keys, ctx->tlsext_tick_key_name, 16); + memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + } + return 1; + } + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: + ctx->tlsext_status_arg=parg; + return 1; + break; + +#endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) @@ -2046,6 +2245,23 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; +#endif +#ifndef OPENSSL_NO_TLSEXT + case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: + ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; + break; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: + ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; + break; + + case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: + ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, + unsigned char *, + EVP_CIPHER_CTX *, + HMAC_CTX *, int))fp; + break; + #endif default: return(0); @@ -2092,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c,*ret=NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i,j,ok; + CERT *cert; unsigned long alg,mask,emask; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 44c7c143fe7e9..72853a2e728fd 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { + if (s->session == NULL) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); + return (0); + } + s->session->cipher=s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) return(0); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9414cf09fb640..398ce469d6824 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -132,6 +132,7 @@ #include #include #include +#include #include #ifndef OPENSSL_NO_DH #include @@ -143,7 +144,6 @@ #include static SSL_METHOD *ssl3_get_server_method(int ver); - #ifndef OPENSSL_NO_ECDH static int nid2curve_id(int nid); #endif @@ -290,9 +290,18 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_B: ret=ssl3_send_server_hello(s); if (ret <= 0) goto end; - +#ifndef OPENSSL_NO_TLSEXT if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; + { + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_SW_SESSION_TICKET_A; + else + s->state=SSL3_ST_SW_CHANGE_A; + } +#else + if (s->hit) + s->state=SSL3_ST_SW_CHANGE_A; +#endif else s->state=SSL3_ST_SW_CERT_A; s->init_num=0; @@ -306,10 +315,24 @@ int ssl3_accept(SSL *s) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_SW_CERT_STATUS_A; + else + s->state=SSL3_ST_SW_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_SW_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_SW_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -494,11 +517,34 @@ int ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->hit) s->state=SSL_ST_OK; +#ifndef OPENSSL_NO_TLSEXT + else if (s->tlsext_ticket_expected) + s->state=SSL3_ST_SW_SESSION_TICKET_A; +#endif else s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; +#ifndef OPENSSL_NO_TLSEXT + case SSL3_ST_SW_SESSION_TICKET_A: + case SSL3_ST_SW_SESSION_TICKET_B: + ret=ssl3_send_newsession_ticket(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_CHANGE_A; + s->init_num=0; + break; + + case SSL3_ST_SW_CERT_STATUS_A: + case SSL3_ST_SW_CERT_STATUS_B: + ret=ssl3_send_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_KEY_EXCH_A; + s->init_num=0; + break; + +#endif + case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: @@ -699,7 +745,8 @@ int ssl3_get_client_hello(SSL *s) s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; - if (s->client_version < s->version) + if ((s->version == DTLS1_VERSION && s->client_version > s->version) || + (s->version != DTLS1_VERSION && s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version>>8) == SSL3_VERSION_MAJOR) @@ -727,14 +774,14 @@ int ssl3_get_client_hello(SSL *s) * might be written that become totally unsecure when compiled with * an earlier library version) */ - if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) + if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s,1)) goto err; } else { - i=ssl_get_prev_session(s,p,j); + i=ssl_get_prev_session(s, p, j, d + n); if (i == 1) { /* previous session */ s->hit=1; @@ -750,7 +797,7 @@ int ssl3_get_client_hello(SSL *s) p+=j; - if (SSL_version(s) == DTLS1_VERSION) + if (s->version == DTLS1_VERSION) { /* cookie stuff */ cookie_len = *(p++); @@ -897,6 +944,22 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } +#ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ + if (s->version > SSL3_VERSION) + { + if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) + { + /* 'al' set by ssl_parse_clienthello_tlsext */ + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); + goto f_err; + } + } + if (ssl_check_clienthello_tlsext(s) <= 0) { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } +#endif /* Worst case, we will use the NULL compression, but if we have other * options, we will now look for them. We have i-1 compression * algorithms from the client, starting at q. */ @@ -1061,8 +1124,16 @@ int ssl3_send_server_hello(SSL *s) * session-id if we want it to be single use. * Currently I will not implement the '0' length session-id * 12-Jan-98 - I'll now support the '0' length stuff. + * + * We also have an additional case where stateless session + * resumption is successful: we always send back the old + * session id. In this case s->hit is non zero: this can + * only happen if stateless session resumption is succesful + * if session caching is disabled so existing functionality + * is unaffected. */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) + if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit) s->session->session_id_length=0; sl=s->session->session_id_length; @@ -1088,20 +1159,26 @@ int ssl3_send_server_hello(SSL *s) else *(p++)=s->s3->tmp.new_compression->id; #endif - +#ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } +#endif /* do the header */ l=(p-d); d=buf; *(d++)=SSL3_MT_SERVER_HELLO; l2n3(l,d); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -1125,7 +1202,7 @@ int ssl3_send_server_done(SSL *s) s->init_off=0; } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -1463,6 +1540,8 @@ int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); @@ -1711,8 +1790,9 @@ int ssl3_get_client_key_exchange(SSL *s) rsa=pkey->pkey.rsa; } - /* TLS */ - if (s->version > SSL3_VERSION) + /* TLS and [incidentally] DTLS, including pre-0.9.8f */ + if (s->version > SSL3_VERSION && + s->client_version != DTLS1_BAD_VER) { n2s(p,i); if (n != i+2) @@ -1997,7 +2077,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the @@ -2007,8 +2087,7 @@ int ssl3_get_client_key_exchange(SSL *s) * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. * (Perhaps we should have a separate BUG value for the Kerberos cipher) */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); @@ -2616,3 +2695,145 @@ static int nid2curve_id(int nid) } } #endif +#ifndef OPENSSL_NO_TLSEXT +int ssl3_send_newsession_ticket(SSL *s) + { + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) + { + unsigned char *p, *senc, *macstart; + int len, slen; + unsigned int hlen; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char key_name[16]; + + /* get session encoding length */ + slen = i2d_SSL_SESSION(s->session, NULL); + /* Some length values are 16 bits, so forget it if session is + * too long + */ + if (slen > 0xFF00) + return -1; + /* Grow buffer if need be: the length calculation is as + * follows 1 (size of message name) + 3 (message length + * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + + * 16 (key name) + max_iv_len (iv length) + + * session_length + max_enc_block_size (max encrypted session + * length) + max_md_size (HMAC). + */ + if (!BUF_MEM_grow(s->init_buf, + 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + + EVP_MAX_MD_SIZE + slen)) + return -1; + senc = OPENSSL_malloc(slen); + if (!senc) + return -1; + p = senc; + i2d_SSL_SESSION(s->session, &p); + + p=(unsigned char *)s->init_buf->data; + /* do the header */ + *(p++)=SSL3_MT_NEWSESSION_TICKET; + /* Skip message length for now */ + p += 3; + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + /* Initialize HMAC and cipher contexts. If callback present + * it does all the work otherwise use generated values + * from parent ctx. + */ + if (s->ctx->tlsext_ticket_key_cb) + { + if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + &hctx, 1) < 0) + { + OPENSSL_free(senc); + return -1; + } + } + else + { + RAND_pseudo_bytes(iv, 16); + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + s->ctx->tlsext_tick_aes_key, iv); + HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL); + memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); + } + l2n(s->session->tlsext_tick_lifetime_hint, p); + /* Skip ticket length for now */ + p += 2; + /* Output key name */ + macstart = p; + memcpy(p, key_name, 16); + p += 16; + /* output IV */ + memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); + p += EVP_CIPHER_CTX_iv_length(&ctx); + /* Encrypt session data */ + EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + p += len; + EVP_EncryptFinal(&ctx, p, &len); + p += len; + EVP_CIPHER_CTX_cleanup(&ctx); + + HMAC_Update(&hctx, macstart, p - macstart); + HMAC_Final(&hctx, p, &hlen); + HMAC_CTX_cleanup(&hctx); + + p += hlen; + /* Now write out lengths: p points to end of data written */ + /* Total length */ + len = p - (unsigned char *)s->init_buf->data; + p=(unsigned char *)s->init_buf->data + 1; + l2n3(len - 4, p); /* Message length */ + p += 4; + s2n(len - 10, p); /* Ticket length */ + + /* number of bytes to write */ + s->init_num= len; + s->state=SSL3_ST_SW_SESSION_TICKET_B; + s->init_off=0; + OPENSSL_free(senc); + } + + /* SSL3_ST_SW_SESSION_TICKET_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +int ssl3_send_cert_status(SSL *s) + { + if (s->state == SSL3_ST_SW_CERT_STATUS_A) + { + unsigned char *p; + /* Grow buffer if need be: the length calculation is as + * follows 1 (message type) + 3 (message length) + + * 1 (ocsp response type) + 3 (ocsp response length) + * + (ocsp response) + */ + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + return -1; + + p=(unsigned char *)s->init_buf->data; + + /* do the header */ + *(p++)=SSL3_MT_CERTIFICATE_STATUS; + /* message length */ + l2n3(s->tlsext_ocsp_resplen + 4, p); + /* status type */ + *(p++)= s->tlsext_status_type; + /* length of OCSP response */ + l2n3(s->tlsext_ocsp_resplen, p); + /* actual response */ + memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); + /* number of bytes to write */ + s->init_num = 8 + s->tlsext_ocsp_resplen; + s->state=SSL3_ST_SW_CERT_STATUS_B; + s->init_off = 0; + } + + /* SSL3_ST_SW_CERT_STATUS_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } +#endif diff --git a/ssl/ssl.h b/ssl/ssl.h index 85f72e0ae9869..ff8a128d3c2d7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -187,6 +187,7 @@ #include #endif #include +#include #include #include @@ -251,6 +252,7 @@ extern "C" { #define SSL_TXT_LOW "LOW" #define SSL_TXT_MEDIUM "MEDIUM" #define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" #define SSL_TXT_kFZA "kFZA" #define SSL_TXT_aFZA "aFZA" #define SSL_TXT_eFZA "eFZA" @@ -281,6 +283,7 @@ extern "C" { #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" #define SSL_TXT_AES "AES" #define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" @@ -316,11 +319,7 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#ifdef OPENSSL_NO_CAMELLIA -# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ -#else -# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ -#endif +#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 @@ -363,9 +362,6 @@ typedef struct ssl_cipher_st DECLARE_STACK_OF(SSL_CIPHER) -typedef struct ssl_st SSL; -typedef struct ssl_ctx_st SSL_CTX; - /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ typedef struct ssl_method_st { @@ -477,6 +473,13 @@ typedef struct ssl_session_st /* These are used to make removal of session-ids more * efficient and to implement a maximum cache size. */ struct ssl_session_st *prev,*next; +#ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +#endif } SSL_SESSION; @@ -505,6 +508,8 @@ typedef struct ssl_session_st #define SSL_OP_NO_QUERY_MTU 0x00001000L /* Turn on Cookie Exchange (on relevant for servers) */ #define SSL_OP_COOKIE_EXCHANGE 0x00002000L +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET 0x00004000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L @@ -752,6 +757,33 @@ struct ssl_ctx_st #endif int quiet_shutdown; + +#ifndef OPENSSL_ENGINE + /* Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +#endif + +#ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback)(SSL*, int *, void *); + void *tlsext_servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb)(SSL *ssl, void *arg); + void *tlsext_status_arg; +#endif + }; #define SSL_SESS_CACHE_OFF 0x0000 @@ -801,6 +833,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type, void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); @@ -973,6 +1008,37 @@ struct ssl_st int first_packet; int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ +#ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb)(SSL *s, int client_server, int type, + unsigned char *data, int len, + void *arg); + void *tlsext_debug_arg; + char *tlsext_hostname; + int servername_done; /* no further mod of servername + 0 : call the servername extension callback. + 1 : prepare 2, allow last ack just after in server callback. + 2 : don't call servername callback, no ack in server hello + */ + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx +#else +#define session_ctx ctx +#endif }; #ifdef __cplusplus @@ -1118,6 +1184,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1176,6 +1246,29 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_GET_MAX_CERT_LIST 50 #define SSL_CTRL_SET_MAX_CERT_LIST 51 +/* see tls1.h for macros based on these */ +#ifndef OPENSSL_NO_TLSEXT +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 + +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +#endif + #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) #define SSL_num_renegotiations(ssl) \ @@ -1448,6 +1541,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, SSL_SESSION *SSL_get_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl,int type,int val)); void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); @@ -1615,9 +1709,11 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_CONNECT 132 #define SSL_F_SSL3_CTRL 213 #define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 #define SSL_F_SSL3_ENC 134 #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_STATUS 288 #define SSL_F_SSL3_GET_CERT_VERIFY 136 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 #define SSL_F_SSL3_GET_CLIENT_HELLO 138 @@ -1625,10 +1721,12 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_GET_FINISHED 140 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 #define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 #define SSL_F_SSL3_GET_RECORD 143 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 #define SSL_F_SSL3_GET_SERVER_DONE 145 #define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_NEW_SESSION_TICKET 284 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 #define SSL_F_SSL3_PEEK 235 #define SSL_F_SSL3_READ_BYTES 148 @@ -1644,8 +1742,10 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 #define SSL_F_SSL3_WRITE_BYTES 158 #define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 #define SSL_F_SSL_BAD_METHOD 160 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 #define SSL_F_SSL_CERT_DUP 221 @@ -1653,6 +1753,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 #define SSL_F_SSL_CLEAR 164 @@ -1662,6 +1763,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 #define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 #define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 @@ -1685,6 +1787,8 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 #define SSL_F_SSL_PEEK 270 +#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 +#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 #define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 @@ -1767,6 +1871,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +#define SSL_R_CLIENTHELLO_TLSEXT 157 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 #define SSL_R_COMPRESSION_FAILURE 141 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 @@ -1794,6 +1899,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_STATUS_RESPONSE 316 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 #define SSL_R_INVALID_TRUST 279 #define SSL_R_KEY_ARG_TOO_LONG 284 #define SSL_R_KRB5 285 @@ -1837,6 +1944,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_CIPHERS_SPECIFIED 183 #define SSL_R_NO_CIPHER_LIST 184 #define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 317 #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 #define SSL_R_NO_COMPRESSION_SPECIFIED 187 #define SSL_R_NO_METHOD_SPECIFIED 188 @@ -1851,6 +1959,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 #define SSL_R_PACKET_LENGTH_TOO_LONG 198 +#define SSL_R_PARSE_TLSEXT 223 #define SSL_R_PATH_TOO_LONG 270 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 #define SSL_R_PEER_ERROR 200 @@ -1874,11 +1983,14 @@ void ERR_load_SSL_strings(void); #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +#define SSL_R_SERVERHELLO_TLSEXT 224 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 @@ -1913,6 +2025,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 @@ -1944,6 +2057,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_MESSAGE_TYPE 262 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index bacaff157e5be..4b1e2e9834775 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -481,6 +481,10 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) /* server */ /* extra state */ @@ -522,10 +526,15 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 #define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_NEWSESSION_TICKET 4 #define SSL3_MT_CERTIFICATE 11 #define SSL3_MT_SERVER_KEY_EXCHANGE 12 #define SSL3_MT_CERTIFICATE_REQUEST 13 @@ -533,6 +542,7 @@ typedef struct ssl3_state_st #define SSL3_MT_CERTIFICATE_VERIFY 15 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 3d93c5ab78cec..4717c0e6e1de4 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -83,13 +83,14 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_256_cbc()); #endif - -/* The Camellia algorithm is registered in the management table of EVP. */ #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); EVP_add_cipher(EVP_camellia_256_cbc()); #endif +#ifndef OPENSSL_NO_SEED + EVP_add_cipher(EVP_seed_cbc()); +#endif #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d129acc329110..0f9a3489dd022 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -78,6 +78,11 @@ typedef struct ssl_session_asn1_st ASN1_INTEGER time; ASN1_INTEGER timeout; ASN1_INTEGER verify_result; +#ifndef OPENSSL_NO_TLSEXT + ASN1_OCTET_STRING tlsext_hostname; + ASN1_INTEGER tlsext_tick_lifetime; + ASN1_OCTET_STRING tlsext_tick; +#endif /* OPENSSL_NO_TLSEXT */ } SSL_SESSION_ASN1; int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) @@ -86,6 +91,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) int v1=0,v2=0,v3=0,v4=0,v5=0; unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; +#ifndef OPENSSL_NO_TLSEXT + int v6=0,v9=0,v10=0; + unsigned char ibuf6[LSIZE2]; +#endif long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -178,7 +187,33 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_INTEGER_set(&a.verify_result,in->verify_result); } - +#ifndef OPENSSL_NO_TLSEXT + if (in->tlsext_hostname) + { + a.tlsext_hostname.length=strlen(in->tlsext_hostname); + a.tlsext_hostname.type=V_ASN1_OCTET_STRING; + a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; + } + if (in->tlsext_tick) + { + a.tlsext_tick.length= in->tlsext_ticklen; + a.tlsext_tick.type=V_ASN1_OCTET_STRING; + a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; + /* If we have a ticket set session ID to empty because + * it will be bogus. If liftime hint is -1 treat as a special + * case because the session is being used as a container + */ + if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) + a.session_id.length=0; + } + if (in->tlsext_tick_lifetime_hint > 0) + { + a.tlsext_tick_lifetime.length=LSIZE2; + a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; + a.tlsext_tick_lifetime.data=ibuf6; + ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); + } +#endif /* OPENSSL_NO_TLSEXT */ M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); @@ -200,6 +235,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) if (in->verify_result != X509_V_OK) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); +#ifndef OPENSSL_NO_TLSEXT + if (in->tlsext_tick_lifetime_hint > 0) + M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + if (in->tlsext_tick) + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); + if (in->tlsext_hostname) + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); +#endif /* OPENSSL_NO_TLSEXT */ M_ASN1_I2D_seq_total(); M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); @@ -223,6 +266,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) v4); if (in->verify_result != X509_V_OK) M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); +#ifndef OPENSSL_NO_TLSEXT + if (in->tlsext_hostname) + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); + if (in->tlsext_tick_lifetime_hint > 0) + M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + if (in->tlsext_tick) + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); +#endif /* OPENSSL_NO_TLSEXT */ M_ASN1_I2D_finish(); } @@ -302,7 +353,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) + if (os.length > SSL_MAX_MASTER_KEY_LENGTH) ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; else ret->master_key_length=os.length; @@ -394,5 +445,56 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, else ret->verify_result=X509_V_OK; +#ifndef OPENSSL_NO_TLSEXT + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); + if (os.data) + { + ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); + OPENSSL_free(os.data); + os.data = NULL; + os.length = 0; + } + else + ret->tlsext_hostname=NULL; + ai.length=0; + M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); + if (ai.data != NULL) + { + ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; + } + else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; + else + ret->tlsext_tick_lifetime_hint = 0; + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); + if (os.data) + { + ret->tlsext_tick = os.data; + ret->tlsext_ticklen = os.length; + os.data = NULL; + os.length = 0; +#if 0 + /* There are two ways to detect a resumed ticket sesion. + * One is to set a random session ID and then the server + * must return a match in ServerHello. This allows the normal + * client session ID matching to work. + */ + if (ret->session_id_length == 0) + { + ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH; + RAND_pseudo_bytes(ret->session_id, + ret->session_id_length); + } +#endif + } + else + ret->tlsext_tick=NULL; +#endif /* OPENSSL_NO_TLSEXT */ + M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index fb080093e550d..a32b2d4446452 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -762,7 +762,7 @@ err: if(x != NULL) X509_free(x); - sk_X509_NAME_set_cmp_func(stack,oldcmp); + (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); return ret; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 9bb770da27297..1a400121a1875 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -127,11 +127,10 @@ #define SSL_ENC_NULL_IDX 6 #define SSL_ENC_AES128_IDX 7 #define SSL_ENC_AES256_IDX 8 -#define SSL_ENC_NUM_IDX 9 #define SSL_ENC_CAMELLIA128_IDX 9 #define SSL_ENC_CAMELLIA256_IDX 10 -#undef SSL_ENC_NUM_IDX -#define SSL_ENC_NUM_IDX 11 +#define SSL_ENC_SEED_IDX 11 +#define SSL_ENC_NUM_IDX 12 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ @@ -196,10 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={ #ifndef OPENSSL_NO_IDEA {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, #endif + {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, - {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, @@ -222,6 +222,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, }; void ssl_load_ciphers(void) @@ -248,6 +249,8 @@ void ssl_load_ciphers(void) EVP_get_cipherbyname(SN_camellia_128_cbc); ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= EVP_get_cipherbyname(SN_camellia_256_cbc); + ssl_cipher_methods[SSL_ENC_SEED_IDX]= + EVP_get_cipherbyname(SN_seed_cbc); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -374,6 +377,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, default: i=-1; break; } break; + case SSL_SEED: + i=SSL_ENC_SEED_IDX; + break; default: i= -1; @@ -439,7 +445,7 @@ struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, unsigned long m256; /* applies to 256-bit algorithms only */ }; -struct disabled_masks ssl_cipher_get_disabled(void) +static struct disabled_masks ssl_cipher_get_disabled(void) { unsigned long mask; unsigned long m256; @@ -471,6 +477,7 @@ struct disabled_masks ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; + mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -509,7 +516,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, c = ssl_method->get_cipher(i); #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) /* drop those that use any of that is not available */ +#ifdef OPENSSL_FIPS + if ((c != NULL) && c->valid && !IS_MASKED(c) + && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) +#else if ((c != NULL) && c->valid && !IS_MASKED(c)) +#endif { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; @@ -1048,7 +1060,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ for (curr = head; curr != NULL; curr = curr->next) { +#ifdef OPENSSL_FIPS + if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) +#else if (curr->active) +#endif { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG @@ -1070,7 +1086,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); *cipher_list_by_id = tmp_cipher_list; - sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); + (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); return(cipherstack); } @@ -1200,7 +1216,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) default: enc="Camellia(?""?""?)"; break; } break; - + case SSL_SEED: + enc="SEED(128)"; + break; + default: enc="unknown"; break; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 0ca4937aaa96a..24a994fe01bfa 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -138,9 +138,11 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, +{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, +{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, @@ -148,10 +150,12 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, +{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, +{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, @@ -167,8 +171,10 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, +{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, +{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, @@ -176,6 +182,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, +{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, @@ -185,6 +192,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, +{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, @@ -208,6 +216,8 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, +{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, +{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, @@ -293,6 +303,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, +{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, @@ -320,6 +331,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, +{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, +{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, {ERR_REASON(SSL_R_KRB5) ,"krb5"}, @@ -363,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, +{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, @@ -377,6 +391,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, +{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, @@ -400,11 +415,14 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, +{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, +{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, +{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, @@ -439,6 +457,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, +{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, @@ -470,6 +489,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, +{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4e81922d75881..68eee77e6f01b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,9 +125,14 @@ #include #include #include +#include +#include #ifndef OPENSSL_NO_DH #include #endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -306,7 +311,19 @@ SSL *SSL_new(SSL_CTX *ctx) CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; - +#ifndef OPENSSL_NO_TLSEXT + s->tlsext_debug_cb = 0; + s->tlsext_debug_arg = NULL; + s->tlsext_ticket_expected = 0; + s->tlsext_status_type = -1; + s->tlsext_status_expected = 0; + s->tlsext_ocsp_ids = NULL; + s->tlsext_ocsp_exts = NULL; + s->tlsext_ocsp_resp = NULL; + s->tlsext_ocsp_resplen = -1; + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + s->initial_ctx=ctx; +#endif s->verify_result=X509_V_OK; s->method=ctx->method; @@ -492,7 +509,16 @@ void SSL_free(SSL *s) /* Free up if allocated */ if (s->ctx) SSL_CTX_free(s->ctx); - +#ifndef OPENSSL_NO_TLSEXT + if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); + if (s->tlsext_ocsp_exts) + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + X509_EXTENSION_free); + if (s->tlsext_ocsp_ids) + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + if (s->tlsext_ocsp_resp) + OPENSSL_free(s->tlsext_ocsp_resp); +#endif if (s->client_CA != NULL) sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); @@ -1201,7 +1227,6 @@ int SSL_set_cipher_list(SSL *s,const char *str) char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; - const char *cp; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int i; @@ -1214,20 +1239,21 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) sk=s->session->ciphers; for (i=0; iname; *cp; ) + n=strlen(c->name); + if (n+1 > len) { - if (len-- <= 0) - { - *p='\0'; - return(buf); - } - else - *(p++)= *(cp++); + if (p != buf) + --p; + *p='\0'; + return buf; } + strcpy(p,c->name); + p+=n; *(p++)=':'; + len-=n+1; } p[-1]='\0'; return(buf); @@ -1304,6 +1330,29 @@ err: return(NULL); } +#ifndef OPENSSL_NO_TLSEXT +/** return a servername extension value if provided in Client Hello, or NULL. + * So far, only host_name types are defined (RFC 3546). + */ + +const char *SSL_get_servername(const SSL *s, const int type) + { + if (type != TLSEXT_NAMETYPE_host_name) + return NULL; + + return s->session && !s->tlsext_hostname ? + s->session->tlsext_hostname : + s->tlsext_hostname; + } + +int SSL_get_servername_type(const SSL *s) + { + if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) + return TLSEXT_NAMETYPE_host_name; + return -1; + } +#endif + unsigned long SSL_SESSION_hash(const SSL_SESSION *a) { unsigned long l; @@ -1347,6 +1396,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) return(NULL); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (meth->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return NULL; + } +#endif + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); @@ -1453,6 +1510,41 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ret->extra_certs=NULL; ret->comp_methods=SSL_COMP_get_compression_methods(); +#ifndef OPENSSL_NO_TLSEXT + ret->tlsext_servername_callback = 0; + ret->tlsext_servername_arg = NULL; + /* Setup RFC4507 ticket keys */ + if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; + + ret->tlsext_status_cb = 0; + ret->tlsext_status_arg = NULL; + +#endif + +#ifndef OPENSSL_NO_ENGINE + ret->client_cert_engine = NULL; +#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO +#define eng_strx(x) #x +#define eng_str(x) eng_strx(x) + /* Use specific client engine automatically... ignore errors */ + { + ENGINE *eng; + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + if (!eng) + { + ERR_clear_error(); + ENGINE_load_builtin_engines(); + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + } + if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) + ERR_clear_error(); + } +#endif +#endif + return(ret); err: SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); @@ -1522,6 +1614,10 @@ void SSL_CTX_free(SSL_CTX *a) sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); #else a->comp_methods = NULL; +#endif +#ifndef OPENSSL_NO_ENGINE + if (a->client_cert_engine) + ENGINE_finish(a->client_cert_engine); #endif OPENSSL_free(a); } @@ -2402,6 +2498,24 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) return(ssl->ctx); } +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) + { + if (ssl->ctx == ctx) + return ssl->ctx; +#ifndef OPENSSL_NO_TLSEXT + if (ctx == NULL) + ctx = ssl->initial_ctx; +#endif + if (ssl->cert != NULL) + ssl_cert_free(ssl->cert); + ssl->cert = ssl_cert_dup(ctx->cert); + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + if (ssl->ctx != NULL) + SSL_CTX_free(ssl->ctx); /* decrement reference count */ + ssl->ctx = ctx; + return(ssl->ctx); + } + #ifndef OPENSSL_NO_STDIO int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 786d9886b43b1..735db39713291 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -278,7 +278,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x0C3F8000L +#define SSL_ENC_MASK 0x1C3F8000L #define SSL_DES 0x00008000L #define SSL_3DES 0x00010000L #define SSL_RC4 0x00020000L @@ -288,6 +288,7 @@ #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L #define SSL_CAMELLIA 0x08000000L +#define SSL_SEED 0x10000000L #define SSL_MAC_MASK 0x00c00000L #define SSL_MD5 0x00400000L @@ -299,7 +300,7 @@ #define SSL_SSLV3 0x02000000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 0fffffff - 4 bits left to go. */ +/* we have used 1fffffff - 3 bits left to go. */ /* * Export and cipher strength information. For each cipher we have to decide @@ -329,8 +330,9 @@ #define SSL_LOW 0x00000020L #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L +#define SSL_FIPS 0x00000100L -/* we have used 000000ff - 24 bits left to go */ +/* we have used 000001ff - 23 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. @@ -694,7 +696,7 @@ SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ - ssl3_get_cipher, \ + dtls1_get_cipher, \ s_get_meth, \ dtls1_default_timeout, \ &DTLSv1_enc_data, \ @@ -715,7 +717,7 @@ SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); -int ssl_get_prev_session(SSL *s, unsigned char *session,int len); +int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); @@ -775,6 +777,8 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); +int ssl3_send_newsession_ticket(SSL *s); +int ssl3_send_cert_status(SSL *s); int ssl3_get_finished(SSL *s,int state_a,int state_b); int ssl3_setup_key_block(SSL *s); int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); @@ -859,14 +863,19 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); +SSL_CIPHER *dtls1_get_cipher(unsigned int u); + /* some client-only functions */ int ssl3_client_hello(SSL *s); int ssl3_get_server_hello(SSL *s); int ssl3_get_certificate_request(SSL *s); +int ssl3_get_new_session_ticket(SSL *s); +int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); int ssl3_send_client_certificate(SSL *s); int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); @@ -946,5 +955,24 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); +#ifndef OPENSSL_NO_TLSEXT +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); +unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_prepare_clienthello_tlsext(SSL *s); +int ssl_prepare_serverhello_tlsext(SSL *s); +int ssl_check_clienthello_tlsext(SSL *s); +int ssl_check_serverhello_tlsext(SSL *s); +#ifdef OPENSSL_NO_SHA256 +#define tlsext_tick_md EVP_sha1 +#else +#define tlsext_tick_md EVP_sha256 +#endif +int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit, SSL_SESSION **ret); +EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; +void ssl_clear_hash_ctx(EVP_MD_CTX **hash); +#endif #endif diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index fc42dfa1ec664..27113eba5088c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -708,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) int ret=0; X509 *x=NULL; + ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index f80eee6e37290..8391d62212ad2 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -59,6 +59,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); @@ -122,6 +125,9 @@ SSL_SESSION *SSL_SESSION_new(void) ss->prev=NULL; ss->next=NULL; ss->compress_meth=0; +#ifndef OPENSSL_NO_TLSEXT + ss->tlsext_hostname = NULL; +#endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); return(ss); } @@ -216,6 +222,14 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return(0); } +#ifndef OPENSSL_NO_TLSEXT + /* If RFC4507 ticket use empty session ID */ + if (s->tlsext_ticket_expected) + { + ss->session_id_length = 0; + goto sess_id_done; + } +#endif /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if(s->generate_session_id) @@ -257,6 +271,17 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return(0); } +#ifndef OPENSSL_NO_TLSEXT + sess_id_done: + if (s->tlsext_hostname) { + ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); + if (ss->tlsext_hostname == NULL) { + SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSL_SESSION_free(ss); + return 0; + } + } +#endif } else { @@ -278,21 +303,41 @@ int ssl_get_new_session(SSL *s, int session) return(1); } -int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) +int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit) { /* This is used only by servers. */ - SSL_SESSION *ret=NULL,data; + SSL_SESSION *ret=NULL; int fatal = 0; - - data.ssl_version=s->version; - data.session_id_length=len; +#ifndef OPENSSL_NO_TLSEXT + int r; +#endif + if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; - memcpy(data.session_id,session_id,len); - +#ifndef OPENSSL_NO_TLSEXT + r = tls1_process_ticket(s, session_id, len, limit, &ret); + if (r == -1) + { + fatal = 1; + goto err; + } + else if (r == 0 || (!ret && !len)) + goto err; + else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) +#else + if (len == 0) + goto err; if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) +#endif { + SSL_SESSION data; + data.ssl_version=s->version; + data.session_id_length=len; + if (len == 0) + return 0; + memcpy(data.session_id,session_id,len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); if (ret != NULL) @@ -334,33 +379,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) /* Now ret is non-NULL, and we own one of its reference counts. */ - if((s->verify_mode&SSL_VERIFY_PEER) - && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) - { + if (ret->sid_ctx_length != s->sid_ctx_length + || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) + { /* We've found the session named by the client, but we don't * want to use it in this context. */ - - if (s->sid_ctx_length == 0) - { - /* application should have used SSL[_CTX]_set_session_id_context - * -- we could tolerate this and just pretend we never heard - * of this session, but then applications could effectively - * disable the session cache by accident without anyone noticing */ - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); - fatal = 1; - goto err; - } - else - { #if 0 /* The client cannot always know when a session is not appropriate, - * so we shouldn't generate an error message. */ + * so we shouldn't generate an error message. */ - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); #endif - goto err; /* treat like cache miss */ - } + goto err; /* treat like cache miss */ + } + + if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) + { + /* We can't be sure if this session is being used out of + * context, which is especially important for SSL_VERIFY_PEER. + * The application should have used SSL[_CTX]_set_session_id_context. + * + * For this error case, we generate an error instead of treating + * the event like a cache miss (otherwise it would be easy for + * applications to effectively disable the session cache by + * accident without anyone noticing). + */ + + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + fatal = 1; + goto err; } if (ret->cipher == NULL) @@ -546,6 +593,10 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); +#ifndef OPENSSL_NO_TLSEXT + if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); + if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); +#endif OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } @@ -822,6 +873,25 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK return ctx->client_cert_cb; } +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) + { + if (!ENGINE_init(e)) + { + SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); + return 0; + } + if(!ENGINE_get_ssl_client_cert_function(e)) + { + SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); + ENGINE_finish(e); + return 0; + } + ctx->client_cert_engine = e; + return 1; + } +#endif + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) { diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index b16d25308105f..73b02509d448b 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; +case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; +case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; @@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; +case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; +case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 4eb0867155e16..06b86750fdb55 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -151,6 +151,21 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; } #endif /* OPENSSL_NO_KRB5 */ +#ifndef OPENSSL_NO_TLSEXT + if (x->tlsext_tick_lifetime_hint) + { + if (BIO_printf(bp, + "\n TLS session ticket lifetime hint: %ld (seconds)", + x->tlsext_tick_lifetime_hint) <=0) + goto err; + } + if (x->tlsext_tick) + { + if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; + if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) + goto err; + } +#endif #ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 517657c0240d0..82086d1718e0d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -229,6 +229,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr,"-F - run test in FIPS mode\n"); +#endif fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); @@ -410,7 +413,7 @@ int main(int argc, char *argv[]) long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe1024 = 1, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -425,6 +428,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; +#ifdef OPENSSL_FIPS + int fips_mode=0; +#endif verbose = 0; debug = 0; @@ -456,7 +462,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { - if (strcmp(*argv,"-server_auth") == 0) + if(!strcmp(*argv,"-F")) + { +#ifdef OPENSSL_FIPS + fips_mode=1; +#else + fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); + EXIT(0); +#endif + } + else if (strcmp(*argv,"-server_auth") == 0) server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; @@ -638,6 +653,20 @@ bad: EXIT(1); } +#ifdef OPENSSL_FIPS + if(fips_mode) + { + if(!FIPS_mode_set(1)) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + else + fprintf(stderr,"*** IN FIPS MODE ***\n"); + } +#endif + if (print_time) { if (!bio_pair) @@ -2059,15 +2088,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) } #ifndef OPENSSL_NO_X509_VERIFY -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(1); -# endif ok = X509_verify_cert(ctx); -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(0); -# endif #endif if (cb_arg->proxy_auth) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 68448b98caca2..3c4dec76d753f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -131,6 +131,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len); @@ -738,15 +740,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) md_size=EVP_MD_size(hash); buf[0]=rec->type; - buf[1]=TLS1_VERSION_MAJOR; - buf[2]=TLS1_VERSION_MINOR; + if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) + { + buf[1]=TLS1_VERSION_MAJOR; + buf[2]=TLS1_VERSION_MINOR; + } + else { + buf[1]=(unsigned char)(ssl->version>>8); + buf[2]=(unsigned char)(ssl->version); + } + buf[3]=rec->length>>8; buf[4]=rec->length&0xff; /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); - HMAC_Update(&hmac,seq,8); + + if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) + { + unsigned char dtlsseq[8],*p=dtlsseq; + + s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); + memcpy (p,&seq[2],6); + + HMAC_Update(&hmac,dtlsseq,8); + } + else + HMAC_Update(&hmac,seq,8); + HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&md_size); @@ -763,8 +785,8 @@ printf("rec="); {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } #endif - if ( SSL_version(ssl) != DTLS1_VERSION) - { + if ( SSL_version(ssl) != DTLS1_VERSION) + { for (i=7; i>=0; i--) { ++seq[i]; @@ -832,8 +854,10 @@ int tls1_alert_code(int code) case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); +#endif default: return(-1); } } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1ecbbcb8fb1fb..9ce726996d9dd 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -58,10 +58,19 @@ #include #include +#include +#include +#include #include "ssl_locl.h" const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; +#ifndef OPENSSL_NO_TLSEXT +static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, + const unsigned char *sess_id, int sesslen, + SSL_SESSION **psess); +#endif + SSL3_ENC_METHOD TLSv1_enc_data={ tls1_enc, tls1_mac, @@ -117,3 +126,753 @@ long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) return(0); } #endif + +#ifndef OPENSSL_NO_TLSEXT +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) + { + int extdatalen=0; + unsigned char *ret = p; + + ret+=2; + + if (ret>=limit) return NULL; /* this really never occurs, but ... */ + + if (s->tlsext_hostname != NULL) + { + /* Add TLS extension servername to the Client Hello message */ + unsigned long size_str; + long lenmax; + + /* check for enough space. + 4 for the servername type and entension length + 2 for servernamelist length + 1 for the hostname type + 2 for hostname length + + hostname length + */ + + if ((lenmax = limit - ret - 9) < 0 + || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) + return NULL; + + /* extension type and length */ + s2n(TLSEXT_TYPE_server_name,ret); + s2n(size_str+5,ret); + + /* length of servername list */ + s2n(size_str+3,ret); + + /* hostname type, length and hostname */ + *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; + s2n(size_str,ret); + memcpy(ret, s->tlsext_hostname, size_str); + ret+=size_str; + + } + + if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) + { + int ticklen; + if (s->session && s->session->tlsext_tick) + ticklen = s->session->tlsext_ticklen; + else + ticklen = 0; + /* Check for enough room 2 for extension type, 2 for len + * rest for ticket + */ + if (limit - ret - 4 - ticklen < 0) + return NULL; + s2n(TLSEXT_TYPE_session_ticket,ret); + s2n(ticklen,ret); + if (ticklen) + { + memcpy(ret, s->session->tlsext_tick, ticklen); + ret += ticklen; + } + } + + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) + { + int i; + long extlen, idlen, itmp; + OCSP_RESPID *id; + + idlen = 0; + for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) + { + id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + itmp = i2d_OCSP_RESPID(id, NULL); + if (itmp <= 0) + return NULL; + idlen += itmp + 2; + } + + if (s->tlsext_ocsp_exts) + { + extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); + if (extlen < 0) + return NULL; + } + else + extlen = 0; + + if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; + s2n(TLSEXT_TYPE_status_request, ret); + if (extlen + idlen > 0xFFF0) + return NULL; + s2n(extlen + idlen + 5, ret); + *(ret++) = TLSEXT_STATUSTYPE_ocsp; + s2n(idlen, ret); + for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) + { + /* save position of id len */ + unsigned char *q = ret; + id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + /* skip over id len */ + ret += 2; + itmp = i2d_OCSP_RESPID(id, &ret); + /* write id len */ + s2n(itmp, q); + } + s2n(extlen, ret); + if (extlen > 0) + i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); + } + + if ((extdatalen = ret-p-2)== 0) + return p; + + s2n(extdatalen,p); + return ret; + } + +unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) + { + int extdatalen=0; + unsigned char *ret = p; + + ret+=2; + if (ret>=limit) return NULL; /* this really never occurs, but ... */ + + if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) + { + if (limit - ret - 4 < 0) return NULL; + + s2n(TLSEXT_TYPE_server_name,ret); + s2n(0,ret); + } + + if (s->tlsext_ticket_expected + && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) + { + if (limit - ret - 4 < 0) return NULL; + s2n(TLSEXT_TYPE_session_ticket,ret); + s2n(0,ret); + } + + if (s->tlsext_status_expected) + { + if ((long)(limit - ret - 4) < 0) return NULL; + s2n(TLSEXT_TYPE_status_request,ret); + s2n(0,ret); + } + + if ((extdatalen = ret-p-2)== 0) + return p; + + s2n(extdatalen,p); + return ret; + } + +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) + { + unsigned short type; + unsigned short size; + unsigned short len; + unsigned char *data = *p; + s->servername_done = 0; + s->tlsext_status_type = -1; + + if (data >= (d+n-2)) + return 1; + n2s(data,len); + + if (data > (d+n-len)) + return 1; + + while (data <= (d+n-4)) + { + n2s(data,type); + n2s(data,size); + + if (data+size > (d+n)) + return 1; + + if (s->tlsext_debug_cb) + s->tlsext_debug_cb(s, 0, type, data, size, + s->tlsext_debug_arg); +/* The servername extension is treated as follows: + + - Only the hostname type is supported with a maximum length of 255. + - The servername is rejected if too long or if it contains zeros, + in which case an fatal alert is generated. + - The servername field is maintained together with the session cache. + - When a session is resumed, the servername call back invoked in order + to allow the application to position itself to the right context. + - The servername is acknowledged if it is new for a session or when + it is identical to a previously used for the same session. + Applications can control the behaviour. They can at any time + set a 'desirable' servername for a new SSL object. This can be the + case for example with HTTPS when a Host: header field is received and + a renegotiation is requested. In this case, a possible servername + presented in the new client hello is only acknowledged if it matches + the value of the Host: field. + - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + if they provide for changing an explicit servername context for the session, + i.e. when the session has been established with a servername extension. + - On session reconnect, the servername extension may be absent. + +*/ + + if (type == TLSEXT_TYPE_server_name) + { + unsigned char *sdata; + int servname_type; + int dsize; + + if (size < 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + n2s(data,dsize); + size -= 2; + if (dsize > size ) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + sdata = data; + while (dsize > 3) + { + servname_type = *(sdata++); + n2s(sdata,len); + dsize -= 3; + + if (len > dsize) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (s->servername_done == 0) + switch (servname_type) + { + case TLSEXT_NAMETYPE_host_name: + if (s->session->tlsext_hostname == NULL) + { + if (len > TLSEXT_MAXLEN_host_name || + ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + { + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } + memcpy(s->session->tlsext_hostname, sdata, len); + s->session->tlsext_hostname[len]='\0'; + if (strlen(s->session->tlsext_hostname) != len) { + OPENSSL_free(s->session->tlsext_hostname); + s->session->tlsext_hostname = NULL; + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } + s->servername_done = 1; + + } + else + s->servername_done = strlen(s->session->tlsext_hostname) == len + && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; + + break; + + default: + break; + } + + dsize -= len; + } + if (dsize != 0) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + } + else if (type == TLSEXT_TYPE_status_request + && s->ctx->tlsext_status_cb) + { + + if (size < 5) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + s->tlsext_status_type = *data++; + size--; + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) + { + const unsigned char *sdata; + int dsize; + /* Read in responder_id_list */ + n2s(data,dsize); + size -= 2; + if (dsize > size ) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + while (dsize > 0) + { + OCSP_RESPID *id; + int idsize; + if (dsize < 4) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + n2s(data, idsize); + dsize -= 2 + idsize; + if (dsize < 0) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + sdata = data; + data += idsize; + id = d2i_OCSP_RESPID(NULL, + &sdata, idsize); + if (!id) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (data != sdata) + { + OCSP_RESPID_free(id); + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (!s->tlsext_ocsp_ids + && !(s->tlsext_ocsp_ids = + sk_OCSP_RESPID_new_null())) + { + OCSP_RESPID_free(id); + *al = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!sk_OCSP_RESPID_push( + s->tlsext_ocsp_ids, id)) + { + OCSP_RESPID_free(id); + *al = SSL_AD_INTERNAL_ERROR; + return 0; + } + } + + /* Read in request_extensions */ + n2s(data,dsize); + size -= 2; + if (dsize > size) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + sdata = data; + if (dsize > 0) + { + s->tlsext_ocsp_exts = + d2i_X509_EXTENSIONS(NULL, + &sdata, dsize); + if (!s->tlsext_ocsp_exts + || (data + dsize != sdata)) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } + } + /* We don't know what to do with any other type + * so ignore it. + */ + else + s->tlsext_status_type = -1; + } + /* session ticket processed earlier */ + + data+=size; + } + + *p = data; + return 1; + } + +int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) + { + unsigned short type; + unsigned short size; + unsigned short len; + unsigned char *data = *p; + + int tlsext_servername = 0; + + if (data >= (d+n-2)) + return 1; + + n2s(data,len); + + while(data <= (d+n-4)) + { + n2s(data,type); + n2s(data,size); + + if (data+size > (d+n)) + return 1; + + if (s->tlsext_debug_cb) + s->tlsext_debug_cb(s, 1, type, data, size, + s->tlsext_debug_arg); + + if (type == TLSEXT_TYPE_server_name) + { + if (s->tlsext_hostname == NULL || size > 0) + { + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } + tlsext_servername = 1; + } + else if (type == TLSEXT_TYPE_session_ticket) + { + if ((SSL_get_options(s) & SSL_OP_NO_TICKET) + || (size > 0)) + { + *al = TLS1_AD_UNSUPPORTED_EXTENSION; + return 0; + } + s->tlsext_ticket_expected = 1; + } + else if (type == TLSEXT_TYPE_status_request) + { + /* MUST be empty and only sent if we've requested + * a status request message. + */ + if ((s->tlsext_status_type == -1) || (size > 0)) + { + *al = TLS1_AD_UNSUPPORTED_EXTENSION; + return 0; + } + /* Set flag to expect CertificateStatus message */ + s->tlsext_status_expected = 1; + } + + data+=size; + } + + if (data != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + if (!s->hit && tlsext_servername == 1) + { + if (s->tlsext_hostname) + { + if (s->session->tlsext_hostname == NULL) + { + s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); + if (!s->session->tlsext_hostname) + { + *al = SSL_AD_UNRECOGNIZED_NAME; + return 0; + } + } + else + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } + } + + *p = data; + return 1; + } + +int ssl_check_clienthello_tlsext(SSL *s) + { + int ret=SSL_TLSEXT_ERR_NOACK; + int al = SSL_AD_UNRECOGNIZED_NAME; + + if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) + ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); + else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) + ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); + + /* If status request then ask callback what to do. + * Note: this must be called after servername callbacks in case + * the certificate has changed. + */ + if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) + { + int r; + r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + switch (r) + { + /* We don't want to send a status request response */ + case SSL_TLSEXT_ERR_NOACK: + s->tlsext_status_expected = 0; + break; + /* status request response should be sent */ + case SSL_TLSEXT_ERR_OK: + if (s->tlsext_ocsp_resp) + s->tlsext_status_expected = 1; + else + s->tlsext_status_expected = 0; + break; + /* something bad happened */ + case SSL_TLSEXT_ERR_ALERT_FATAL: + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + al = SSL_AD_INTERNAL_ERROR; + goto err; + } + } + else + s->tlsext_status_expected = 0; + err: + switch (ret) + { + case SSL_TLSEXT_ERR_ALERT_FATAL: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return -1; + + case SSL_TLSEXT_ERR_ALERT_WARNING: + ssl3_send_alert(s,SSL3_AL_WARNING,al); + return 1; + + case SSL_TLSEXT_ERR_NOACK: + s->servername_done=0; + default: + return 1; + } + } + +int ssl_check_serverhello_tlsext(SSL *s) + { + int ret=SSL_TLSEXT_ERR_NOACK; + int al = SSL_AD_UNRECOGNIZED_NAME; + + if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) + ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); + else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) + ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); + + /* If we've requested certificate status and we wont get one + * tell the callback + */ + if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) + && s->ctx->tlsext_status_cb) + { + int r; + /* Set resp to NULL, resplen to -1 so callback knows + * there is no response. + */ + if (s->tlsext_ocsp_resp) + { + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = NULL; + } + s->tlsext_ocsp_resplen = -1; + r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (r == 0) + { + al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + } + if (r < 0) + { + al = SSL_AD_INTERNAL_ERROR; + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + } + } + + switch (ret) + { + case SSL_TLSEXT_ERR_ALERT_FATAL: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return -1; + + case SSL_TLSEXT_ERR_ALERT_WARNING: + ssl3_send_alert(s,SSL3_AL_WARNING,al); + return 1; + + case SSL_TLSEXT_ERR_NOACK: + s->servername_done=0; + default: + return 1; + } + } + +/* Since the server cache lookup is done early on in the processing of client + * hello and other operations depend on the result we need to handle any TLS + * session ticket extension at the same time. + */ + +int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit, SSL_SESSION **ret) + { + /* Point after session ID in client hello */ + const unsigned char *p = session_id + len; + unsigned short i; + + /* If tickets disabled behave as if no ticket present + * to permit stateful resumption. + */ + if (SSL_get_options(s) & SSL_OP_NO_TICKET) + return 1; + + if ((s->version <= SSL3_VERSION) || !limit) + return 1; + if (p >= limit) + return -1; + /* Skip past cipher list */ + n2s(p, i); + p+= i; + if (p >= limit) + return -1; + /* Skip past compression algorithm list */ + i = *(p++); + p += i; + if (p > limit) + return -1; + /* Now at start of extensions */ + if ((p + 2) >= limit) + return 1; + n2s(p, i); + while ((p + 4) <= limit) + { + unsigned short type, size; + n2s(p, type); + n2s(p, size); + if (p + size > limit) + return 1; + if (type == TLSEXT_TYPE_session_ticket) + { + /* If zero length note client will accept a ticket + * and indicate cache miss to trigger full handshake + */ + if (size == 0) + { + s->tlsext_ticket_expected = 1; + return 0; /* Cache miss */ + } + return tls_decrypt_ticket(s, p, size, session_id, len, + ret); + } + p += size; + } + return 1; + } + +static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, + const unsigned char *sess_id, int sesslen, + SSL_SESSION **psess) + { + SSL_SESSION *sess; + unsigned char *sdec; + const unsigned char *p; + int slen, mlen, renew_ticket = 0; + unsigned char tick_hmac[EVP_MAX_MD_SIZE]; + HMAC_CTX hctx; + EVP_CIPHER_CTX ctx; + /* Need at least keyname + iv + some encrypted data */ + if (eticklen < 48) + goto tickerr; + /* Initialize session ticket encryption and HMAC contexts */ + HMAC_CTX_init(&hctx); + EVP_CIPHER_CTX_init(&ctx); + if (s->ctx->tlsext_ticket_key_cb) + { + unsigned char *nctick = (unsigned char *)etick; + int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, + &ctx, &hctx, 0); + if (rv < 0) + return -1; + if (rv == 0) + goto tickerr; + if (rv == 2) + renew_ticket = 1; + } + else + { + /* Check key name matches */ + if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) + goto tickerr; + HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + s->ctx->tlsext_tick_aes_key, etick + 16); + } + /* Attempt to process session ticket, first conduct sanity and + * integrity checks on ticket. + */ + mlen = HMAC_size(&hctx); + eticklen -= mlen; + /* Check HMAC of encrypted ticket */ + HMAC_Update(&hctx, etick, eticklen); + HMAC_Final(&hctx, tick_hmac, NULL); + HMAC_CTX_cleanup(&hctx); + if (memcmp(tick_hmac, etick + eticklen, mlen)) + goto tickerr; + /* Attempt to decrypt session data */ + /* Move p after IV to start of encrypted ticket, update length */ + p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); + eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); + sdec = OPENSSL_malloc(eticklen); + if (!sdec) + { + EVP_CIPHER_CTX_cleanup(&ctx); + return -1; + } + EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); + if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) + goto tickerr; + slen += mlen; + EVP_CIPHER_CTX_cleanup(&ctx); + p = sdec; + + sess = d2i_SSL_SESSION(NULL, &p, slen); + OPENSSL_free(sdec); + if (sess) + { + /* The session ID if non-empty is used by some clients to + * detect that the ticket has been accepted. So we copy it to + * the session structure. If it is empty set length to zero + * as required by standard. + */ + if (sesslen) + memcpy(sess->session_id, sess_id, sesslen); + sess->session_id_length = sesslen; + *psess = sess; + s->tlsext_ticket_expected = renew_ticket; + return 1; + } + /* If session decrypt failure indicate a cache miss and set state to + * send a new ticket + */ + tickerr: + s->tlsext_ticket_expected = 1; + return 0; + } + +#endif diff --git a/ssl/tls1.h b/ssl/tls1.h index e5f9aa1ef6ff9..2d1d293e1a43c 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -96,6 +96,93 @@ extern "C" { #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 +/* codes 110-114 are from RFC3546 */ +#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +#define TLS1_AD_UNRECOGNIZED_NAME 112 +#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ + +/* ExtensionType values from RFC 3546 */ +#define TLSEXT_TYPE_server_name 0 +#define TLSEXT_TYPE_max_fragment_length 1 +#define TLSEXT_TYPE_client_certificate_url 2 +#define TLSEXT_TYPE_trusted_ca_keys 3 +#define TLSEXT_TYPE_truncated_hmac 4 +#define TLSEXT_TYPE_status_request 5 +#define TLSEXT_TYPE_elliptic_curves 10 +#define TLSEXT_TYPE_ec_point_formats 11 +#define TLSEXT_TYPE_session_ticket 35 + +/* NameType value from RFC 3546 */ +#define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC 3546 */ +#define TLSEXT_STATUSTYPE_ocsp 1 + +#ifndef OPENSSL_NO_TLSEXT + +#define TLSEXT_MAXLEN_host_name 255 + +const char *SSL_get_servername(const SSL *s, const int type) ; +int SSL_get_servername_type(const SSL *s) ; + +#define SSL_set_tlsext_host_name(s,name) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +#define SSL_set_tlsext_debug_callback(ssl, cb) \ +SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +#define SSL_set_tlsext_debug_arg(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +#define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +#define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_NOACK 3 + +#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) + +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +#endif /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see @@ -140,6 +227,14 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 +/* SEED ciphersuites from RFC4162 */ +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 @@ -232,7 +327,7 @@ extern "C" { #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" -/* Camellia ciphersuites form RFC4132 */ +/* Camellia ciphersuites from RFC4132 */ #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" @@ -247,6 +342,13 @@ extern "C" { #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" +/* SEED ciphersuites from RFC4162 */ +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 diff --git a/test/Makefile b/test/Makefile index 859088f3ef37f..3e58351cb9b88 100644 --- a/test/Makefile +++ b/test/Makefile @@ -185,7 +185,7 @@ test_rand: ../util/shlib_wrap.sh ./$(RANDTEST) test_enc: - @sh ./testenc + sh ./testenc test_x509: echo test normal x509v1 certificate @@ -195,7 +195,7 @@ test_x509: echo test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null -test_rsa: +test_rsa: $(RSATEST)$(EXE_EXT) @sh ./trsa 2>/dev/null ../util/shlib_wrap.sh ./$(RSATEST) @@ -313,11 +313,7 @@ $(DLIBCRYPTO): BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \ - else \ - LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ - fi; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -480,41 +476,58 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ecdsatest.o: ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c -enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h -enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c +enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h -enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -enginetest.o: ../include/openssl/symhacks.h enginetest.c +enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h +enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +enginetest.o: enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h -evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h +evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h evp_test.c +evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +evp_test.o: ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -611,17 +624,17 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h -ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssltest.o: ../include/openssl/x509v3.h ssltest.c +ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c diff --git a/test/cms-examples.pl b/test/cms-examples.pl new file mode 100755 index 0000000000000..2e95b48ba45fc --- /dev/null +++ b/test/cms-examples.pl @@ -0,0 +1,409 @@ +# test/cms-examples.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode, certsout" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while () { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/cms-test.pl b/test/cms-test.pl new file mode 100755 index 0000000000000..a84e089ddc4d3 --- /dev/null +++ b/test/cms-test.pl @@ -0,0 +1,453 @@ +# test/cms-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# CMS, PKCS7 consistency test script. Run extensive tests on +# OpenSSL PKCS#7 and CMS implementations. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; + +my $badcmd = 0; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +my @smime_pkcs7_tests = ( + + [ + "signed content DER format, RSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -certfile $smdir/smroot.pem" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, RSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, RSA", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content DER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, DSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed detached content DER format, add RSA signer", + "-resign -inform DER -in test.cms -outform DER" + . " -signer $smdir/smrsa1.pem -out test2.cms", + "-verify -in test2.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + "-sign -in smcont.txt -outform DER -noattr -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, key only used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + "-encrypt -in smcont.txt" + . " -aes256 -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + +); + +my @smime_cms_tests = ( + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + "-sign -in smcont.txt -outform DER -nodetach -keyid" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform PEM " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " -CAfile $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + ], + + [ + "data content test streaming PEM format", + "-data_create -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-data_out -in test.cms -inform PEM -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 40 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 0001020304" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 0001020304 -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, triple DES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit AES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + +); + +my @smime_cms_comp_tests = ( + + [ + "compressed content test streaming PEM format", + "-compress -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-uncompress -in test.cms -inform PEM -out smtst.txt" + ] + +); + +print "PKCS#7 <=> PKCS#7 consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd ); + +print "CMS => PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); + +print "CMS <= PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); + +print "CMS <=> CMS consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +if ( `$ossl_path version -f` =~ /ZLIB/ ) { + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); +} +else { + print "Zlib not supported: compression tests skipped\n"; +} + +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + +if ($badcmd) { + print "$badcmd TESTS FAILED!!\n"; +} +else { + print "ALL TESTS SUCCESSFUL.\n"; +} + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + +sub run_smime_tests { + my ( $rv, $aref, $scmd, $vcmd ) = @_; + + foreach $smtst (@$aref) { + my ( $tnam, $rscmd, $rvcmd ) = @$smtst; + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + system("$scmd$rscmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: generation error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + system("$vcmd$rvcmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + print "$tnam: OK\n"; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/evptests.txt b/test/evptests.txt index 193009f781d83..beb12144b6aea 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -310,3 +310,12 @@ CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 +# SEED test vectors from RFC4269 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 diff --git a/test/igetest.c b/test/igetest.c index d93428f42baa2..95452d096570e 100644 --- a/test/igetest.c +++ b/test/igetest.c @@ -218,6 +218,23 @@ static int run_test_vectors(void) hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); + ++errs; + } + + /* try with in == out */ + memcpy(iv, v->iv, sizeof iv); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed (with in == out)\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + ++errs; } } diff --git a/test/smcont.txt b/test/smcont.txt new file mode 100644 index 0000000000000..e837c0b75b645 --- /dev/null +++ b/test/smcont.txt @@ -0,0 +1 @@ +Some test content for OpenSSL CMS \ No newline at end of file diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem new file mode 100644 index 0000000000000..d5677dbfbec48 --- /dev/null +++ b/test/smime-certs/smdsa1.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd +YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 +C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx +9fMUZq1v0ePD4Wo0Xkxo +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN +CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M +7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG +h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU +4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO +kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 +phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n +hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem new file mode 100644 index 0000000000000..ef86c115d7f98 --- /dev/null +++ b/test/smime-certs/smdsa2.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v +It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ +VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 +Nf8SimTZYB0/CKje6M5ufA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA +g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm +6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs +j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE +FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab +rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB +FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF +FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l +6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 +jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem new file mode 100644 index 0000000000000..eeb848dabc50b --- /dev/null +++ b/test/smime-certs/smdsa3.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 +GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju +TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g +Y+XZd0Sv69CatDIRYWvaIA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj +M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz +aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ +pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU +VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m +k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu +rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 +OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsap.pem b/test/smime-certs/smdsap.pem new file mode 100644 index 0000000000000..249706c8c77e3 --- /dev/null +++ b/test/smime-certs/smdsap.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG +Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA +gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d +qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv +Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO +GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB +Qw5z +-----END DSA PARAMETERS----- diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem new file mode 100644 index 0000000000000..a59eb2684ca45 --- /dev/null +++ b/test/smime-certs/smroot.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki +9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ +speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB +AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY +JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 +xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ +U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS +Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO +1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 +3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a +3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN +U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 +0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU +ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF +9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk +81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O +BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX +dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS +l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp +r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem new file mode 100644 index 0000000000000..2cf3148e334bc --- /dev/null +++ b/test/smime-certs/smrsa1.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E +ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 +JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB +AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i +KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl +JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn +xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf +KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY +Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW +h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg +oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f +QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 +SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl +ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ +yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi +O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj +9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC +I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem new file mode 100644 index 0000000000000..d41f69c82f67f --- /dev/null +++ b/test/smime-certs/smrsa2.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe +59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT +WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB +AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 ++rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q +dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx +bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 +QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS +M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY +iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex +A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 +jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG +6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ +eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 +00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 +rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe +ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 +YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem new file mode 100644 index 0000000000000..c8cbe55151ef2 --- /dev/null +++ b/test/smime-certs/smrsa3.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy +ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM +h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB +AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi +iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT +/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p +ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC +hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs +OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj +RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T +9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 +GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd +VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z +Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H +Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD +VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE +tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq +jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ +PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== +-----END CERTIFICATE----- diff --git a/util/clean-depend.pl b/util/clean-depend.pl index 6c485d1e2fb12..2b2bdb4048805 100755 --- a/util/clean-depend.pl +++ b/util/clean-depend.pl @@ -37,8 +37,11 @@ foreach $file (sort keys %files) { $file=~s/^\.\///; push @{$files{$file}},$origfile; my $prevdep=""; - foreach $dep (sort @{$files{$file}}) { - $dep=~s/^\.\///; + + # Remove leading ./ before sorting + my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}}; + + foreach $dep (sort @deps) { next if $prevdep eq $dep; # to exterminate duplicates... $prevdep = $dep; $len=0 if $len+length($dep)+1 >= 80; diff --git a/util/libeay.num b/util/libeay.num index a8a0ff6b9d62e..62664f3c37457 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA +d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA d2i_PKCS7 736 EXIST::FUNCTION: d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: @@ -802,7 +802,7 @@ DES_set_odd_parity 809 EXIST::FUNCTION:DES DES_string_to_2keys 810 EXIST::FUNCTION:DES DES_string_to_key 811 EXIST::FUNCTION:DES DES_xcbc_encrypt 812 EXIST::FUNCTION:DES -DES_xwhite_in2out 813 EXIST::FUNCTION:DES +DES_xwhite_in2out 813 NOEXIST::FUNCTION: fcrypt_body 814 NOEXIST::FUNCTION: i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO @@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA +i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA i2d_PKCS7 839 EXIST::FUNCTION: i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: @@ -1814,9 +1814,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION: X509_REQ_get1_email 2403 EXIST::FUNCTION: X509_get1_email 2404 EXIST::FUNCTION: X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RSA +i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RSA +d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA DSO_bind_func 2409 EXIST::FUNCTION: CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: sk_new_null 2411 EXIST::FUNCTION: @@ -2089,7 +2089,7 @@ OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION: OCSP_cert_status_str 2647 EXIST::FUNCTION: d2i_OCSP_REQUEST 2648 EXIST::FUNCTION: UI_dup_info_string 2649 EXIST::FUNCTION: -_ossl_old_des_xwhite_in2out 2650 EXIST::FUNCTION:DES +_ossl_old_des_xwhite_in2out 2650 NOEXIST::FUNCTION: PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: @@ -2843,7 +2843,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: -HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION: +HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC private_SHA_Init 3289 NOEXIST::FUNCTION: private_CAST_set_key 3290 NOEXIST::FUNCTION: private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: @@ -3510,3 +3510,193 @@ BIO_get_callback_arg 3902 EXIST::FUNCTION: BIO_set_callback 3903 EXIST::FUNCTION: d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 +SEED_decrypt 3908 EXIST::FUNCTION:SEED +SEED_encrypt 3909 EXIST::FUNCTION:SEED +SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED +EVP_seed_ofb 3911 EXIST::FUNCTION:SEED +SEED_cfb128_encrypt 3912 EXIST::FUNCTION:SEED +SEED_ofb128_encrypt 3913 EXIST::FUNCTION:SEED +EVP_seed_cbc 3914 EXIST::FUNCTION:SEED +SEED_ecb_encrypt 3915 EXIST::FUNCTION:SEED +EVP_seed_ecb 3916 EXIST::FUNCTION:SEED +SEED_set_key 3917 EXIST::FUNCTION:SEED +EVP_seed_cfb128 3918 EXIST::FUNCTION:SEED +X509_EXTENSIONS_it 3919 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_EXTENSIONS_it 3919 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_get1_ocsp 3920 EXIST::FUNCTION: +OCSP_REQ_CTX_free 3921 EXIST::FUNCTION: +i2d_X509_EXTENSIONS 3922 EXIST::FUNCTION: +OCSP_sendreq_nbio 3923 EXIST::FUNCTION: +OCSP_sendreq_new 3924 EXIST::FUNCTION: +d2i_X509_EXTENSIONS 3925 EXIST::FUNCTION: +X509_ALGORS_it 3926 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_ALGORS_it 3926 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_ALGOR_get0 3927 EXIST::FUNCTION: +X509_ALGOR_set0 3928 EXIST::FUNCTION: +AES_unwrap_key 3929 EXIST::FUNCTION:AES +AES_wrap_key 3930 EXIST::FUNCTION:AES +X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION: +ASN1_TYPE_set1 3932 EXIST::FUNCTION: +ASN1_STRING_set0 3933 EXIST::FUNCTION: +i2d_X509_ALGORS 3934 EXIST::FUNCTION: +BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION: +COMP_zlib_cleanup 3936 EXIST::FUNCTION: +d2i_X509_ALGORS 3937 EXIST::FUNCTION: +CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS +PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS +CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS +ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS +CMS_sign_receipt 3943 EXIST::FUNCTION:CMS +i2d_CMS_ContentInfo 3944 EXIST::FUNCTION:CMS +CMS_signed_delete_attr 3945 EXIST::FUNCTION:CMS +d2i_CMS_bio 3946 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_by_NID 3947 EXIST::FUNCTION:CMS +CMS_verify 3948 EXIST::FUNCTION:CMS +SMIME_read_CMS 3949 EXIST::FUNCTION:CMS +CMS_decrypt_set1_key 3950 EXIST::FUNCTION:CMS +CMS_SignerInfo_get0_algs 3951 EXIST::FUNCTION:CMS +CMS_add1_cert 3952 EXIST::FUNCTION:CMS +CMS_set_detached 3953 EXIST::FUNCTION:CMS +CMS_encrypt 3954 EXIST::FUNCTION:CMS +CMS_EnvelopedData_create 3955 EXIST::FUNCTION:CMS +CMS_uncompress 3956 EXIST::FUNCTION:CMS +CMS_add0_crl 3957 EXIST::FUNCTION:CMS +CMS_SignerInfo_verify_content 3958 EXIST::FUNCTION:CMS +CMS_unsigned_get0_data_by_OBJ 3959 EXIST::FUNCTION:CMS +PEM_write_bio_CMS 3960 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr 3961 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_cert_cmp 3962 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_get0_algs 3963 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_ktri_get0_algs 3963 EXIST:VMS:FUNCTION:CMS +CMS_ContentInfo_free 3964 EXIST::FUNCTION:CMS +CMS_final 3965 EXIST::FUNCTION:CMS +CMS_add_simple_smimecap 3966 EXIST::FUNCTION:CMS +CMS_SignerInfo_verify 3967 EXIST::FUNCTION:CMS +CMS_data 3968 EXIST::FUNCTION:CMS +CMS_ContentInfo_it 3969 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS +CMS_ContentInfo_it 3969 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +d2i_CMS_ReceiptRequest 3970 EXIST::FUNCTION:CMS +CMS_compress 3971 EXIST::FUNCTION:CMS +CMS_digest_create 3972 EXIST::FUNCTION:CMS +CMS_SignerInfo_cert_cmp 3973 EXIST::FUNCTION:CMS +CMS_SignerInfo_sign 3974 EXIST::FUNCTION:CMS +CMS_data_create 3975 EXIST::FUNCTION:CMS +i2d_CMS_bio 3976 EXIST::FUNCTION:CMS +CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS +CMS_decrypt 3978 EXIST::FUNCTION:CMS +int_smime_write_ASN1 3979 EXIST::FUNCTION: +CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS +CMS_add_smimecap 3982 EXIST::FUNCTION:CMS +PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS +CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS +d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS +CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS +CMS_ContentInfo_new 3987 EXIST::FUNCTION:CMS +CMS_RecipientInfo_type 3988 EXIST::FUNCTION:CMS +CMS_get0_type 3989 EXIST::FUNCTION:CMS +CMS_is_detached 3990 EXIST::FUNCTION:CMS +CMS_sign 3991 EXIST::FUNCTION:CMS +CMS_signed_add1_attr 3992 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_by_OBJ 3993 EXIST::FUNCTION:CMS +SMIME_write_CMS 3994 EXIST::FUNCTION:CMS +CMS_EncryptedData_decrypt 3995 EXIST::FUNCTION:CMS +CMS_get0_RecipientInfos 3996 EXIST::FUNCTION:CMS +CMS_add0_RevocationInfoChoice 3997 EXIST::FUNCTION:CMS +CMS_decrypt_set1_pkey 3998 EXIST::FUNCTION:CMS +CMS_SignerInfo_set1_signer_cert 3999 EXIST::FUNCTION:CMS +CMS_get0_signers 4000 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_get0_values 4001 EXIST::FUNCTION:CMS +CMS_signed_get0_data_by_OBJ 4002 EXIST::FUNCTION:CMS +CMS_get0_SignerInfos 4003 EXIST::FUNCTION:CMS +CMS_add0_cert 4004 EXIST::FUNCTION:CMS +CMS_EncryptedData_encrypt 4005 EXIST::FUNCTION:CMS +CMS_digest_verify 4006 EXIST::FUNCTION:CMS +CMS_set1_signers_certs 4007 EXIST::FUNCTION:CMS +CMS_signed_get_attr 4008 EXIST::FUNCTION:CMS +CMS_RecipientInfo_set0_key 4009 EXIST::FUNCTION:CMS +CMS_SignedData_init 4010 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kekri_get0_id 4011 EXIST::FUNCTION:CMS +CMS_verify_receipt 4012 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_it 4013 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS +CMS_ReceiptRequest_it 4013 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +PEM_read_bio_CMS 4014 EXIST::FUNCTION:CMS +CMS_get1_crls 4015 EXIST::FUNCTION:CMS +CMS_add0_recipient_key 4016 EXIST::FUNCTION:CMS +SMIME_read_ASN1 4017 EXIST::FUNCTION: +CMS_ReceiptRequest_new 4018 EXIST::FUNCTION:CMS +CMS_get0_content 4019 EXIST::FUNCTION:CMS +CMS_get1_ReceiptRequest 4020 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_OBJ 4021 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kekri_id_cmp 4022 EXIST::FUNCTION:CMS +CMS_add1_ReceiptRequest 4023 EXIST::FUNCTION:CMS +CMS_SignerInfo_get0_signer_id 4024 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_NID 4025 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr 4026 EXIST::FUNCTION:CMS +CMS_signed_get_attr_by_NID 4027 EXIST::FUNCTION:CMS +CMS_get1_certs 4028 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_NID 4029 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_txt 4030 EXIST::FUNCTION:CMS +CMS_dataFinal 4031 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_get0_signer_id 4032 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_ktri_get0_sigr_id 4032 EXIST:VMS:FUNCTION:CMS +i2d_CMS_ReceiptRequest 4033 EXIST::FUNCTION:CMS +CMS_add1_recipient_cert 4034 EXIST::FUNCTION:CMS +CMS_dataInit 4035 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_txt 4036 EXIST::FUNCTION:CMS +CMS_RecipientInfo_decrypt 4037 EXIST::FUNCTION:CMS +CMS_signed_get_attr_count 4038 EXIST::FUNCTION:CMS +CMS_get0_eContentType 4039 EXIST::FUNCTION:CMS +CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS +CMS_add1_signer 4042 EXIST::FUNCTION:CMS +CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS +ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE +ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE +ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE +OPENSSL_isservice 4048 EXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION: +FIPS_rand_status 4051 NOEXIST::FUNCTION: +FIPS_rand_set_key 4052 NOEXIST::FUNCTION: +CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: +int_ERR_set_state_func 4055 NOEXIST::FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: +int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: +FIPS_rng_stick 4058 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: +FIPS_selftest_check 4061 NOEXIST::FUNCTION: +FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: +CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: +FIPS_dsa_free 4064 NOEXIST::FUNCTION: +RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: +FIPS_rsa_new 4066 NOEXIST::FUNCTION: +FIPS_rand_bytes 4067 NOEXIST::FUNCTION: +fips_cipher_test 4068 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: +FIPS_dh_new 4073 NOEXIST::FUNCTION: +FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: +FIPS_dh_free 4075 NOEXIST::FUNCTION: +fips_pkey_signature_test 4076 NOEXIST::FUNCTION: +EVP_add_alg_module 4077 NOEXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: +int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: +int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: +FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: +FIPS_rand_reset 4082 NOEXIST::FUNCTION: +FIPS_dsa_new 4083 NOEXIST::FUNCTION: +int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: +BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: +int_ERR_lib_init 4086 NOEXIST::FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: +FIPS_rsa_free 4088 NOEXIST::FUNCTION: +FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: +CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: +OPENSSL_init 4091 NOEXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 863e5e40f6f95..7ba804ce33ac1 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -42,6 +42,7 @@ $infile="MINFO"; "FreeBSD","FreeBSD distribution", "OS2-EMX", "EMX GCC OS/2", "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets", + "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets", "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets", "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets", "default","cc under unix", @@ -63,7 +64,7 @@ and [options] can be one of no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest no-ripemd no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher - no-bf no-cast no-aes no-camellia + no-bf no-cast no-aes no-camellia no-seed no-rsa no-dsa no-dh - Skip this public key cipher no-ssl2 no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest @@ -76,7 +77,7 @@ and [options] can be one of no-hw - No hw nasm - Use NASM for x86 asm nw-nasm - Use NASM x86 asm for NetWare - nw-mwasm - Use Metrowerks x86 asm for NetWare + nw-mwasm - Use Metrowerks x86 asm for NetWare gaswin - Use GNU as with Mingw32 no-socks - No socket code no-err - No error strings @@ -173,10 +174,10 @@ elsif ($platform eq "OS2-EMX") require 'OS2-EMX.pl'; } elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") || - ($platform eq "netware-libc-bsdsock")) + ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock")) { $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock"; - $BSDSOCK=1 if $platform eq "netware-libc-bsdsock"; + $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock"); require 'netware.pl'; } else @@ -198,6 +199,7 @@ $cflags= "$xcflags$cflags" if $xcflags ne ""; $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; $cflags.=" -DOPENSSL_NO_AES" if $no_aes; $cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia; +$cflags.=" -DOPENSSL_NO_SEED" if $no_seed; $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; $cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; @@ -217,6 +219,9 @@ $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; +$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; +$cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; @@ -331,24 +336,24 @@ close(IN); if ($shlib) { $extra_install= <<"EOF"; - \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}bin - \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}bin - \$(CP) \$(L_SSL) \$(INSTALLTOP)${o}lib - \$(CP) \$(L_CRYPTO) \$(INSTALLTOP)${o}lib + \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF if ($no_static_engine) { $extra_install .= <<"EOF" - \$(MKDIR) \$(INSTALLTOP)${o}lib${o}engines - \$(CP) \$(E_SHLIB) \$(INSTALLTOP)${o}lib${o}engines + \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\" + \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\" EOF } } else { $extra_install= <<"EOF"; - \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib - \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib + \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF $ex_libs .= " $zlib_lib" if $zlib_opt == 1; } @@ -394,6 +399,8 @@ LINK=$link LFLAGS=$lflags RSC=$rsc +AES_ASM_OBJ=$aes_asm_obj +AES_ASM_SRC=$aes_asm_src BN_ASM_OBJ=$bn_asm_obj BN_ASM_SRC=$bn_asm_src BNCO_ASM_OBJ=$bnco_asm_obj @@ -488,7 +495,7 @@ banner: $banner \$(TMP_D): - \$(MKDIR) \$(TMP_D) + \$(MKDIR) \"\$(TMP_D)\" # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different #\$(BIN_D): # \$(MKDIR) \$(BIN_D) @@ -497,13 +504,13 @@ $banner # \$(MKDIR) \$(TEST_D) \$(LIB_D): - \$(MKDIR) \$(LIB_D) + \$(MKDIR) \"\$(LIB_D)\" \$(INCO_D): \$(INC_D) - \$(MKDIR) \$(INCO_D) + \$(MKDIR) \"\$(INCO_D)\" \$(INC_D): - \$(MKDIR) \$(INC_D) + \$(MKDIR) \"\$(INC_D)\" headers: \$(HEADER) \$(EXHEADER) @ @@ -513,14 +520,14 @@ lib: \$(LIBS_DEP) \$(E_SHLIB) exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep install: all - \$(MKDIR) \$(INSTALLTOP) - \$(MKDIR) \$(INSTALLTOP)${o}bin - \$(MKDIR) \$(INSTALLTOP)${o}include - \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl - \$(MKDIR) \$(INSTALLTOP)${o}lib - \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl - \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin - \$(CP) apps${o}openssl.cnf \$(INSTALLTOP) + \$(MKDIR) \"\$(INSTALLTOP)\" + \$(MKDIR) \"\$(INSTALLTOP)${o}bin\" + \$(MKDIR) \"\$(INSTALLTOP)${o}include\" + \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\" $extra_install @@ -607,7 +614,12 @@ foreach (values %lib_nam) $rules.="\$(O_SSL):\n\n"; next; } - + if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) { $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; @@ -730,6 +742,7 @@ sub var_add return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_camellia && $dir =~ /\/camellia/; + return("") if $no_seed && $dir =~ /\/seed/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; return("") if $no_rc5 && $dir =~ /\/rc5/; @@ -738,6 +751,7 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_cms && $dir =~ /\/cms/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -764,6 +778,7 @@ sub var_add @a=grep(!/^e_.*_c$/,@a) if $no_cast; @a=grep(!/^e_rc4$/,@a) if $no_rc4; @a=grep(!/^e_camellia$/,@a) if $no_camellia; + @a=grep(!/^e_seed$/,@a) if $no_seed; @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @@ -847,6 +862,7 @@ sub do_defs elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } + elsif ($_ =~ /AES_ASM/){ $t="$_ "; } elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; } else { $t="$location${o}$_$pf "; } @@ -957,7 +973,7 @@ sub do_copy_rule if ($n =~ /bss_file/) { $pp=".c"; } else { $pp=$p; } - $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n"; + $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n"; } return($ret); } @@ -976,6 +992,7 @@ sub read_options "no-idea" => \$no_idea, "no-aes" => \$no_aes, "no-camellia" => \$no_camellia, + "no-seed" => \$no_seed, "no-des" => \$no_des, "no-bf" => \$no_bf, "no-cast" => \$no_cast, @@ -992,8 +1009,6 @@ sub read_options "no-dsa" => \$no_dsa, "no-dh" => \$no_dh, "no-hmac" => \$no_hmac, - "no-aes" => \$no_aes, - "no-camellia" => \$no_camellia, "no-asm" => \$no_asm, "nasm" => \$nasm, "nw-nasm" => \$nw_nasm, @@ -1001,6 +1016,9 @@ sub read_options "gaswin" => \$gaswin, "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, + "no-tlsext" => \$no_tlsext, + "no-cms" => \$no_cms, + "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, @@ -1013,7 +1031,7 @@ sub read_options [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes, \$no_camellia], + \$no_aes, \$no_camellia, \$no_seed], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, @@ -1023,6 +1041,7 @@ sub read_options "shared" => 0, "no-gmp" => 0, "no-rfc3779" => 0, + "no-montasm" => 0, "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, @@ -1083,7 +1102,7 @@ sub read_options } } } - elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } + elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) { $c_flags.="$_ "; } diff --git a/util/mkdef.pl b/util/mkdef.pl index 352932f349d80..8ecfde1848a7d 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -79,12 +79,12 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", + "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", # Helper "algorithms" @@ -96,6 +96,12 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "STATIC_ENGINE", "ENGINE", "HW", "GMP", # RFC3779 support "RFC3779", + # TLS extension support + "TLSEXT", + # CMS + "CMS", + # CryptoAPI Engine + "CAPIENG", # Deprecated functions "DEPRECATED" ); @@ -114,8 +120,9 @@ my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; +my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; foreach (@ARGV, split(/ /, $options)) @@ -137,6 +144,11 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + if ($_ eq "zlib" || $_ eq "zlib-dynamic" + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; + } + $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { @@ -179,6 +191,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-camellia$/) { $no_camellia=1; } + elsif (/^no-seed$/) { $no_seed=1; } elsif (/^no-evp$/) { $no_evp=1; } elsif (/^no-lhash$/) { $no_lhash=1; } elsif (/^no-stack$/) { $no_stack=1; } @@ -193,6 +206,9 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } + elsif (/^no-tlsext$/) { $no_tlsext=1; } + elsif (/^no-cms$/) { $no_cms=1; } + elsif (/^no-capieng$/) { $no_capieng=1; } } @@ -228,6 +244,7 @@ $max_crypto = $max_num; my $ssl="ssl/ssl.h"; $ssl.=" ssl/kssl.h"; +$ssl.=" ssl/tls1.h"; my $crypto ="crypto/crypto.h"; $crypto.=" crypto/o_dir.h"; @@ -246,6 +263,7 @@ $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; $crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia; +$crypto.=" crypto/seed/seed.h"; # unless $no_seed; $crypto.=" crypto/bn/bn.h"; $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; @@ -286,6 +304,7 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; $crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; +$crypto.=" crypto/cms/cms.h"; my $symhacks="crypto/symhacks.h"; @@ -1071,6 +1090,7 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { # algorithms @@ -1096,6 +1116,7 @@ sub is_valid if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } + if ($keyword eq "SEED" && $no_seed) { return 0; } if ($keyword eq "EVP" && $no_evp) { return 0; } if ($keyword eq "LHASH" && $no_lhash) { return 0; } if ($keyword eq "STACK" && $no_stack) { return 0; } @@ -1111,6 +1132,9 @@ sub is_valid if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } + if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } + if ($keyword eq "CMS" && $no_cms) { return 0; } + if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true @@ -1214,8 +1238,6 @@ EOO LIBRARY $libname $liboptions -DESCRIPTION '$description' - EOF if ($W16) { diff --git a/util/mkerr.pl b/util/mkerr.pl index fac7125ff3f1f..53e14ab4df93f 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -312,7 +312,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -486,7 +486,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/util/mkfiles.pl b/util/mkfiles.pl index f55d5b695bc71..1282392feae3b 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -25,6 +25,7 @@ my @dirs = ( "crypto/cast", "crypto/aes", "crypto/camellia", +"crypto/seed", "crypto/bn", "crypto/rsa", "crypto/dsa", @@ -56,6 +57,7 @@ my @dirs = ( "crypto/krb5", "crypto/store", "crypto/pqueue", +"crypto/cms", "ssl", "apps", "engines", diff --git a/util/opensslwrap.sh b/util/opensslwrap.sh index 91d29e2b870a2..b27cbb897fd49 100755 --- a/util/opensslwrap.sh +++ b/util/opensslwrap.sh @@ -3,6 +3,10 @@ HERE="`echo $0 | sed -e 's|[^/]*$||'`" OPENSSL="${HERE}../apps/openssl" +if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then + OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES +fi + if [ -x "${OPENSSL}.exe" ]; then # The original reason for this script existence is to work around # certain caveats in run-time linker behaviour. On Windows platforms diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 81e92f0ad4266..1e254119e6a55 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -31,8 +31,10 @@ if ($FLAVOR =~ /WIN64/) $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - $opt_cflags=' /MD /Ox'; - $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG'; + my $f = $shlib?' /MD':' /MT'; + $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib + $opt_cflags=$f.' /Ox'; + $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; } elsif ($FLAVOR =~ /CE/) @@ -94,8 +96,10 @@ else # Win32 $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - $opt_cflags=' /MD /Ox /O2 /Ob2'; - $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG'; + my $f = $shlib?' /MD':' /MT'; + $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib + $opt_cflags=$f.' /Ox /O2 /Ob2'; + $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; } $mlflags=''; @@ -134,7 +138,7 @@ if ($FLAVOR =~ /CE/) } else { - $ex_libs.=' gdi32.lib advapi32.lib user32.lib'; + $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib'; $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } @@ -156,7 +160,10 @@ $lfile='/out:'; $shlib_ex_obj=""; $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/); if ($nasm) { - $asm='nasmw -f win32'; + my $ver=`nasm -v 2>NUL`; + my $vew=`nasmw -v 2>NUL`; + # pick newest version + $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; $afile='-o '; } else { $asm='ml /Cp /coff /c /Cx'; @@ -173,8 +180,12 @@ $bf_enc_src=''; if (!$no_asm) { + $aes_asm_obj='crypto\aes\asm\a_win32.obj'; + $aes_asm_src='crypto\aes\asm\a_win32.asm'; $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; + $bnco_asm_src='crypto\bn\asm\co_win32.asm'; $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; $bf_enc_obj='crypto\bf\asm\b_win32.obj'; @@ -187,17 +198,18 @@ if (!$no_asm) $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; $md5_asm_src='crypto\md5\asm\m5_win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm'; $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cpuid_asm_obj='crypto\cpu_win32.obj'; + $cpuid_asm_src='crypto\cpu_win32.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; -# $cflags =~ s| /MD| /MT|; $lib_cflag=" -D_WINDLL"; $out_def="out32dll"; $tmp_def="tmp32dll"; @@ -247,7 +259,6 @@ sub do_lib_rule $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } - # $target="\$(LIB_D)$o$target"; $ret.="$target: $objs\n"; if (!$shlib) @@ -262,6 +273,10 @@ sub do_lib_rule if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); + if ($target =~ /capi/) + { + $ex.=' crypt32.lib advapi32.lib'; + } } elsif ($FLAVOR =~ /CE/) { @@ -271,11 +286,12 @@ sub do_lib_rule { $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; + $ex.=' crypt32.lib'; $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;2\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; return($ret); @@ -291,7 +307,7 @@ sub do_link_rule $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;1\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } diff --git a/util/pl/netware.pl b/util/pl/netware.pl index c05789b22f9ae..173c9919f24d6 100644 --- a/util/pl/netware.pl +++ b/util/pl/netware.pl @@ -1,26 +1,74 @@ -# Metrowerks Codewarrior for NetWare +# Metrowerks Codewarrior or gcc / nlmconv for NetWare # +$version_header = "crypto/opensslv.h"; +open(IN, "$version_header") or die "Couldn't open $version_header: $!"; +while () { + if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/) + { + # die "OpenSSL version detected: $1.$2.$3.$4\n"; + #$nlmvernum = "$1,$2,$3"; + $nlmvernum = "$1,".($2*10+$3).",".($4*1); + #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):""); + break; + } +} +close(IN) or die "Couldn't close $version_header: $!"; + +$readme_file = "README"; +open(IN, $readme_file) or die "Couldn't open $readme_file: $!"; +while () { + if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/) + { + #$nlmvernum = "$1,$2,$3"; + #$nlmvernum = "$1,".($2*10+$3).",".($4*1); + $nlmverstr = "$1.$2.$3$4$5"; + } + elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/) + { + $nlmcpystr = $1; + } + break if ($nlmvernum && $nlmcpystr); +} +close(IN) or die "Couldn't close $readme_file: $!"; + +# Define stacksize here +$nlmstack = "32768"; + +# some default settings here in case we failed to find them in README +$nlmvernum = "1,0,0" if (!$nlmvernum); +$nlmverstr = "OpenSSL" if (!$nlmverstr); +$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr); + +# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n"; + # The import files and other misc imports needed to link -@misc_imports = ("GetProcessSwitchCount", "RunningProcess", +@misc_imports = ("GetProcessSwitchCount", "RunningProcess", "GetSuperHighResolutionTimer"); if ($LIBC) { @import_files = ("libc.imp"); @module_files = ("libc"); + $libarch = "LIBC"; } else { # clib build @import_files = ("clib.imp"); + push(@import_files, "socklib.imp") if ($BSDSOCK); @module_files = ("clib"); - push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16"); + # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16"); + $libarch = "CLIB"; } -if (!$BSDSOCK) +if ($BSDSOCK) +{ + $libarch .= "-BSD"; +} +else { + $libarch .= "-WS2"; push(@import_files, "ws2nlm.imp"); } - # The "IMPORTS" environment variable must be set and point to the location # where import files (*.imp) can be found. @@ -33,30 +81,68 @@ $import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n") # Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj $prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n"); -#$ssl= "ssleay32"; -#$crypto="libeay32"; - -$o='\\\\'; -$cp='copy >nul:'; -$rm='del'; +# The "INCLUDES" environment variable must be set and point to the location +# where import files (*.imp) can be found. +$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n"); +$include_path =~ s/\\/\//g; +$include_path = join(" -I", split(/;/, $include_path)); -# C compiler -$cc="mwccnlm"; +# check for gcc compiler +$gnuc = $ENV{"GNUC"}; -# Linker -$link="mwldnlm"; +#$ssl= "ssleay32"; +#$crypto="libeay32"; -# librarian -$mklib="mwldnlm"; +if ($gnuc) +{ + # C compiler + $cc='gcc'; + # Linker + $link='nlmconv'; + # librarian + $mklib='ar'; + $o='/'; + # cp command + $cp='cp -af'; + # rm command + $rm='rm -f'; + # mv command + $mv='mv -f'; + # mkdir command + $mkdir='gmkdir'; + #$ranlib='ranlib'; +} +else +{ + # C compiler + $cc='mwccnlm'; + # Linker + $link='mwldnlm'; + # librarian + $mklib='mwldnlm'; + # Path separator + $o='\\'; + # cp command + $cp='copy >nul:'; + # rm command + $rm='del /f /q'; +} -# assembler -if ($nw_nasm) +# assembler +if ($nw_nasm) { - $asm="nasmw -s -f coff"; + if ($gnuc) + { + $asm="nasmw -s -f elf"; + } + else + { + $asm="nasmw -s -f coff"; + } $afile="-o "; $asm.=" -g" if $debug; } -elsif ($nw_mwasm) +elsif ($nw_mwasm) { $asm="mwasmnlm -maxerrors 20"; $afile="-o "; @@ -64,14 +150,14 @@ elsif ($nw_mwasm) } elsif ($nw_masm) { -# masm assembly settings - it should be possible to use masm but haven't +# masm assembly settings - it should be possible to use masm but haven't # got it working. # $asm='ml /Cp /coff /c /Cx'; # $asm.=" /Zi" if $debug; # $afile='/Fo'; die("Support for masm assembler not yet functional\n"); } -else +else { $asm=""; $afile=""; @@ -79,59 +165,89 @@ else -# compile flags -# -# NOTES: Several c files in the crypto subdirectory include headers from -# their local directories. Metrowerks wouldn't find these h files -# without adding individual include directives as compile flags -# or modifying the c files. Instead of adding individual include -# paths for each subdirectory a recursive include directive -# is used ( -ir crypto ). -# -# A similar issue exists for the engines and apps subdirectories. -# -# Turned off the "possible" warnings ( -w nopossible ). Metrowerks -# complained a lot about various stuff. May want to turn back -# on for further development. -$cflags="-ir crypto -ir engines -ir apps -msgstyle gcc -align 4 -processor pentium \\ - -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\ - -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\ - -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 "; - -# link flags -$lflags="-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal "; - - -# additional flags based upon debug | non-debug -if ($debug) +if ($gnuc) { - $cflags.=" -opt off -g -sym internal -DDEBUG"; + # compile flags for GNUC + # additional flags based upon debug | non-debug + if ($debug) + { + $cflags="-g -DDEBUG"; + } + else + { + $cflags="-O2"; + } + $cflags.=" -nostdinc -I$include_path \\ + -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\ + -funsigned-char -Wall -Wno-unused -Wno-uninitialized"; + + # link flags + $lflags="-T"; } else { -# CodeWarrior compiler has a problem with optimizations for floating -# points - no optimizations until further investigation -# $cflags.=" -opt all"; + # compile flags for CodeWarrior + # additional flags based upon debug | non-debug + if ($debug) + { + $cflags="-opt off -g -sym internal -DDEBUG"; + } + else + { + # CodeWarrior compiler has a problem with optimizations for floating + # points - no optimizations until further investigation + # $cflags="-opt all"; + } + + # NOTES: Several c files in the crypto subdirectory include headers from + # their local directories. Metrowerks wouldn't find these h files + # without adding individual include directives as compile flags + # or modifying the c files. Instead of adding individual include + # paths for each subdirectory a recursive include directive + # is used ( -ir crypto ). + # + # A similar issue exists for the engines and apps subdirectories. + # + # Turned off the "possible" warnings ( -w nopossible ). Metrowerks + # complained a lot about various stuff. May want to turn back + # on for further development. + $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + -msgstyle gcc -align 4 -processor pentium -char unsigned \\ + -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ + -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20"; + + # link flags + $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile"; } +# common defines +$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32"; + # If LibC build add in NKS_LIBC define and set the entry/exit # routines - The default entry/exit routines are for CLib and don't exist # in LibC if ($LIBC) { $cflags.=" -DNETWARE_LIBC"; - $lflags.=" -entry _LibCPrelude -exit _LibCPostlude -flags pseudopreemption"; + $nlmstart = "_LibCPrelude"; + $nlmexit = "_LibCPostlude"; + @nlm_flags = ("pseudopreemption", "flag_on 64"); } else { $cflags.=" -DNETWARE_CLIB"; - $lflags.=" -entry _Prelude -exit _Stop"; + $nlmstart = "_Prelude"; + $nlmexit = "_Stop"; } # If BSD Socket support is requested, set a define for the compiler if ($BSDSOCK) { $cflags.=" -DNETWARE_BSDSOCK"; + if (!$LIBC) + { + $cflags.=" -DNETDB_USE_INTERNET"; + } } @@ -154,16 +270,25 @@ if ($shlib) } else { - $libp=".lib"; - $shlibp=".lib"; - $lib_flags="-nodefaults -type library"; + if ($gnuc) # GNUC Tools + { + $libp=".a"; + $shlibp=".a"; + $lib_flags="-cr"; + } + else # CodeWarrior + { + $libp=".lib"; + $shlibp=".lib"; + $lib_flags="-nodefaults -type library -o"; + } if ($LIBC) { $out_def.="_nw_libc"; $tmp_def.="_nw_libc"; $inc_def.="_nw_libc"; } - else # NETWARE_CLIB + else # NETWARE_CLIB { $out_def.="_nw_clib"; $tmp_def.="_nw_clib"; @@ -172,7 +297,7 @@ else } # used by mk1mf.pl -$obj='.obj'; +$obj='.o'; $ofile='-o '; $efile=''; $exep='.nlm'; @@ -180,30 +305,41 @@ $ex_libs=''; if (!$no_asm) { - $bn_asm_obj="crypto${o}bn${o}asm${o}bn-nw.obj"; + $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}"; $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm"; - $des_enc_obj="crypto${o}des${o}asm${o}d-nw.obj crypto${o}des${o}asm${o}y-nw.obj"; + $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}"; + $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm"; + $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}"; + $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm"; + $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}"; $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm"; - $bf_enc_obj="crypto${o}bf${o}asm${o}b-nw.obj"; + $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}"; $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm"; - $cast_enc_obj="crypto${o}cast${o}asm${o}c-nw.obj"; + $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}"; $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm"; - $rc4_enc_obj="crypto${o}rc4${o}asm${o}r4-nw.obj"; + $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}"; $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm"; - $rc5_enc_obj="crypto${o}rc5${o}asm${o}r5-nw.obj"; + $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}"; $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; - $md5_asm_obj="crypto${o}md5${o}asm${o}m5-nw.obj"; + $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}"; $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; - $sha1_asm_obj="crypto${o}sha${o}asm${o}s1-nw.obj"; + $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}"; $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; - $rmd160_asm_obj="crypto${o}ripemd${o}asm${o}rm-nw.obj"; + $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}"; $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}"; + $cpuid_asm_src="crypto${o}x86cpuid-nw.asm"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DAES_ASM -DRMD160_ASM"; } else { $bn_asm_obj=''; $bn_asm_src=''; + $bnco_asm_obj=''; + $bnco_asm_src=''; + $aes_asm_obj=''; + $aes_asm_src=''; $des_enc_obj=''; $des_enc_src=''; $bf_enc_obj=''; @@ -220,15 +356,15 @@ else $sha1_asm_src=''; $rmd160_asm_obj=''; $rmd160_asm_src=''; + $cpuid_asm_obj=''; + $cpuid_asm_src=''; } # create the *.def linker command files in \openssl\netware\ directory sub do_def_file { # strip off the leading path - my($target) = bname(@_); - my($def_file); - my($mod_file); + my($target) = bname(shift); my($i); if ($target =~ /(.*).nlm/) @@ -239,35 +375,72 @@ sub do_def_file # special case for openssl - the mk1mf.pl defines E_EXE = openssl if ($target =~ /E_EXE/) { - $target = "openssl"; + $target =~ s/\$\(E_EXE\)/openssl/; } # Note: originally tried to use full path ( \openssl\netware\$target.def ) # Metrowerks linker choked on this with an assertion failure. bug??? # - $def_file = "netware\\$target.def"; + my($def_file) = "netware${o}$target.def"; open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n"); - print( DEF_OUT "# command file generated by netware.pl for Metrowerks build\n" ); + print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" ); + print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" ); print( DEF_OUT "#\n"); - print( DEF_OUT "DESCRIPTION \"$target\"\n"); - + print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n"); + print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n"); + print( DEF_OUT "VERSION $nlmvernum\n"); + print( DEF_OUT "STACK $nlmstack\n"); + print( DEF_OUT "START $nlmstart\n"); + print( DEF_OUT "EXIT $nlmexit\n"); + + # special case for openssl + if ($target eq "openssl") + { + print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n"); + } + else + { + print( DEF_OUT "SCREENNAME \"DEFAULT\"\n"); + } + foreach $i (@misc_imports) { print( DEF_OUT "IMPORT $i\n"); } - + foreach $i (@import_files) { - print( DEF_OUT "IMPORT \@$import_path\\$i\n"); + print( DEF_OUT "IMPORT \@$import_path${o}$i\n"); } - + foreach $i (@module_files) { print( DEF_OUT "MODULE $i\n"); } + foreach $i (@nlm_flags) + { + print( DEF_OUT "$i\n"); + } + + if ($gnuc) + { + if ($target =~ /openssl/) + { + print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n"); + print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n"); + } + else + { + print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n"); + } + print( DEF_OUT "INPUT $prelude\n"); + print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n"); + print( DEF_OUT "OUTPUT $target.nlm\n"); + } + close(DEF_OUT); return($def_file); } @@ -281,7 +454,7 @@ sub do_lib_rule if (!$shlib) { $ret.="\t\@echo Building Lib: $name\n"; - $ret.="\t\$(MKLIB) $lib_flags -o $target $objs\n"; + $ret.="\t\$(MKLIB) $lib_flags $target $objs\n"; $ret.="\t\@echo .\n" } else @@ -297,17 +470,15 @@ sub do_link_rule { my($target,$files,$dep_libs,$libs)=@_; my($ret); - my($def_file); - - $def_file = do_def_file($target); + my($def_file) = do_def_file($target); - # special case for openssl - the mk1mf.pl defines E_EXE = openssl + $ret.="$target: $files $dep_libs\n"; # NOTE: When building the test nlms no screen name is given # which causes the console screen to be used. By using the console # screen there is no "" message which - # requires user interaction. The test script ( tests.pl ) needs to be - # able to run the tests without requiring user interaction. + # requires user interaction. The test script ( do_tests.pl ) needs + # to be able to run the tests without requiring user interaction. # # However, the sample program "openssl.nlm" is used by the tests and is # a interactive sample so a screen is desired when not be run by the @@ -315,27 +486,41 @@ sub do_link_rule # openssl2 - no screen used by tests # openssl - default screen - use for normal interactive modes # + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl if ($target =~ /E_EXE/) { my($target2) = $target; $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/; - $ret.="$target: $files $dep_libs\n"; - - # openssl - $ret.="\t\$(LINK) \$(LFLAGS) -screenname openssl -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; - # openssl2 - $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target2\n"; + # openssl2 + my($def_file2) = do_def_file($target2); + + if ($gnuc) + { + $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n"; + $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n"; + } + } + if ($gnuc) + { + $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n"; + $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n"; } else { - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n"; } $ret.="\n"; return($ret); + } 1; diff --git a/util/shlib_wrap.sh b/util/shlib_wrap.sh index dc5f5b1ce4802..a2f62d696fac4 100755 --- a/util/shlib_wrap.sh +++ b/util/shlib_wrap.sh @@ -22,19 +22,39 @@ SunOS|IRIX*) # variables depending on target ABI... rld_var=LD_LIBRARY_PATH case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in - *ELF\ 64*SPARC*) + *ELF\ 64*SPARC*|*ELF\ 64*AMD64*) [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64 + LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64 + preload_var=LD_PRELOAD_64 + ;; + # Why are newly built .so's preloaded anyway? Because run-time + # .so lookup path embedded into application takes precedence + # over LD_LIBRARY_PATH and as result application ends up linking + # to previously installed .so's. On IRIX instead of preloading + # newly built .so's we trick run-time linker to fail to find + # the installed .so by setting _RLD_ROOT variable. + *ELF\ 32*MIPS*) + #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST + _RLD_ROOT=/no/such/dir; export _RLD_ROOT + eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD_LIST ;; *ELF\ N32*MIPS*) [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH - _RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT + eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLDN32_LIST ;; *ELF\ 64*MIPS*) [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH - _RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT + eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD64_LIST ;; esac - eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var + eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var unset rld_var ;; *) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX @@ -52,7 +72,7 @@ SunOS|IRIX*) ;; esac -if [ -f "$LIBCRYPTOSO" ]; then +if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # Following three lines are major excuse for isolating them into # this wrapper script. Original reason for setting LD_PRELOAD # was to make it possible to pass 'make test' when user linked @@ -64,7 +84,8 @@ if [ -f "$LIBCRYPTOSO" ]; then *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX - export LD_PRELOAD _RLD_LIST + DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO" # MacOS X + export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi exec "$@" diff --git a/util/ssleay.num b/util/ssleay.num index b424aecc52c55..2055cc15975e6 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -238,3 +238,7 @@ SSL_CTX_set_info_callback 286 EXIST::FUNCTION: SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: +SSL_set_SSL_CTX 290 EXIST::FUNCTION: +SSL_get_servername 291 EXIST::FUNCTION:TLSEXT +SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE -- cgit v1.2.3